NSX-T Data Center Global Manager REST API
ALBEnforcementPointState (type)
{
"description": "Valid ENUM values for ALBEnforcementPointState",
"enum": [
"ACTIVATE",
"DEACTIVATE_PROVIDER",
"DEACTIVATE_API"
],
"id": "ALBEnforcementPointState",
"module_id": "PolicyEnforcementPointManagement",
"title": "Enforcement point state for ALB",
"type": "string"
}
ALGTypeServiceEntry (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ServiceEntry
},
"id": "ALGTypeServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ALGTypeServiceEntry"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alg": {
"description": "The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead.",
"enum": [
"ORACLE_TNS",
"FTP",
"SUN_RPC_TCP",
"SUN_RPC_UDP",
"MS_RPC_TCP",
"MS_RPC_UDP",
"NBNS_BROADCAST",
"NBDG_BROADCAST",
"TFTP"
],
"required": true,
"title": "The Application Layer Gateway (ALG) protocol",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_ports": {
"items": {
"$ref": "PortElement
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "The destination_port cannot be empty and must be a single value.",
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"IPProtocolServiceEntry",
"IGMPTypeServiceEntry",
"ICMPTypeServiceEntry",
"ALGTypeServiceEntry",
"L4PortSetServiceEntry",
"EtherTypeServiceEntry",
"NestedServiceServiceEntry"
],
"required": true,
"type": "string"
},
"source_ports": {
"items": {
"$ref": "PortElement
},
"maxItems": 15,
"required": false,
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "An ServiceEntry that represents an ALG protocol",
"type": "object"
}
AbstractSpace (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Represents the space in which the policy is being defined.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "AbstractSpace",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"connectivity_strategy": {
"deprecated": true,
"description": "The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use \"allow\" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use \"drop\" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelisting with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added.",
"enum": [
"WHITELIST",
"BLACKLIST",
"WHITELIST_ENABLE_LOGGING",
"BLACKLIST_ENABLE_LOGGING",
"NONE"
],
"required": false,
"title": "Connectivity strategy used by this tenant",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "The space in which policy is being defined",
"type": "object"
}
AcceptableComponentVersion (type)
{
"additionalProperties": false,
"extends": {
"$ref": "VersionList
},
"id": "AcceptableComponentVersion",
"module_id": "VersionWhitelist",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"acceptable_versions": {
"items": {
"type": "string"
},
"required": true,
"title": "List of component versions",
"type": "array"
},
"component_type": {
"enum": [
"HOST",
"EDGE",
"CCP",
"MP"
],
"required": true,
"title": "Node type",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
AcceptableComponentVersionList (type)
{
"additionalProperties": false,
"id": "AcceptableComponentVersionList",
"module_id": "VersionWhitelist",
"properties": {
"results": {
"items": {
"$ref": "AcceptableComponentVersion
},
"required": true,
"title": "Acceptable version whitelist for different components",
"type": "array"
}
},
"type": "object"
}
Action (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Reaction Action is the action to take when the stipulated criteria specified in the event exist over the source. Some example actions include: - Notify Admin (or VMC's SRE) via email. - Populate a specific label with the IPSec VPN Session. - Remove the IPSec VPN Session from a specific label.",
"id": "Action",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"description": "Reaction Action resource type.",
"enum": [
"PatchResources",
"SetFields"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Reaction Action",
"type": "object"
}
ActionRequest (type)
{
"additionalProperties": false,
"id": "ActionRequest",
"module_id": "PolicyConnectivity",
"properties": {
"action": {
"description": "Action required to be performed on intent",
"title": "Action to be performed",
"type": "string"
}
},
"title": "Action request object",
"type": "object"
}
ActionableResource (type)
{
"extends": {
"$ref": "ManagedResource
},
"id": "ActionableResource",
"module_id": "ClusterRestore",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_address": {
"format": "hostname-or-ip",
"required": false,
"title": "A resource reference on which actions can be performed",
"type": "string"
},
"ipv6_address": {
"description": "IPv6 address of the current node",
"format": "hostname-or-ip",
"required": false,
"title": "ipv6 address",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Resources managed during restore process",
"type": "object"
}
ActionableResourceListRequestParameters (type)
{
"extends": {
"$ref": "ListRequestParameters
},
"id": "ActionableResourceListRequestParameters",
"module_id": "ClusterRestore",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"instruction_id": {
"required": true,
"title": "Id of the instruction set whose instructions are to be returned",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
ActionableResourceListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ActionableResourceListResult",
"module_id": "ClusterRestore",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ActionableResource
},
"required": true,
"title": "List results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
ActiveDirectoryIdentitySource (type)
{
"description": "An identity source service that runs Microsoft Active Directory. The service allows selected user accounts defined in Active Directory to log into and access NSX-T.",
"extends": {
"$ref": "LdapIdentitySource
},
"id": "ActiveDirectoryIdentitySource",
"module_id": "LdapIdentitySources",
"polymorphic-type-descriptor": {
"type-identifier": "ActiveDirectoryIdentitySource"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alternative_domain_names": {
"description": "After parsing the \"user@domain\", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.",
"items": {
"type": "string"
},
"title": "Additional domains to be directed to this identity source",
"type": "array"
},
"base_dn": {
"description": "The subtree of the LDAP identity source to search when locating users and groups.",
"required": true,
"title": "DN of subtree for user and group searches",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"domain_name": {
"description": "The name of the authentication domain. When users log into NSX using an identity of the form \"user@domain\", NSX uses the domain portion to determine which LDAP identity source to use.",
"required": true,
"title": "Authentication domain name",
"type": "string"
},
"group_cache_ttl": {
"default": 60,
"description": "NSX keeps a cache of Active Directory group membership for groups that have a configured NSX role, in order to speed up authentication. The cache will be refreshed after the time-to-live has expired. Until the cache is refreshed, any new groups added to Active Directory will not be visible to NSX. By default, the cached is refreshed once per minute.",
"title": "Group cache time-to-live, in seconds",
"type": "int"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ldap_servers": {
"description": "The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.",
"items": {
"$ref": "IdentitySourceLdapServer
},
"maxItems": 3,
"title": "LDAP servers for this identity source",
"type": "array"
},
"resolve_nested_groups": {
"default": true,
"description": "If true, NSX will recursively find all groups that the user belongs to, even if the groups are nested. This can perform slowly for users who are in many deeply nested groups. You can disable this option to improve performance, but only the groups that directly contain the user will be considered for access control decisions.",
"title": "Resolve nested groups",
"type": "boolean"
},
"resource_type": {
"enum": [
"ActiveDirectoryIdentitySource",
"OpenLdapIdentitySource"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "An Active Directory identity source service",
"type": "object"
}
ActiveStandbySyncStatus (type)
{
"id": "ActiveStandbySyncStatus",
"module_id": "SiteManagerModule",
"properties": {
"description": {
"required": true,
"title": "Description of the status.",
"type": "string"
},
"full_sync_status": {
"$ref": "FullSyncStatus,
"required": true,
"title": "Status of full sync."
},
"is_data_consistent": {
"required": true,
"title": "Indicates whether the data is consistent. Always returned as true when queried on an active Global Manager node.",
"type": "boolean"
},
"percentage_completed": {
"required": false,
"title": "Percentage estimate of synchronization progress. Ranges from 0 to 100. This value is only returned when queried on an active Global Manager node.",
"type": "integer"
},
"remaining_entries_to_send": {
"required": false,
"title": "Number of entries pending synchronization. This value is only returned when queried on an active Global Manager node.",
"type": "integer"
},
"standby_site": {
"required": true,
"title": "Name of standby site.",
"type": "string"
},
"status": {
"enum": [
"UNAVAILABLE",
"ERROR",
"ONGOING",
"NOT_STARTED"
],
"required": true,
"title": "Status of synchronization between active and standby Global Manager nodes.",
"type": "string"
},
"sync_type": {
"enum": [
"UNAVAILABLE",
"DELTA_SYNC",
"FULL_SYNC"
],
"required": true,
"title": "Type of synchronization currently in effect between active and standby Global Manager nodes.",
"type": "string"
}
},
"type": "object"
}
AddClusterNodeVMInfo (type)
{
"description": "Contains a list of cluster node VM deployment requests and optionally a clustering configuration.",
"id": "AddClusterNodeVMInfo",
"module_id": "ClusterNodeVMDeployment",
"properties": {
"clustering_config": {
"$ref": "ClusteringConfig,
"deprecated": true,
"description": "This property is deprecated since ClusteringConfig is no longer needed for auto-installation and will be ignored if provided.",
"required": false,
"title": "Configuration for auto-clustering of VMs post-deployment"
},
"deployment_requests": {
"description": "Cluster node VM deployment requests to be deployed by the Manager.",
"items": {
"$ref": "ClusterNodeVMDeploymentRequest
},
"minItems": 1,
"required": true,
"title": "List of deployment requests",
"type": "array"
}
},
"title": "Info for AddClusterNodeVM",
"type": "object"
}
AddressBindingEntry (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "An address binding entry is a combination of the IP-MAC-VLAN binding for a logical port. The address bindings can be obtained via various methods like ARP snooping, DHCP snooping etc. or by user configuration.",
"id": "AddressBindingEntry",
"module_id": "LogicalPort",
"properties": {
"binding": {
"$ref": "PacketAddressClassifier,
"title": "Combination of IP-MAC-VLAN binding"
},
"binding_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp at which the binding was discovered via snooping or manually specified by the user",
"title": "Timestamp of binding"
},
"source": {
"$ref": "AddressBindingSource,
"default": "UNKNOWN",
"description": "Source from which the address binding entry was obtained",
"title": "Address binding source"
}
},
"title": "Combination of IP-MAC-VLAN binding",
"type": "object"
}
AddressBindingSource (type) (Deprecated)
{
"deprecated": true,
"enum": [
"INVALID",
"UNKNOWN",
"USER_DEFINED",
"ARP_SNOOPING",
"DHCP_SNOOPING",
"VM_TOOLS",
"ND_SNOOPING",
"DHCPV6_SNOOPING",
"VM_TOOLS_V6"
],
"id": "AddressBindingSource",
"module_id": "LogicalPort",
"title": "Source from which the address binding is obtained",
"type": "string"
}
AdvanceClusterRestoreInput (type)
{
"id": "AdvanceClusterRestoreInput",
"module_id": "ClusterRestore",
"properties": {
"id": {
"readonly": true,
"required": true,
"title": "Unique id of an instruction (as returned by the GET /restore/status\ncall) for which input is to be provided\n",
"type": "string"
},
"resources": {
"items": {
"$ref": "SelectableResourceReference
},
"required": true,
"title": "List of resources for which the instruction is applicable.",
"type": "array"
}
},
"type": "object"
}
AdvanceClusterRestoreRequest (type)
{
"id": "AdvanceClusterRestoreRequest",
"module_id": "ClusterRestore",
"properties": {
"data": {
"items": {
"$ref": "AdvanceClusterRestoreInput
},
"required": true,
"title": "List of instructions and their associated data",
"type": "array"
}
},
"type": "object"
}
AdvertisedNetworkCsvRecord (type)
{
"extends": {
"$ref": "CsvRecord
},
"id": "AdvertisedNetworkCsvRecord",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"network": {
"description": "Advertised network address.",
"readonly": true,
"required": true,
"title": "Advertised Network",
"type": "string"
},
"rule_filter_type": {
"description": "Advertised rule filter type",
"readonly": true,
"required": false,
"title": "Advertised rule filter type",
"type": "string"
},
"status": {
"description": "advertisement status of network to connected gateway SUCCESS - network route successfully plumbed on target gateway DENIED_BY_TARGET_GATEWAY - network denied by target gateway because of in filter rules or missing inter vrf config",
"readonly": true,
"required": false,
"title": "Advertisement status of network",
"type": "string"
}
},
"type": "object"
}
AdvertisedNetworksListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "AdvertisedNetworksListRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point.",
"title": "Enforcement point path",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Advertised networks list parameters",
"type": "object"
}
AggregateDNSForwarderStatistics (type)
{
"additionalProperties": false,
"description": "Aggregate of DNS forwarder statistics across enforcement points.",
"id": "AggregateDNSForwarderStatistics",
"module_id": "PolicyDNSStatistics",
"properties": {
"intent_path": {
"description": "String path of the DNS forwarder intent.",
"required": true,
"title": "String path of the DNS forwarder intent",
"type": "string"
},
"statistics_per_enforcement_point": {
"description": "List of DNS forwarder statistics per enforcement point.",
"items": {
"$ref": "DNSForwarderStatisticsPerEnforcementPoint
},
"readonly": true,
"title": "List of DNS forwarder statistics per enforcement point",
"type": "array"
}
},
"title": "Aggregate of DNS forwarder statistics",
"type": "object"
}
AggregateDNSForwarderStatus (type)
{
"additionalProperties": false,
"description": "Aggregate of DNS forwarder status across enforcement points.",
"id": "AggregateDNSForwarderStatus",
"module_id": "PolicyDNSStatistics",
"properties": {
"intent_path": {
"description": "String path of the DNS forwarder intent.",
"required": true,
"title": "String path of the DNS forwarder intent",
"type": "string"
},
"status_per_enforcement_point": {
"description": "List of DNS forwarder status per enforcement point.",
"items": {
"$ref": "DNSForwarderStatusPerEnforcementPoint
},
"readonly": true,
"title": "List of DNS forwarder status per enforcement point",
"type": "array"
}
},
"title": "Aggregate of DNS forwarder status",
"type": "object"
}
AggregatePolicyDnsAnswer (type)
{
"additionalProperties": false,
"description": "Aggregate of DNS forwarder nslookup answer across enforcement points.",
"id": "AggregatePolicyDnsAnswer",
"module_id": "PolicyDnsForwarder",
"properties": {
"dns_answer_per_enforcement_point": {
"description": "List of DNS forwarder nslookup answer per enforcement point.",
"items": {
"$ref": "PolicyDnsAnswerPerEnforcementPoint
},
"readonly": true,
"title": "List of DNS forwarder nslookup answer per enforcement point",
"type": "array"
},
"intent_path": {
"description": "String path of the DNS forwarder intent.",
"required": true,
"title": "String path of the DNS forwarder intent",
"type": "string"
}
},
"title": "Aggregate of DNS forwarder nslookup answer",
"type": "object"
}
AggregatePolicyRuntimeInfo (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Aggregate of PolicyRuntimeInfoPerEP across Enforcement Points.",
"id": "AggregatePolicyRuntimeInfo",
"module_id": "PolicyBaseStatistics",
"properties": {
"intent_path": {
"description": "Intent path of object, forward slashes must be escaped using %2F.",
"readonly": true,
"required": true,
"title": "String Path of the intent object",
"type": "string"
}
},
"title": "Aggregate of PolicyRuntimeInfoPerEP",
"type": "object"
}
AggregatedDataCounter (type)
{
"id": "AggregatedDataCounter",
"module_id": "AggSvcL2Types",
"properties": {
"rx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"rx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
}
},
"type": "object"
}
AggregatedDataCounterEx (type)
{
"extends": {
"$ref": "AggregatedDataCounter
},
"id": "AggregatedDataCounterEx",
"module_id": "AggSvcL2Types",
"properties": {
"dropped_by_firewall_packets": {
"$ref": "DfwDropCounters,
"readonly": true,
"required": false
},
"dropped_by_security_packets": {
"$ref": "PacketsDroppedBySecurity,
"readonly": true,
"required": false
},
"mac_learning": {
"$ref": "MacLearningCounters,
"readonly": true,
"required": false
},
"rx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"rx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
}
},
"type": "object"
}
AggregatedLogicalRouterPortCounters (type)
{
"description": "Provides the following aggregated information of the logical router ports: - <b>Incoming packet counters</b> on the logical router ports. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The interface statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. - <b>Outgoing packet counters</b> on the logical router ports. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time logical router port was created. The logical router port statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. - Some of the packet drop reasons include, the DAD (Duplicate Address Detection) status of the IP is not in ASSIGNED state, firewall rules, failed to fragment the packet, receive malformed packet, could not find route to destination, absence of the receiver, insufficient memory, incomplete ARP resolution of the next-hop, RPF check failure, failed to redirect packet to KNI interface, TTL exceeded, port does not have a linked peer port and and unsupported - destination, protocol or L4 port. - Some of the IPSec packet drop reasons include the missing security association or VTI interface. It also includes packets dropped due to policy lookup error or block policy. - Provides the total number of service-insertion, KNI, non-IP and IPv6 packets dropped.",
"id": "AggregatedLogicalRouterPortCounters",
"module_id": "AggSvcLogicalRouterPort",
"properties": {
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Timestamp when the data was last updated; unset if data source has never updated the data."
},
"rx": {
"$ref": "LogicalRouterPortCounters,
"description": "Provides the aggregated incoming packet counters on the logical router port. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"required": false,
"title": "Packets in statistics"
},
"tx": {
"$ref": "LogicalRouterPortCounters,
"description": "Provides the aggregated outcoming packet counters on the logical router port. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"required": false,
"title": "Packets out statistics"
}
},
"title": "Aggregate of logical router port statistics",
"type": "object"
}
AntreaContainerClusterNode (type)
{
"id": "AntreaContainerClusterNode",
"properties": {
"cluster_id": {
"required": true,
"title": "The UUID of the container cluster",
"type": "string"
},
"nodes": {
"items": {
"type": "string"
},
"minItems": 1,
"title": "List of at most 200 container node UUIDs requiring a support bundle",
"type": "array"
}
},
"title": "Antrea container cluster and its nodes requiring a support bundle",
"type": "object"
}
AntreaSupportBundleContainerNode (type)
{
"additionalProperties": {},
"extends": {
"$ref": "SupportBundleContainerNode
},
"id": "AntreaSupportBundleContainerNode",
"polymorphic-type-descriptor": {
"type-identifier": "ANTREA"
},
"properties": {
"clusters": {
"items": {
"$ref": "AntreaContainerClusterNode
},
"minItems": 1,
"title": "List of AntreaContainerClusterNodes identifying container clusters and their nodes",
"type": "array"
},
"container_type": {
"enum": [
"ANTREA"
],
"required": true,
"title": "Support bundle container type",
"type": "string"
}
},
"type": "object"
}
AntreaTraceflowConfig (type)
{
"additionalProperties": false,
"description": "The configuration for Antrea traceflow.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "AntreaTraceflowConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"container_cluster_id": {
"description": "Container cluster ID in inventory. This property is used to identify multiple clusters under single NSX-T.",
"required": true,
"title": "Container cluster ID",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_external_id": {
"description": "Destination external id for Antrea traceflow. Must be ContainerApplicationInstance or ContainerApplication. Ignored if destination_ip provided in packet data.",
"required": false,
"title": "Destination external id",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_transient": {
"default": true,
"description": "This field indicates if intent is transient and will be cleaned up by the system if set to true.",
"required": false,
"title": "Marker to indicate if intent is transient",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"packet": {
"$ref": "AntreaTraceflowPacketData,
"description": "Configuration of packet data.",
"required": false,
"title": "Packet configuration"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"source_external_id": {
"description": "Source external id for Antrea traceflow. Must be ContainerApplicationInstance external_id.",
"required": true,
"title": "Source external id",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Antrea traceflow configuration",
"type": "object"
}
AntreaTraceflowIcmpEchoRequestHeader (type)
{
"description": "IcmpEchoRequest header stuffs for Antrea traceflow.",
"id": "AntreaTraceflowIcmpEchoRequestHeader",
"module_id": "PolicyConnectivity",
"properties": {
"id": {
"description": "Id of IcmpEchoRequest.",
"title": "IcmpEchoRequest id",
"type": "integer"
},
"sequence": {
"description": "Sequence number of IcmpEchoRequest.",
"title": "Icmp sequence",
"type": "integer"
}
},
"title": "IcmpEchoHeader for Antrea traceflow",
"type": "object"
}
AntreaTraceflowIpHeader (type)
{
"description": "Ip header stuffs for Antrea traceflow.",
"id": "AntreaTraceflowIpHeader",
"module_id": "PolicyConnectivity",
"properties": {
"dstIp": {
"description": "Destination ip address in IpHeader.",
"title": "Destination ip",
"type": "string"
},
"flags": {
"description": "Protocol setting in IpHeader.",
"title": "Flags",
"type": "integer"
},
"protocol": {
"description": "Protocol setting in IpHeader.",
"title": "Protocol",
"type": "integer"
},
"srcIp": {
"description": "Source ip address in IpHeader.",
"title": "Source ip",
"type": "string"
},
"ttl": {
"description": "TTL value in IpHeader. Default is 64.",
"title": "Time to live",
"type": "integer"
}
},
"title": "IpHeader for Antrea traceflow",
"type": "object"
}
AntreaTraceflowIpv6Header (type)
{
"description": "Ipv6 header stuffs for Antrea traceflow.",
"id": "AntreaTraceflowIpv6Header",
"module_id": "PolicyConnectivity",
"properties": {
"dstIp": {
"description": "Destination ip address in Ipv6Header.",
"title": "Destination ip",
"type": "string"
},
"hopLimit": {
"description": "Hop limit setting in Ipv6Header.",
"title": "Hop limit",
"type": "integer"
},
"nextHeader": {
"description": "Next header setting in Ipv6Header.",
"title": "Next header",
"type": "integer"
},
"srcIp": {
"description": "Source ip address in Ipv6Header.",
"title": "Source ip",
"type": "string"
}
},
"title": "Ipv6Header for Antrea traceflow",
"type": "object"
}
AntreaTraceflowPacketData (type)
{
"description": "Packet data stuffs for Antrea traceflow.",
"id": "AntreaTraceflowPacketData",
"module_id": "PolicyConnectivity",
"properties": {
"frameSize": {
"description": "This property is used to set packet data size.",
"title": "Packet frame size",
"type": "integer"
},
"ipHeader": {
"$ref": "AntreaTraceflowIpHeader,
"description": "This property is used to set ipv4 header data.",
"title": "Ipv4 header configuration"
},
"ipv6Header": {
"$ref": "AntreaTraceflowIpv6Header,
"description": "This property is used to set ipv6 header data.",
"title": "Ipv6 header configuration"
},
"payload": {
"description": "This property is used to set payload data.",
"title": "Packet payload",
"type": "string"
},
"resourceType": {
"description": "This property is used to set resource type.",
"enum": [
"FIELDS_PACKET_DATA",
"BINARY_PACKET_DATA"
],
"title": "Packet resource type",
"type": "string"
},
"transportHeader": {
"$ref": "AntreaTraceflowTransportHeader,
"description": "This property is used to set transport header data.",
"title": "Transport header configuration"
},
"transportType": {
"description": "This property is used to set transport type.",
"enum": [
"UNICAST",
"MULTICAST",
"BROADCAST",
"UNKNOWN"
],
"title": "Transport type",
"type": "string"
}
},
"title": "Packet data for Antrea traceflow",
"type": "object"
}
AntreaTraceflowTcpHeader (type)
{
"description": "Tcp header stuffs for Antrea traceflow.",
"id": "AntreaTraceflowTcpHeader",
"module_id": "PolicyConnectivity",
"properties": {
"dstPort": {
"description": "Destination port number in TcpHeader.",
"title": "Destination port",
"type": "integer"
},
"srcPort": {
"description": "Source port number in TcpHeader.",
"title": "Source port",
"type": "integer"
},
"tcpFlags": {
"description": "Tcp flags in TcpHeader. SYN flag must be set for traceflow.",
"title": "Tcp flags",
"type": "integer"
}
},
"title": "TcpHeader for Antrea traceflow",
"type": "object"
}
AntreaTraceflowTransportHeader (type)
{
"description": "Transport header stuffs for Antrea traceflow.",
"id": "AntreaTraceflowTransportHeader",
"module_id": "PolicyConnectivity",
"properties": {
"icmpEchoRequestHeader": {
"$ref": "AntreaTraceflowIcmpEchoRequestHeader,
"description": "IcmpEchoRequest header stuffs for Antrea traceflow.",
"title": "IcmpEchoRequestHeader for Antrea traceflow"
},
"tcpHeader": {
"$ref": "AntreaTraceflowTcpHeader,
"description": "Tcp header stuffs for Antrea traceflow.",
"title": "TcpHeader for Antrea traceflow"
},
"udpHeader": {
"$ref": "AntreaTraceflowUdpHeader,
"description": "Udp header stuffs for Antrea traceflow.",
"title": "UdpHeader for Antrea traceflow"
}
},
"title": "TransportHeader for Antrea traceflow",
"type": "object"
}
AntreaTraceflowUdpHeader (type)
{
"description": "Udp header stuffs for Antrea traceflow.",
"id": "AntreaTraceflowUdpHeader",
"module_id": "PolicyConnectivity",
"properties": {
"dstPort": {
"description": "Destination port number in UdpHeader.",
"title": "Destination port",
"type": "integer"
},
"srcPort": {
"description": "Source port number in UdpHeader.",
"title": "Source port",
"type": "integer"
}
},
"title": "UdpHeader for Antrea traceflow",
"type": "object"
}
AphInfo (type)
{
"additionalProperties": false,
"description": "APH information.",
"id": "AphInfo",
"module_id": "SiteManagerModule",
"properties": {
"address": {
"required": true,
"title": "IP address of APH service",
"type": "string"
},
"certificate": {
"required": true,
"title": "PEM Certificate of APH service",
"type": "string"
},
"fqdn": {
"required": false,
"title": "FQDN, only returned by GET /sites and GET /sites/self",
"type": "string"
},
"node_id": {
"required": true,
"title": "Node ID of the APH service",
"type": "string"
},
"port": {
"required": true,
"title": "Port of APH service",
"type": "integer"
},
"use_fqdn": {
"required": false,
"title": "whether or not fqdn flag is on",
"type": "boolean"
},
"uuid": {
"required": true,
"title": "ID of the APH service",
"type": "string"
}
},
"title": "Apliance proxy hub information",
"type": "object"
}
ApiError (type)
{
"extends": {
"$ref": "RelatedApiError
},
"id": "ApiError",
"module_id": "Common",
"properties": {
"details": {
"title": "Further details about the error",
"type": "string"
},
"error_code": {
"title": "A numeric error code",
"type": "integer"
},
"error_data": {
"title": "Additional data about the error",
"type": "object"
},
"error_message": {
"title": "A description of the error",
"type": "string"
},
"module_name": {
"title": "The module name where the error occurred",
"type": "string"
},
"related_errors": {
"items": {
"$ref": "RelatedApiError
},
"title": "Other errors related to this error",
"type": "array"
}
},
"title": "Detailed information about an API Error",
"type": "object"
}
ApiRequestBody (type)
{
"additionalProperties": false,
"description": "API Request Body is an Event Source that represents an API request body that is being reveived as part of an API. Supported Request Bodies are those received as part of a PATCH/PUT/POST request.",
"extends": {
"$ref": "Source
},
"id": "ApiRequestBody",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"type-identifier": "ApiRequestBody"
},
"properties": {
"resource_pointer": {
"description": "Regex path representing a regex expression on resources. This regex is used to identify the request body(ies) that is/are the source of the Event. For instance: specifying \"Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default\" as a source means that ANY resource starting with Lb or ANY resource with \"/infra/tier-0s/vmc/ipsec-vpn-services/default\" as path would be the source of the event in question.",
"required": true,
"title": "Resource Pointer",
"type": "string"
},
"resource_type": {
"description": "Event Source resource type.",
"enum": [
"ResourceOperation",
"ApiRequestBody"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "API Request Body",
"type": "object"
}
ApiServiceConfig (type)
{
"additionalProperties": false,
"description": "Properties that affect the configuration of the NSX API service.",
"extends": {
"$ref": "ManagedResource
},
"id": "ApiServiceConfig",
"module_id": "ApiServiceConfig",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"basic_authentication_enabled": {
"default": true,
"description": "Identifies whether basic authentication is enabled or disabled in API calls.",
"title": "Enable or disable basic authentication",
"type": "boolean"
},
"cipher_suites": {
"description": "The TLS cipher suites that the API service will negotiate.",
"items": {
"$ref": "CipherSuite
},
"minItems": 1,
"title": "Cipher suites used to secure contents of connection",
"type": "array"
},
"client_api_concurrency_limit": {
"default": 40,
"description": "A per-client concurrency limit. This is the maximum number of outstanding requests that a client can have. For example, a client can open multiple connections to NSX and submit operations on each connection. When this limit is exceeded, the server returns a 503 Service Unavailable error to the client. To disable API concurrency limiting, set this value to 0.",
"minimum": 0,
"title": "Client API concurrency limit in calls",
"type": "integer"
},
"client_api_rate_limit": {
"default": 100,
"description": "The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0.",
"minimum": 0,
"title": "Client API rate limit in calls per second",
"type": "integer"
},
"connection_timeout": {
"default": 30,
"description": "NSX connection timeout, in seconds. To disable timeout, set to 0.",
"maximum": 2147483647,
"minimum": 0,
"title": "NSX connection timeout",
"type": "integer"
},
"cookie_based_authentication_enabled": {
"default": true,
"description": "Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create.",
"title": "Enable or disable cookie-based authentication",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"global_api_concurrency_limit": {
"default": 199,
"description": "The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0.",
"minimum": 0,
"title": "Global API concurrency limit in calls",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"lockout_immune_addresses": {
"description": "The list of IP addresses which are not subjected to a lockout on failed login attempts.",
"items": {
"$ref": "IPAddress
},
"title": "IP addresses which are not subject to lockout on failed login attempts",
"type": "array"
},
"protocol_versions": {
"description": "The TLS protocol versions that the API service will negotiate.",
"items": {
"$ref": "ProtocolVersion
},
"minItems": 1,
"title": "TLS protocol versions",
"type": "array"
},
"redirect_host": {
"$ref": "HostnameOrIPv4AddressOrEmptyString,
"default": "",
"description": "Host name or IP address to use for redirect location headers, or empty string to derive from current request. To disable, set redirect_host to the empty string (\"\").",
"title": "Hostname/IP to use in redirect headers"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"session_timeout": {
"default": 1800,
"descriptions": "Sessions inactive for more than this value are terminated. The value is given in seconds. Set to 0 to disable timeouts.",
"maximum": 2147483647,
"minimum": 0,
"title": "NSX session inactivity timeout",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Configuration of the API service",
"type": "object"
}
ApplianceManagementSuppressRedirectQueryParameter (type)
{
"additionalProperties": false,
"id": "ApplianceManagementSuppressRedirectQueryParameter",
"properties": {
"suppress_redirect": {
"default": false,
"description": "Do not return a redirect HTTP status.",
"title": "Suppress redirect status if applicable",
"type": "boolean"
}
},
"type": "object"
}
ApplianceManagementTaskListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ApplianceManagementTaskListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ApplianceManagementTaskProperties
},
"required": true,
"title": "Task property results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Appliance management task query results",
"type": "object"
}
ApplianceManagementTaskProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "ApplianceManagementTaskProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"async_response_available": {
"readonly": true,
"title": "True if response for asynchronous request is available",
"type": "boolean"
},
"cancelable": {
"readonly": true,
"title": "True if this task can be canceled",
"type": "boolean"
},
"description": {
"readonly": true,
"title": "Description of the task",
"type": "string"
},
"details": {
"readonly": true,
"title": "Details about the task if known",
"type": "object"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "The end time of the task in epoch milliseconds"
},
"id": {
"pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}_[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$",
"readonly": true,
"title": "Identifier for this task",
"type": "string"
},
"message": {
"readonly": true,
"title": "A message describing the disposition of the task",
"type": "string"
},
"progress": {
"maximum": 100,
"minimum": 0,
"readonly": true,
"title": "Task progress if known, from 0 to 100",
"type": "integer"
},
"request_is_async": {
"readonly": true,
"title": "True if request was invoked with Vmw-Async:true header; otherwise, false",
"type": "boolean"
},
"request_method": {
"readonly": true,
"title": "HTTP request method",
"type": "string"
},
"request_uri": {
"readonly": true,
"title": "URI of the method invocation that spawned this task",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "The start time of the task in epoch milliseconds"
},
"status": {
"$ref": "ApplianceManagementTaskStatus,
"readonly": true,
"title": "Current status of the task"
},
"user": {
"readonly": true,
"title": "Name of the user who created this task",
"type": "string"
}
},
"title": "Appliance management task properties",
"type": "object"
}
ApplianceManagementTaskQueryParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResultQueryParameters
},
"id": "ApplianceManagementTaskQueryParameters",
"properties": {
"fields": {
"description": "Comma-separated field names to include in query result",
"title": "Fields to include in query results",
"type": "string"
},
"request_method": {
"description": "Comma-separated request methods to include in query result",
"pattern": "^(=|!=|~|!~)?.+$",
"title": "Request method(s) to include in query result",
"type": "string"
},
"request_path": {
"description": "Comma-separated request paths to include in query result",
"pattern": "^(=|!=|~|!~)?.+$",
"title": "Request URI path(s) to include in query result",
"type": "string"
},
"request_uri": {
"description": "Comma-separated request URIs to include in query result",
"pattern": "^(=|!=|~|!~)?.+$",
"title": "Request URI(s) to include in query result",
"type": "string"
},
"status": {
"description": "Comma-separated status values to include in query result",
"pattern": "^(=|!=|~|!~)?.+$",
"title": "Status(es) to include in query result",
"type": "string"
},
"user": {
"description": "Comma-separated user names to include in query result",
"pattern": "^(=|!=|~|!~)?.+$",
"title": "Names of users to include in query result",
"type": "string"
}
},
"type": "object"
}
ApplianceManagementTaskStatus (type)
{
"enum": [
"running",
"error",
"success",
"canceling",
"canceled",
"killed"
],
"id": "ApplianceManagementTaskStatus",
"title": "Current status of the appliance management task",
"type": "string"
}
ApplicationConnectivityStrategy (type)
{
"additionalProperties": false,
"description": "Allows more granular policies for application workloads",
"id": "ApplicationConnectivityStrategy",
"module_id": "Policy",
"properties": {
"application_connectivity_strategy": {
"description": "App connectivity strategies",
"enum": [
"ALLOW_INTRA",
"ALLOW_EGRESS",
"ALLOW_INGRESS",
"DROP_INGRESS",
"DROP_EGRESS"
],
"required": true,
"title": "Application connectivity strategy",
"type": "string"
},
"default_application_rule_id": {
"description": "Based on the value of the app connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule.",
"readonly": true,
"required": false,
"title": "Default rule ID associated with the application_connectivity_strategy",
"type": "integer"
},
"logging_enabled": {
"default": false,
"description": "Flag to enable packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
}
},
"title": "Application specific connectivity strategy",
"type": "object"
}
ApplyCertificateParameters (type)
{
"additionalProperties": false,
"id": "ApplyCertificateParameters",
"module_id": "CertificateManager",
"properties": {
"node_id": {
"description": "Optional node-id to which to apply the certificate. The cluster_certificate field of the matching Certificate Profile must be false, as those get applied to all nodes.",
"maxLength": 255,
"readonly": false,
"required": false,
"title": "Node Id",
"type": "string"
},
"service_type": {
"$ref": "ServiceType,
"description": "Service Type of the CertificateProfile to apply the certificate to.",
"required": true,
"title": "Service Type"
}
},
"type": "object"
}
ArpHeader (type)
{
"additionalProperties": false,
"id": "ArpHeader",
"module_id": "Traceflow",
"properties": {
"dst_ip": {
"$ref": "IPv4Address,
"required": true,
"title": "The destination IP address"
},
"op_code": {
"default": "ARP_REQUEST",
"description": "This field specifies the nature of the Arp message being sent.",
"enum": [
"ARP_REQUEST",
"ARP_REPLY"
],
"required": true,
"title": "Arp message type",
"type": "string"
},
"src_ip": {
"$ref": "IPv4Address,
"description": "This field specifies the IP address of the sender. If omitted, the src_ip is set to 0.0.0.0.",
"required": false,
"title": "The source IP address"
}
},
"type": "object"
}
ArpSnoopingConfig (type)
{
"additionalProperties": false,
"description": "Contains ARP snooping related configuration.",
"id": "ArpSnoopingConfig",
"module_id": "PolicyIpDiscovery",
"properties": {
"arp_binding_limit": {
"default": 1,
"description": "Number of arp snooped IP addresses Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached.",
"maximum": 256,
"minimum": 1,
"required": false,
"title": "Maximum number of ARP bindings",
"type": "int"
},
"arp_snooping_enabled": {
"default": true,
"description": "Indicates whether ARP snooping is enabled",
"required": false,
"title": "Is ARP snooping enabled or not",
"type": "boolean"
}
},
"title": "ARP Snooping Configuration",
"type": "object"
}
ArpTableRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "BaseEdgeStatisticsRequestParameters
},
"id": "ArpTableRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_path": {
"description": "Policy path of edge node. Edge node must be member of enforcement point. Edge path is required when interface specified is either service or loopback interface.",
"title": "Policy path of edge node",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.",
"title": "Enforcement point path",
"type": "string"
},
"host_transport_node_path": {
"description": "Policy path of host transport node. In case of API used from Global Manager, use the HostTransportNode path from Local Manager.",
"title": "Policy path of host transport node",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Routes request parameters",
"type": "object"
}
AttachedInterfaceEntry (type)
{
"additionalProperties": false,
"description": "The Attached interface is only effective for the segment port on Bare metal server.",
"id": "AttachedInterfaceEntry",
"module_id": "PolicyConnectivity",
"properties": {
"app_intf_name": {
"required": true,
"title": "The name of application interface",
"type": "string"
},
"default_gateway": {
"$ref": "IPAddress,
"required": false,
"title": "Gateway IP"
},
"migrate_intf": {
"description": "IP configuration on migrate_intf will migrate to app_intf_name. It is used for Management and Application sharing the same IP.",
"required": false,
"title": "Interface name to migrate",
"type": "string"
},
"routing_table": {
"items": {
"type": "string"
},
"required": false,
"title": "Routing rules",
"type": "array"
}
},
"title": "Attached interface information for Bare metal server",
"type": "object"
}
Attribute (type)
{
"description": "Attribute specific to a partner. There attributes are passed on to the partner appliance and is opaque to the NSX Manager. The Attributes used by the partner applicance.",
"id": "Attribute",
"module_id": "ServiceInsertionCommonTypes",
"properties": {
"attribute_type": {
"description": "Attribute Type can be of any of the allowed enum type.",
"enum": [
"IP_ADDRESS",
"PORT",
"PASSWORD",
"STRING",
"LONG",
"BOOLEAN"
],
"readonly": false,
"required": false,
"title": "Attributetype.",
"type": "string"
},
"display_name": {
"description": "Attribute display name string value.",
"readonly": false,
"required": false,
"title": "Display name",
"type": "string"
},
"key": {
"description": "Attribute key string value.",
"readonly": false,
"required": true,
"title": "key",
"type": "string"
},
"read_only": {
"default": false,
"description": "Read only Attribute cannot be overdidden by service instance/deployment.",
"readonly": false,
"required": false,
"title": "read only",
"type": "boolean"
},
"value": {
"description": "Attribute value string value.",
"readonly": false,
"required": false,
"title": "value",
"type": "string"
}
},
"title": "Attributes",
"type": "object"
}
AttributeVal (type)
{
"description": "Contains type specific properties of generic realized entity",
"id": "AttributeVal",
"module_id": "PolicyRealizedState",
"properties": {
"data_type": {
"description": "Datatype of the property",
"enum": [
"STRING",
"DATE",
"INTEGER",
"BOOLEAN"
],
"readonly": true,
"required": true,
"title": "Datatype of property represented by this attribute",
"type": "string"
},
"key": {
"description": "Attribute key",
"required": false,
"title": "Key for the attribute value",
"type": "string"
},
"multivalue": {
"description": "If attribute has a single value or collection of values",
"readonly": true,
"title": "multivalue flag",
"type": "boolean"
},
"values": {
"description": "List of attribute values",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of values for the attribute",
"type": "array"
}
},
"title": "Attribute values of realized type",
"type": "object"
}
AuthServiceProperties (type)
{
"id": "AuthServiceProperties",
"properties": {
"logging_level": {
"default": "INFO",
"enum": [
"OFF",
"FATAL",
"ERROR",
"WARN",
"INFO",
"DEBUG",
"TRACE"
],
"required": false,
"title": "Service logging level",
"type": "string"
}
},
"title": "Auth Service properties",
"type": "object"
}
AuthenticationPolicyProperties (type)
{
"additionalProperties": {},
"extends": {
"$ref": "PasswordComplexityProperties
},
"id": "AuthenticationPolicyProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_retry_prompt": {
"default": 3,
"readonly": true,
"title": "Prompt user at most N times before returning with error.",
"type": "integer"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"api_failed_auth_lockout_period": {
"default": 900,
"description": "Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types.",
"maximum": 9000,
"minimum": 0,
"title": "Lockout period in seconds",
"type": "integer"
},
"api_failed_auth_reset_period": {
"default": 900,
"description": "In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types.",
"maximum": 9000,
"minimum": 0,
"title": "Period, in seconds, for authentication failures to trigger lockout",
"type": "integer"
},
"api_max_auth_failures": {
"default": 5,
"description": "Only applies to NSX Manager nodes. Ignored on other node types.",
"maximum": 50,
"minimum": 0,
"title": "Number of authentication failures that trigger API lockout",
"type": "integer"
},
"cli_failed_auth_lockout_period": {
"default": 900,
"description": "Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified.",
"maximum": 604800,
"minimum": 0,
"title": "Lockout period in seconds",
"type": "integer"
},
"cli_max_auth_failures": {
"default": 5,
"maximum": 10,
"minimum": 0,
"title": "Number of authentication failures that trigger CLI lockout",
"type": "integer"
},
"digits": {
"default": -1,
"description": "Number of digits (0..9) expected in user password. <p>N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password.</p> <p>N > 0, to set maximum credit for having digits in the new password, i.e. per occurrence of digit in password will attribute additional credit of +1 towards meeting the current <b>minimum_password_length</b> value upto <b>N</b> digits.</p> <p>N = 0, policy will be not applicable.</p> By default minimum 1 digit is required for a new password.",
"maximum": 128,
"minimum": -128,
"title": "Number of digits in password",
"type": "integer"
},
"hash_algorithm": {
"default": "sha512",
"description": "Sets hash/cryptographic algorithm type for new passwords.",
"enum": [
"sha512",
"sha256"
],
"title": "Hash algorithm",
"type": "string"
},
"lower_chars": {
"default": -1,
"description": "Number of lower case characters (a..z) expected in user password. <p>N < 0, to set minimum credit for having lower case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password.</p> <p>N > 0, to set maximum credit for having lower case characters in the new password, i.e. per occurrence of lower case character in password will attribute additional credit of +1 towards meeting the current <b>minimum_password_length</b> value upto <b>N</b> lower case characters.</p> <p>N = 0, policy will be not applicable.</p> By default minimum 1 lower case character is required for a new password.",
"maximum": 128,
"minimum": -128,
"title": "Number of lower-case characters in password",
"type": "integer"
},
"max_repeats": {
"default": 0,
"description": "Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0.",
"maximum": 128,
"minimum": 0,
"title": "Number of same consecutive characters",
"type": "integer"
},
"max_sequence": {
"default": 0,
"description": "Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0.",
"maximum": 128,
"minimum": 0,
"title": "Length of permissible monotonic sequence in password substring",
"type": "integer"
},
"maximum_password_length": {
"default": 128,
"description": "Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters.",
"maximum": 128,
"minimum": 8,
"title": "Maximum password length",
"type": "integer"
},
"minimum_password_length": {
"default": 12,
"description": "Minimum number of characters expected in password; user can not set their password of length less than this parameter.<br /> NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - <p>if existing appliance is configured with <code>minimum_password_length</code> less than current default value, then upgraded appliance will reset the configured setting back to recommended default; which can be explicitly modified back to original value or any other integer greater than or equal to supported minimum value.</p> <p>VMware recommends to set strong passwords for systems and appliances, further suggests to maintain strong <code>minimum_password_length</code> value. NSX resets this value to default and recommends to maintain upgraded default value or above for password complexity requirement.</p> <p>If any existing user passwords are set with length of less than newly configured <code>minimum_password_length</code>, then its recommended to reset the user passwords as per newly configured password complexity compliance.</p> <p>If existing <code>minimum_password_length</code> is greater than or equal to default value, which shall be retained as it is in newly upgraded appliance.</p> By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed.",
"maximum": 128,
"minimum": 8,
"title": "Minimum password length",
"type": "integer"
},
"minimum_unique_chars": {
"default": 0,
"description": "Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0.",
"maximum": 128,
"minimum": 0,
"title": "Number of unique characters from old password",
"type": "integer"
},
"password_remembrance": {
"default": 0,
"description": "Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0.",
"minimum": 0,
"title": "Password remembrance from previous generations",
"type": "integer"
},
"special_chars": {
"default": -1,
"description": "Number of special characters (!@#$&*..) expected in user password. <p>N < 0, to set minimum credit for having special characters in the new password, i.e. this is the minimum number of special characters that must be met for a new password.</p> <p>N > 0, to set maximum credit for having special characters in the new password, i.e. per occurrence of special case character in password will attribute additional credit of +1 towards meeting the current <b>minimum_password_length</b> value upto <b>N</b> special case characters.</p> <p>N = 0, policy will be not applicable.</p> By default minimum 1 special character is required for a new password.",
"maximum": 128,
"minimum": -128,
"title": "Number of special characters in password",
"type": "integer"
},
"upper_chars": {
"default": -1,
"description": "Number of upper case characters (A..Z) expected in user password. <p>N < 0, to set minimum credit for having upper case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password.</p> <p>N > 0, to set maximum credit for having upper case characters in the new password, i.e. per occurrence of upper case character in password will attribute additional credit of +1 towards meeting the current <b>minimum_password_length</b> value upto <b>N</b> upper case characters.</p> <p>N = 0, policy will be not applicable.</p> By default minimum 1 upper case character is required for a new password.",
"maximum": 128,
"minimum": -128,
"title": "Number of upper-case characters in password",
"type": "integer"
}
},
"title": "Configuration of authentication and password policies for the NSX node",
"type": "object"
}
AuthenticationScheme (type)
{
"additionalProperties": {},
"id": "AuthenticationScheme",
"properties": {
"scheme_name": {
"required": true,
"title": "Authentication scheme name",
"type": "string"
}
},
"type": "object"
}
AutoRds (type)
{
"description": "This object holds auto assigned route distinguishers for Layer 2 and Layer 3 configurations.",
"id": "AutoRds",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"l2_auto_rds": {
"items": {
"$ref": "L2AutoRD
},
"title": "List of layer 2 Auto assigned Route Distinguisher",
"type": "array"
},
"l3_auto_rd": {
"description": "This field is auto assigned by the system. The auto RD seed is populated when user does not assign a route_distinguisher field in the gateway.",
"title": "Layer 3 Auto assigned Route Distinguisher",
"type": "string"
}
},
"title": "Auto assigned Route Distinguishers",
"type": "object"
}
AviConnectionInfo (type)
{
"additionalProperties": false,
"description": "Credential info to connect to a AVI type of enforcement point.",
"extends": {
"$ref": "EnforcementPointConnectionInfo
},
"id": "AviConnectionInfo",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "AviConnectionInfo"
},
"properties": {
"certificate": {
"description": "Certificate used when on-borading workflow created by LCM/VCF.",
"required": false,
"title": "Certificate used when on-borading workflow created by LCM/VCF.",
"type": "string"
},
"cloud": {
"deprecated": true,
"description": "Clouds are containers for the environment that Avi Vantage is installed or operating within. During initial setup of Vantage, a default cloud, named Default-Cloud, is created. This is where the first Controller is deployed, into Default-Cloud. Additional clouds may be added, containing SEs and virtual services. This is a deprecated property. Cloud has been renamed to cloud_name and it will added from specific ALB entity.",
"required": false,
"sensitive": false,
"title": "Cloud",
"type": "string"
},
"enforcement_point_address": {
"description": "Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be \"10.192.1.1\" - On an NSX-T MP running on custom port, the value could be \"192.168.1.1:32789\" - On an NSX-T MP in VMC deployments, the value could be \"192.168.1.1:5480/nsxapi\"",
"required": true,
"title": "Enforcement Point Address",
"type": "string"
},
"expires_at": {
"description": "Expiry time of the token will be set by LCM at the time of Enforcement Point Creation.",
"required": false,
"title": "Expiry time of the token",
"type": "string"
},
"is_default_cert": {
"description": "Advanced Load Balancer controller using default portal certificate.",
"required": false,
"title": "Advanced Load Balancer controller using default portal certificate.",
"type": "boolean"
},
"managed_by": {
"description": "Managed by used when on-borading workflow created by LCM/VCF.",
"required": false,
"title": "Managed by used when on-borading workflow created by LCM/VCF.",
"type": "string"
},
"password": {
"description": "Password or Token for Avi Controller.",
"required": true,
"sensitive": true,
"title": "Password or Token for Avi Controller",
"type": "secure_string"
},
"resource_type": {
"description": "Resource Type of Enforcement Point Connection Info.",
"enum": [
"NSXTConnectionInfo",
"NSXVConnectionInfo",
"CvxConnectionInfo",
"AviConnectionInfo"
],
"required": true,
"title": "Connection Info Resource Type",
"type": "string"
},
"status": {
"$ref": "ALBEnforcementPointState,
"default": "DEACTIVATE_API",
"description": "This is connection property which checks whether ALB is connected to the controller. Enum options - ACTIVATE, DEACTIVATE_PROVIDER, DEACTIVATE_API. Default value is DEACTIVATE_API.",
"required": true,
"title": "Enforcement point state for ALB"
},
"tenant": {
"description": "A tenant is an isolated instance of Avi Controller. Each Avi user account is associated with one or more tenants. The tenant associated with a user account defines the resources that user can access within Avi Vantage. When a user logs in, Avi restricts their access to only those resources that are in the same tenant",
"required": true,
"sensitive": false,
"title": "Tenant",
"type": "string"
},
"thumbprint": {
"description": "Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX.",
"required": false,
"title": "Thumbprint of Enforcement Point",
"type": "string"
},
"username": {
"description": "Username.",
"required": true,
"sensitive": true,
"title": "Username",
"type": "secure_string"
},
"version": {
"deprecated": true,
"description": "Avi supports API versioning for backward compatibility with automation scripts written for an object model older than the current one. Such scripts need not be updated to keep up with object model changes This is a deprecated property. The version is now auto populated from property file and its value can be read using APIs",
"required": false,
"sensitive": false,
"title": "Version",
"type": "string"
}
},
"title": "Avi Connection Info",
"type": "object"
}
Axes (type)
{
"additionalProperties": false,
"description": "Represents X and Y axes of a graph. For a multi-graph, the same axes are shared by all the graphs.",
"id": "Axes",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"x_label": {
"$ref": "Label,
"decription": "Describes the X axis of a graph. If x_label is not specified, the label will not appear for X axis. To have a support for mulitple condition use 'x-labels' property.",
"title": "Label for X axis of a graph"
},
"x_labels": {
"description": "A list of X-Axis Labels with condition support. If needed, this property can be used to provide a list of x-axis label with condition support. For a label with single condition,'x-label' property can be used.",
"items": {
"$ref": "Label
},
"minItems": 0,
"title": "A list of X-Axis Labels with condition support.",
"type": "array"
},
"y_axis_unit_labels": {
"description": "A list of Y-Axis unit Labels with condition support. If needed, this property can be used to provide a list of y-axis unit label with condition support. This unit label can be used to display the point value along with units like percentage, milliseconds etc.",
"items": {
"$ref": "Label
},
"minItems": 0,
"title": "A list of Y-Axis unit Labels with condition support.",
"type": "array"
},
"y_axis_units": {
"description": "A list of Y-Axis unit with condition support. If needed, this property can be used to provide a list of y-axis unit with condition support. This unit could be like percentage, seconds, milliseconds etc.",
"items": {
"$ref": "AxisUnit
},
"minItems": 0,
"title": "A list of Y-Axis unit with condition support.",
"type": "array"
},
"y_label": {
"$ref": "Label,
"decription": "Describes the Y axis of a graph. If y_label is not specified, the label will not appear for Y axis.",
"title": "Label for Y axis of a graph"
},
"y_labels": {
"description": "A list of Y-Axis Labels with condition support. If needed, this property can be used to provide a list of y-axis label with condition support. For a label with single condition,'y-label' property can be used.",
"items": {
"$ref": "Label
},
"minItems": 0,
"title": "A list of Y-Axis Labels with condition support.",
"type": "array"
}
},
"title": "Axes of a graph",
"type": "object"
}
AxisUnit (type)
{
"additionalProperties": false,
"description": "Represents X and Y axis unit of a graph.",
"id": "AxisUnit",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"condition": {
"description": "If the condition is met then the above unit will be displayed. to UI. If no condition is provided, then the unit will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"unit": {
"description": "An Axis unit.",
"enum": [
"COUNT",
"PERCENT",
"BYTES",
"MILLISECONDS",
"SECONDS",
"MINUTE",
"HOUR",
"DAY",
"KILO_BYTES",
"MEGA_BYTES",
"GIGA_BYTES"
],
"title": "An Axis unit.",
"type": "string"
}
},
"title": "Axis unit of a graph",
"type": "object"
}
BMSGroupAssociationRequestParams (type)
{
"additionalProperties": false,
"description": "List request parameters containing Physical server external ID and enforcement point path",
"extends": {
"$ref": "RealizationListRequestParameters
},
"id": "BMSGroupAssociationRequestParams",
"module_id": "PolicyGroupRealization",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"physical_server_external_id": {
"required": true,
"title": "Physical external ID",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List request parameters containing Physical server external ID and enforcement point path",
"type": "object"
}
BackupConfiguration (type)
{
"additionalProperties": false,
"id": "BackupConfiguration",
"module_id": "BackupConfiguration",
"properties": {
"after_inventory_update_interval": {
"maximum": 86400,
"minimum": 300,
"required": false,
"title": "A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups.",
"type": "integer"
},
"backup_enabled": {
"default": false,
"title": "true if automated backup is enabled",
"type": "boolean"
},
"backup_schedule": {
"$ref": "BackupSchedule,
"title": "Set when backups should be taken - on a weekly schedule or at regular intervals."
},
"inventory_summary_interval": {
"default": 240,
"maximum": 3600,
"minimum": 30,
"title": "The minimum number of seconds between each upload of the inventory summary to backup server.",
"type": "integer"
},
"passphrase": {
"description": "Passphrase used to encrypt backup files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (any other non-space character).",
"sensitive": true,
"title": "Passphrase used to encrypt backup files.",
"type": "secure_string"
},
"remote_file_server": {
"$ref": "RemoteFileServer,
"required": false,
"title": "The server to which backups will be sent."
}
},
"title": "Configuration for taking manual/automated backup",
"type": "object"
}
BackupFrameRequestParameters (type)
{
"additionalProperties": false,
"description": "Parameters (site_id, etc), that describes a backup/restore frame",
"id": "BackupFrameRequestParameters",
"module_id": "BackupConfiguration",
"properties": {
"frame_type": {
"default": "LOCAL_LOCAL_MANAGER",
"description": "This attribute is used to indicate the service on current site or other site for which backup is handled in a frame. LOCAL_LOCAL_MANAGER corresponds to local LM of the site. LOCAL_MANAGER cprresponds to LM of other site.",
"enum": [
"GLOBAL_MANAGER",
"LOCAL_MANAGER",
"LOCAL_LOCAL_MANAGER",
"NSX_INTELLIGENCE"
],
"readonly": true,
"required": false,
"title": "Frame type",
"type": "string"
},
"site_id": {
"default": "localhost",
"description": "Site ID of LM site, which will be supported in a frame",
"required": false,
"title": "Site ID",
"type": "string"
}
},
"title": "Backup Frame Request Parameters",
"type": "object"
}
BackupOperationHistory (type)
{
"additionalProperties": false,
"id": "BackupOperationHistory",
"module_id": "BackupConfiguration",
"properties": {
"cluster_backup_statuses": {
"items": {
"$ref": "BackupOperationStatus
},
"required": false,
"title": "Statuses of previous cluster backups",
"type": "array"
},
"inventory_backup_statuses": {
"items": {
"$ref": "BackupOperationStatus
},
"required": false,
"title": "Statuses of previous inventory backups",
"type": "array"
},
"node_backup_statuses": {
"items": {
"$ref": "BackupOperationStatus
},
"required": false,
"title": "Statuses of previous node backups",
"type": "array"
},
"overall_backup_status": {
"description": "This attribute is used to indicate the overall backup status",
"enum": [
"NOT_AVAILABLE",
"IN_PROGRESS",
"SUCCESS",
"FAILED"
],
"required": false,
"title": "Overall status of last backup",
"type": "string"
}
},
"title": "Past backup operation details",
"type": "object"
}
BackupOperationStatus (type)
{
"additionalProperties": false,
"id": "BackupOperationStatus",
"module_id": "BackupConfiguration",
"properties": {
"backup_id": {
"required": true,
"title": "Unique identifier of a backup",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"required": false,
"title": "Time when operation was ended"
},
"error_code": {
"enum": [
"BACKUP_NOT_RUN_ON_MASTER",
"BACKUP_SERVER_UNREACHABLE",
"BACKUP_AUTHENTICATION_FAILURE",
"BACKUP_PERMISSION_ERROR",
"BACKUP_TIMEOUT",
"BACKUP_BAD_FINGERPRINT",
"BACKUP_GENERIC_ERROR",
"UPGRADE_IN_PROGRESS",
"CERTIFICATE_ROTATION_IN_PROGRESS"
],
"required": false,
"title": "Error code",
"type": "string"
},
"error_message": {
"required": false,
"title": "Error code details",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"required": false,
"title": "Time when operation was started"
},
"success": {
"required": true,
"title": "True if backup is successfully completed, else false",
"type": "boolean"
}
},
"readOnly": true,
"title": "Backup operation status",
"type": "object"
}
BackupOverview (type)
{
"description": "Data for a single backup/restore card",
"extends": {
"$ref": "ClusterBackupInfoListResult
},
"id": "BackupOverview",
"module_id": "BackupConfiguration",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"backup_config": {
"$ref": "BackupConfiguration,
"description": "Configuration to generate a manual/automated backup",
"required": true,
"title": "Backup configuration"
},
"backup_operation_history": {
"$ref": "BackupOperationHistory,
"description": "Status of the last backup execution per component",
"required": true,
"title": "Last backup status"
},
"current_backup_operation_status": {
"$ref": "CurrentBackupOperationStatus,
"description": "Backup status decribes type, phase, success/failure and time of a | latest backup execution",
"required": true,
"title": "Current backup status"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"restore_status": {
"$ref": "ClusterRestoreStatus,
"description": "Status of restore process executing/executed on appliance",
"required": true,
"title": "Current restore status"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ClusterBackupInfo
},
"readonly": true,
"required": true,
"title": "List of timestamps of backed-up cluster files",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Backup overview",
"type": "object"
}
BackupOverviewRequestParameters (type)
{
"description": "Parameters, that REST API client needs to provide, in order to get data for a backup/restore card with or without a list of generated backups.",
"extends": {
"$ref": "ListRequestParameters
},
"id": "BackupOverviewRequestParameters",
"module_id": "BackupConfiguration",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"frame_type": {
"default": "LOCAL_LOCAL_MANAGER",
"description": "This attribute is used to indicate the service on current site or other site for which backup is handled in a frame. LOCAL_LOCAL_MANAGER corresponds to local LM of the site. LOCAL_MANAGER cprresponds to LM of other site.",
"enum": [
"GLOBAL_MANAGER",
"LOCAL_MANAGER",
"LOCAL_LOCAL_MANAGER",
"NSX_INTELLIGENCE"
],
"readonly": true,
"required": false,
"title": "Frame type",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"show_backups_list": {
"default": true,
"description": "True to request a list of backups",
"required": false,
"title": "Need a list of backups",
"type": "boolean"
},
"site_id": {
"default": "localhost",
"description": "UUID of LM site, which will be supported in a frame",
"required": false,
"title": "UUID of the site",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Backup overview request parameters",
"type": "object"
}
BackupSchedule (type)
{
"abstract": true,
"id": "BackupSchedule",
"module_id": "BackupConfiguration",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"enum": [
"WeeklyBackupSchedule",
"IntervalBackupSchedule"
],
"required": true,
"title": "Schedule type",
"type": "string"
}
},
"title": "Abstract base type for Weekly or Interval Backup Schedule",
"type": "object"
}
BackupUiFramesInfo (type)
{
"id": "BackupUiFramesInfo",
"properties": {
"active_gm": {
"enum": [
"ACTIVE",
"STANDBY",
"NONE",
"INVALID"
],
"readonly": true,
"required": false,
"title": "Does site have active GM",
"type": "string"
},
"api_endpoint": {
"enum": [
"global-manager",
"nsxapi",
"ica"
],
"readonly": true,
"required": true,
"title": "prefix to be used for api call",
"type": "string"
},
"frame_type": {
"enum": [
"GLOBAL_MANAGER",
"LOCAL_MANAGER",
"LOCAL_LOCAL_MANAGER",
"NSX_INTELLIGENCE"
],
"help_detail": "This attribute is used to indicate the service on current\nsite or other site for which backup is handled.\nLOCAL_LOCAL_MANAGER corresponds to local LM of the site.\nLOCAL_MANAGER cprresponds to LM of other site.\n",
"readonly": true,
"required": true,
"title": "Type of service, for which backup is handled",
"type": "string"
},
"site_id": {
"readonly": true,
"required": true,
"title": "Id of the site",
"type": "string"
},
"site_version": {
"readonly": true,
"required": true,
"title": "Version of the site",
"type": "string"
}
},
"type": "object"
}
BackupUiFramesInfoList (type)
{
"id": "BackupUiFramesInfoList",
"properties": {
"backup_frames_list": {
"items": {
"$ref": "BackupUiFramesInfo
},
"readonly": true,
"required": true,
"title": "List of backup frames(and metadata) to be displayed in UI",
"type": "array"
}
},
"type": "object"
}
BaseCompatibilityCheckResult (type)
{
"abstract": true,
"id": "BaseCompatibilityCheckResult",
"module_id": "PolicySiteGM",
"properties": {
"local_nsx_version": {
"description": "Local Site NSX version where active Global Mananger is running.",
"readonly": true,
"title": "Local Site NSX version where active Global Mananger is running",
"type": "string"
},
"nsx_version": {
"description": "Remote Site NSX version.",
"readonly": true,
"title": "Remote Site NSX version",
"type": "string"
},
"rtt": {
"description": "Round trip time to the remote Site or Global Manager from active Global Manager.",
"readonly": true,
"title": "Round trip time to the remote Site or Global Manager from active\nGlobal Manager\n",
"type": "integer"
},
"rtt_exceeded": {
"description": "Flag to indicate if RTT to remote Site exceeds the recommended limit.",
"readonly": true,
"title": "Flag to indicate if RTT to remote Site exceeds the recommended limit",
"type": "boolean"
},
"version_compatible": {
"description": "Flag to indicate if remote Site NSX version is compatible with active Global Manager.",
"readonly": true,
"title": "Flag to indicate if remote Site NSX version is compatible",
"type": "boolean"
}
},
"title": "Precheck result for onboaring standby Global Manager or remote Site to\nfederation\ndescription: |\nResult of prechecks run for onboarding standby Global Manager or remote\nsite. The checks include NSX version compatibility with active Global\nManager, Round Trip Time (RTT), etc. Note that some of checks like RTT are\nsoft limits.\n",
"type": "object"
}
BaseConsolidatedStatusPerEnforcementPoint (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Consolidated Realized Status Per Enforcement Point.",
"extends": {
"$ref": "PolicyRuntimeInfoPerEP
},
"id": "BaseConsolidatedStatusPerEnforcementPoint",
"module_id": "PolicyRealizedState",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"alarm": {
"$ref": "PolicyRuntimeAlarm,
"description": "Alarm information details.",
"readonly": true,
"title": "Alarm Information Details"
},
"consolidated_status": {
"$ref": "ConsolidatedStatus,
"description": "Consolidated Realized Status of an Intent object per enforcement point.",
"readonly": true,
"title": "Consolidated Realized Status"
},
"enforcement_point_id": {
"description": "Enforcement Point Id.",
"readonly": true,
"title": "Enforcement Point Id",
"type": "string"
},
"enforcement_point_path": {
"description": "Policy Path referencing the enforcement point where the info is fetched.",
"readonly": true,
"title": "Enforcement point Path",
"type": "string"
},
"resource_type": {
"required": true,
"type": "string"
},
"site_path": {
"description": "The site where this enforcement point resides.",
"readonly": true,
"title": "Site Path",
"type": "string"
}
},
"title": "Base class for ConsolidatedStatusPerEnforcementPoint",
"type": "object"
}
BaseEdgeStatisticsRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "BaseListRequestParameters
},
"id": "BaseEdgeStatisticsRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_path": {
"description": "Policy path of edge node. Edge node must be member of enforcement point. Edge path is required when interface specified is either service or loopback interface.",
"title": "Policy path of edge node",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.",
"title": "Enforcement point path",
"type": "string"
},
"host_transport_node_path": {
"description": "Policy path of host transport node. In case of API used from Global Manager, use the HostTransportNode path from Local Manager.",
"title": "Policy path of host transport node",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Routes request parameters",
"type": "object"
}
BaseEndpoint (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Represents an endpoint which will be used as subject in rule. It is a polymorphic type object which can be either of the types - 1. Virtual 2. Logical We have 2 separate objects representing these 2 types. VirtualEndPoint for Virtual type and ServiceInstanceEndpoint for Logical.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "BaseEndpoint",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"VirtualEndpoint",
"ServiceInstanceEndpoint"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"target_ips": {
"description": "IPs where either inbound or outbound traffic is to be redirected.",
"items": {
"$ref": "IPInfo
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "IP addresses to redirect the traffic to",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "An endpoint to be used in redirection rule",
"type": "object"
}
BaseInterfaceGroup (type)
{
"additionalProperties": false,
"description": "Tier0/Tier1 Interface group for interface grouping.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "BaseInterfaceGroup",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"members": {
"description": "List of interface reference. Interface must belong to same location.",
"items": {
"$ref": "GatewayInterfaceReference
},
"required": false,
"title": "Tier0/Tier1 interface memeber list",
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base gateway Interface group",
"type": "object"
}
BaseListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "BaseListRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.",
"title": "Enforcement point path",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Routes request parameters",
"type": "object"
}
BasePolicyServiceInstance (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Represents an instance of partner Service and its configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "BasePolicyServiceInstance",
"module_id": "PolicyServiceInsertion",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"deployment_mode": {
"default": "ACTIVE_STANDBY",
"description": "Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.",
"enum": [
"STAND_ALONE",
"ACTIVE_STANDBY"
],
"readonly": false,
"required": false,
"title": "Deployment Mode",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"partner_service_name": {
"description": "Unique name of Partner Service in the Marketplace",
"required": true,
"title": "Name of Partner Service",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_type": {
"default": "L2_BRIDGE",
"description": "Transport to be used while deploying Service-VM.",
"enum": [
"L2_BRIDGE",
"L3_ROUTED"
],
"readonly": false,
"required": false,
"title": "Transport Type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents an instance of partner Service and its configuration",
"type": "object"
}
BaseRule (type)
{
"additionalProperties": false,
"description": "A rule indicates the action to be performed for various types of traffic flowing between workload groups.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "BaseRule",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Destination group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"destinations_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups",
"readonly": false,
"required": false,
"title": "Negation of destination groups",
"type": "boolean"
},
"direction": {
"default": "IN_OUT",
"description": "Define direction of traffic.",
"enum": [
"IN",
"OUT",
"IN_OUT"
],
"required": false,
"title": "Direction",
"type": "string"
},
"disabled": {
"default": false,
"description": "Flag to deactivate the rule. Default is activated.",
"readonly": false,
"required": false,
"title": "Flag to deactivate the rule",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_protocol": {
"description": "Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.",
"enum": [
"IPV4",
"IPV6",
"IPV4_IPV6"
],
"readonly": false,
"required": false,
"title": "IPv4 vs IPv6 packet type",
"type": "string"
},
"is_default": {
"description": "A flag to indicate whether rule is a default rule.",
"readonly": true,
"required": false,
"title": "Default rule flag",
"type": "boolean"
},
"logged": {
"default": false,
"description": "Flag to enable packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"notes": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.",
"maxLength": 2048,
"readonly": false,
"required": false,
"title": "Text for additional notes on changes",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profiles": {
"description": "Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Layer 7 service profiles or TLS action profile",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"Rule"
],
"relationshipType": "COMMUNICATION_ENTRY_L7_ACCESS_PROFILE_RELATIONSHIP",
"rightType": [
"L7AccessProfile"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_id": {
"description": "This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.",
"readonly": true,
"required": false,
"title": "Unique rule ID",
"type": "integer"
},
"scope": {
"description": "The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier0Interface",
"Tier1Interface",
"Tier0",
"Tier1",
"IPSecVpnSession",
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number",
"minimum": 0,
"required": false,
"title": "Sequence number of the this Rule",
"type": "int"
},
"service_entries": {
"description": "In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.",
"items": {
"$ref": "ServiceEntry
},
"maxItems": 128,
"required": false,
"title": "Raw services",
"type": "array"
},
"services": {
"description": "In order to specify all services, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Names of services",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"source_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Source group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sources_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups",
"readonly": false,
"required": false,
"title": "Negation of source groups",
"type": "boolean"
},
"tag": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.",
"required": false,
"title": "Tag applied on the rule",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A rule represent base properties for ,dfw, forwarding, redirection rule",
"type": "object"
}
BaseRuleListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "BaseRuleListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Rules",
"type": "object"
}
BaseTier0Interface (type)
{
"additionalProperties": false,
"description": "Tier-0 interface configuration for external connectivity.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "BaseTier0Interface",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_relay_path": {
"description": "Policy path of dhcp-relay-config to be attached to this Interface.",
"required": false,
"title": "policy path of referenced dhcp-relay-config",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0Interface",
"Tier1Interface"
],
"relationshipType": "DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"subnets": {
"description": "Specify IP address and network prefix for interface.",
"items": {
"$ref": "InterfaceSubnet
},
"minItems": 1,
"required": true,
"title": "IP address and subnet specification for interface",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Tier-0 interface configuration",
"type": "object"
}
BasicAuthenticationScheme (type)
{
"additionalProperties": false,
"extends": {
"$ref": "AuthenticationScheme
},
"id": "BasicAuthenticationScheme",
"properties": {
"password": {
"required": true,
"sensitive": true,
"title": "Password to authenticate with",
"type": "string"
},
"scheme_name": {
"enum": [
"basic"
],
"required": true,
"title": "Authentication scheme name",
"type": "string"
},
"username": {
"pattern": "^.+$",
"required": true,
"title": "User name to authenticate with",
"type": "string"
}
},
"type": "object"
}
BatchParameter (type)
{
"id": "BatchParameter",
"module_id": "Common",
"properties": {
"atomic": {
"default": false,
"description": "This flag is ignored. Transactional atomicity is no longer supported.",
"required": false,
"title": "Ignored (transactional atomicity flag)",
"type": "boolean"
}
},
"title": "Options that affect how batch operations are processed",
"type": "object"
}
BatchRequest (type)
{
"id": "BatchRequest",
"module_id": "Common",
"properties": {
"continue_on_error": {
"default": true,
"description": "Continue even if an error is encountered.",
"required": false,
"type": "boolean"
},
"requests": {
"items": {
"$ref": "BatchRequestItem
},
"sensitive": true,
"type": "array"
}
},
"title": "A set of operations to be performed in a single batch",
"type": "object"
}
BatchRequestItem (type)
{
"id": "BatchRequestItem",
"module_id": "Common",
"properties": {
"body": {
"type": "object"
},
"method": {
"description": "http method type",
"enum": [
"GET",
"POST",
"PUT",
"DELETE",
"PATCH"
],
"required": true,
"title": "method type(POST/PUT/DELETE/UPDATE)",
"type": "string"
},
"uri": {
"description": "relative uri (path and args), of the call including resource id (if this is a POST/DELETE), exclude hostname and port and prefix, exploded form of parameters",
"required": true,
"title": "Internal uri of the call",
"type": "string"
}
},
"title": "A single request within a batch of operations",
"type": "object"
}
BatchResponse (type)
{
"additionalProperties": false,
"id": "BatchResponse",
"module_id": "Common",
"properties": {
"has_errors": {
"description": "Indicates if any of the APIs failed",
"title": "errors indicator",
"type": "boolean"
},
"results": {
"items": {
"$ref": "BatchResponseItem
},
"required": true,
"title": "Bulk list results",
"type": "array"
},
"rolled_back": {
"description": "Optional flag indicating that all items were rolled back even if succeeded initially",
"title": "indicates if all items were rolled back.",
"type": "boolean"
}
},
"title": "The reponse to a batch operation",
"type": "object"
}
BatchResponseItem (type)
{
"id": "BatchResponseItem",
"module_id": "Common",
"properties": {
"body": {
"description": "object returned by api",
"required": false,
"title": "object returned by api",
"type": "object"
},
"code": {
"description": "http status code",
"required": true,
"title": "object returned by api",
"type": "integer"
},
"headers": {
"description": "The headers returned by the API call",
"title": "object returned by api",
"type": "object"
}
},
"title": "A single respose in a list of batched responses",
"type": "object"
}
BfdHealthMonitoringConfig (type)
{
"description": "Bfd Health Monitoring Options used specific to BFD Transport Zone profiles",
"id": "BfdHealthMonitoringConfig",
"module_id": "PolicyTransportZoneProfile",
"properties": {
"enabled": {
"required": true,
"title": "Whether the heartbeat is enabled. A PATCH or PUT request with \"enabled\" false (with no probe intervals) will set or reset the probe_interval to their default value.",
"type": "boolean"
},
"latency_enabled": {
"description": "The flag is to turn on/off latency. A PATCH or PUT request with \"latency_enabled\" true will enable NSX to send the networking latency data to thrid-party monitoring tools like vRNI.",
"required": false,
"title": "Whether the latency is enabled.",
"type": "boolean"
},
"probe_interval": {
"default": 1000,
"minimum": 300,
"required": false,
"title": "The time interval (in millisec) between probe packets for tunnels between transport nodes.",
"type": "integer"
}
},
"title": "Bfd Health Monitoring Options",
"type": "object"
}
BfdProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "BfdProfile",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"interval": {
"default": 500,
"description": "Time interval between heartbeat packets in milliseconds.",
"maximum": 60000,
"minimum": 50,
"title": "Time interval between heartbeat packets in milliseconds",
"type": "int"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"multiple": {
"default": 3,
"description": "Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down.",
"maximum": 16,
"minimum": 2,
"title": "Declare dead multiple",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Bidirectional Forwarding Detection configuration for BGP peers",
"type": "object"
}
BfdProfileListResult (type)
{
"additionalProperties": false,
"description": "Paged Collection of BfdProfile.",
"extends": {
"$ref": "ListResult
},
"id": "BfdProfileListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Bfd Profile list results.",
"items": {
"$ref": "BfdProfile
},
"required": true,
"title": "Bfd Profile List Results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of BfdProfile",
"type": "object"
}
BgpAddressFamily (type)
{
"additionalProperties": false,
"id": "BgpAddressFamily",
"module_id": "AggSvcLogicalRouter",
"properties": {
"in_prefix_count": {
"description": "Count of in prefixes",
"readonly": true,
"required": false,
"title": "Count of in prefixes",
"type": "integer"
},
"out_prefix_count": {
"description": "Count of out prefixes",
"readonly": true,
"required": false,
"title": "Count of out prefixes",
"type": "integer"
},
"type": {
"description": "BGP address family type",
"enum": [
"IPV4_UNICAST",
"VPNV4_UNICAST",
"IPV6_UNICAST",
"L2VPN_EVPN",
"VPNV6_UNICAST"
],
"readonly": true,
"required": true,
"title": "BGP address family type",
"type": "string"
}
},
"type": "object"
}
BgpBfdConfig (type)
{
"additionalProperties": false,
"id": "BgpBfdConfig",
"module_id": "PolicyConnectivity",
"properties": {
"enabled": {
"default": false,
"description": "Flag to enable BFD cofiguration.",
"title": "Flag to enable BFD cofiguration",
"type": "boolean"
},
"interval": {
"default": 500,
"description": "Time interval between heartbeat packets in milliseconds.",
"maximum": 60000,
"minimum": 50,
"title": "Time interval between heartbeat packets in milliseconds",
"type": "int"
},
"multiple": {
"default": 3,
"description": "Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down.",
"maximum": 16,
"minimum": 2,
"title": "Declare dead multiple",
"type": "int"
}
},
"title": "BFD configuration for BGP peers",
"type": "object"
}
BgpGracefulRestartConfig (type)
{
"additionalProperties": false,
"description": "Configuration field to hold BGP restart mode and timer.",
"id": "BgpGracefulRestartConfig",
"module_id": "PolicyConnectivity",
"properties": {
"mode": {
"default": "HELPER_ONLY",
"description": "If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers.",
"enum": [
"DISABLE",
"GR_AND_HELPER",
"HELPER_ONLY"
],
"required": false,
"title": "BGP Graceful Restart Configuration Mode",
"type": "string"
},
"timer": {
"$ref": "BgpGracefulRestartTimer,
"description": "Configuration field to hold BGP restart timers.",
"title": "BGP Graceful Restart Timer"
}
},
"title": "BGP Graceful Restart Configuration",
"type": "object"
}
BgpGracefulRestartTimer (type)
{
"additionalProperties": false,
"description": "Configuration field to hold BGP restart timers",
"id": "BgpGracefulRestartTimer",
"module_id": "PolicyConnectivity",
"properties": {
"restart_timer": {
"default": 180,
"description": "Maximum time taken (in seconds) for a BGP session to be established after a restart. This can be used to speed up routing convergence by its peer in case the BGP speaker does not come back up after a restart. If the session is not re-established within this timer, the receiving speaker will delete all the stale routes from that peer.",
"maximum": 3600,
"minimum": 1,
"title": "BGP Graceful Restart Timer",
"type": "integer"
},
"stale_route_timer": {
"default": 600,
"description": "Maximum time (in seconds) before stale routes are removed from the RIB (Routing Information Base) when BGP restarts.",
"maximum": 3600,
"minimum": 1,
"title": "BGP Stale Route Timer",
"type": "integer"
}
},
"title": "BGP Graceful Restart Timers",
"type": "object"
}
BgpNeighborConfig (type)
{
"additionalProperties": false,
"description": "Contains information necessary to configure a BGP neighbor.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "BgpNeighborConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"allow_as_in": {
"default": false,
"required": false,
"title": "Flag to enable allowas_in option for BGP neighbor",
"type": "boolean"
},
"bfd": {
"$ref": "BgpBfdConfig,
"description": "BFD configuration for failure detection. BFD is enabled with default values when not configured.",
"title": "BFD configuration for failure detection"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "Flag to enable/disable BGP peering. Disabling will stop the BGP peering. True - indicates enable BGP peering, False - indicates disable BGP peering. Default is True.",
"required": false,
"title": "Flag to enable/disable BGP peering.",
"type": "boolean"
},
"graceful_restart_mode": {
"description": "If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers.",
"enum": [
"DISABLE",
"GR_AND_HELPER",
"HELPER_ONLY"
],
"title": "BGP Graceful Restart Configuration Mode",
"type": "string"
},
"hold_down_time": {
"default": 180,
"description": "Wait time in seconds before declaring peer dead.",
"maximum": 65535,
"minimum": 1,
"title": "Wait time in seconds before declaring peer dead",
"type": "int"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"in_route_filters": {
"deprecated": true,
"description": "Specify path of prefix-list or route map to filter routes for IN direction. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "Prefix-list or route map path for IN direction",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_PREFIX_LIST_RELATIONSHIP",
"rightType": [
"PrefixList"
]
},
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_ROUTE_MAP_RELATIONSHIP",
"rightType": [
"Tier0RouteMap"
]
}
]
},
"keep_alive_time": {
"default": 60,
"description": "Interval (in seconds) between keep alive messages sent to peer.",
"maximum": 65535,
"minimum": 1,
"title": "Interval between keep alive messages sent to peer",
"type": "int"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"maximum_hop_limit": {
"default": 1,
"description": "Maximum number of hops allowed to reach BGP neighbor.",
"maximum": 255,
"minimum": 1,
"title": "Maximum number of hops allowed to reach BGP neighbor",
"type": "int"
},
"neighbor_address": {
"$ref": "IPAddress,
"required": true,
"title": "Neighbor IP Address"
},
"neighbor_local_as_config": {
"$ref": "BgpNeighborLocalAsConfig,
"description": "Configuration field to hold the Local AS config for BGP Neighbor",
"required": false,
"title": "Local as configuration for BGP Neighbor"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"out_route_filters": {
"deprecated": true,
"description": "Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "Prefix-list or route map path for OUT direction",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_PREFIX_LIST_RELATIONSHIP",
"rightType": [
"PrefixList"
]
},
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_ROUTE_MAP_RELATIONSHIP",
"rightType": [
"Tier0RouteMap"
]
}
]
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"password": {
"description": "Specify password for BGP neighbor authentication. Empty string (\"\") clears existing password.",
"maxLength": 32,
"minLength": 0,
"sensitive": true,
"title": "Password",
"type": "secure_string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_as_num": {
"required": true,
"title": "4 Byte ASN of the neighbor in ASPLAIN Format",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"route_filtering": {
"description": "Enable address families and route filtering in each direction.",
"items": {
"$ref": "BgpRouteFiltering
},
"maxItems": 2,
"required": false,
"title": "Enable address families and route filtering in each direction",
"type": "array"
},
"source_addresses": {
"description": "Source addresses should belong to Tier0 external or loopback or VTI interface IP Addresses . BGP peering is formed from all these addresses. This property is mandatory when maximum_hop_limit is greater than 1.",
"items": {
"$ref": "IPAddress
},
"maxItems": 8,
"required": false,
"title": "Source IP Addresses for BGP peering",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_SOURCE_ADDRESS_TIER0_INTERFACE_RELATIONSHIP",
"rightType": [
"Tier0Interface"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "BGP neighbor config",
"type": "object"
}
BgpNeighborConfigListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "BgpNeighborConfigListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Routing Config list request parameters",
"type": "object"
}
BgpNeighborConfigListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "BgpNeighborConfigListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "BgpNeighborConfig
},
"required": true,
"title": "BGP neighbor configs list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of BGP Neighbor Configs",
"type": "object"
}
BgpNeighborLocalAsConfig (type)
{
"additionalProperties": false,
"id": "BgpNeighborLocalAsConfig",
"module_id": "PolicyConnectivity",
"properties": {
"as_path_modifier_type": {
"description": "Optional parameter. If this property is not set, by default BGP prepends neighbor's local_as_num value to the AS_PATH for BOTH outgoing and incoming route advertisements from the peer neighbor. By setting one of the following value, user can modify the default prepend action on the AS_PATH in both inbound and outbound direction. NO_PREPEND: If type is NO_PREPEND, then the local router will NOT prepend the incoming advertisement from that peer with neighbor's local_as_num, so the AS path advertised will now prepend only the BGP local-as of the router. NO_PREPEND_REPLACE_AS - If type is \"NO_PREPEND_REPLACE_AS\", then the local routes will be advertised with the neighbor's local-as instead of the BGP's local-as to peer router.",
"enum": [
"NO_PREPEND",
"NO_PREPEND_REPLACE_AS"
],
"required": false,
"title": "AS_PATH modifier type for BGP local AS",
"type": "string"
},
"local_as_num": {
"description": "Specify local-as number for Tier-0 to advertize to BGP peer. This overrides local_as_num configured in the BgpRoutingConfig object. AS number can be specified in ASPLAIN (e.g., \"65546\") or ASDOT (e.g., \"1.10\") format. It is supported for BgpNeighborConfig under both default tier0 and vrf tier0. When this capability is configured, it enables the BGP to prepend \"local_as_num\" value to the beginning of AS_PATH for BOTH outgoing and incoming route advertisements from the configured neighbor. After prepend, AS_PATH contains both \"neighbor's <local_as_num>\" and BGP's <local_as_num>.",
"required": true,
"title": "BGP neighbor local-as number in ASPLAIN/ASDOT Format",
"type": "string"
}
},
"title": "BGP neighbor local-as configuration",
"type": "object"
}
BgpNeighborRouteDetailsCsvRecord (type)
{
"additionalProperties": false,
"description": "BGP neighbor learned/advertised route details.",
"extends": {
"$ref": "CsvRecord
},
"id": "BgpNeighborRouteDetailsCsvRecord",
"module_id": "AggSvcLogicalRouter",
"properties": {
"as_path": {
"description": "BGP AS path attribute.",
"readonly": true,
"required": false,
"title": "AS path",
"type": "string"
},
"local_pref": {
"description": "BGP Local Preference attribute.",
"readonly": true,
"required": false,
"title": "Local preference",
"type": "integer"
},
"logical_router_id": {
"description": "Logical router id",
"readonly": true,
"required": true,
"title": "Logical router id",
"type": "string"
},
"med": {
"description": "BGP Multi Exit Discriminator attribute.",
"readonly": true,
"required": false,
"title": "Multi Exit Discriminator",
"type": "integer"
},
"neighbor_address": {
"$ref": "IPAddress,
"description": "BGP neighbor peer IP address.",
"readonly": true,
"required": true,
"title": "Neighbor IP address"
},
"neighbor_id": {
"description": "BGP neighbor id",
"readonly": true,
"required": true,
"title": "BGP neighbor id",
"type": "string"
},
"network": {
"$ref": "IPCIDRBlock,
"description": "CIDR network address.",
"readonly": true,
"required": true,
"title": "CIDR network address"
},
"next_hop": {
"$ref": "IPAddress,
"description": "Next hop IP address.",
"readonly": true,
"required": false,
"title": "Next hop IP address"
},
"source_address": {
"$ref": "IPAddress,
"description": "BGP neighbor source address.",
"readonly": true,
"required": false,
"title": "BGP neighbor source address"
},
"transport_node_id": {
"description": "Transport node id",
"readonly": true,
"required": true,
"title": "Transport node id",
"type": "string"
},
"weight": {
"description": "BGP Weight attribute.",
"readonly": true,
"required": false,
"title": "Weight",
"type": "integer"
}
},
"title": "BGP neighbor route details",
"type": "object"
}
BgpNeighborRouteDetailsInCsvFormat (type)
{
"extends": {
"$ref": "CsvListResult
},
"id": "BgpNeighborRouteDetailsInCsvFormat",
"module_id": "AggSvcLogicalRouter",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"results": {
"items": {
"$ref": "BgpNeighborRouteDetailsCsvRecord
},
"required": false,
"type": "array"
}
},
"type": "object"
}
BgpNeighborRoutes (type)
{
"additionalProperties": false,
"description": "BGP neighbor learned/advertised route details.",
"id": "BgpNeighborRoutes",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"edge_node_routes": {
"description": "Array of BGP neighbor route details per edge node.",
"items": {
"$ref": "RoutesPerTransportNode
},
"readonly": true,
"required": false,
"title": "Route details per transport node",
"type": "array"
},
"enforcement_point_path": {
"readonly": true,
"required": true,
"title": "Enforcement point policy path",
"type": "string"
},
"neighbor_path": {
"readonly": true,
"required": true,
"title": "BGP neighbor policy path",
"type": "string"
}
},
"title": "BGP neighbor route details",
"type": "object"
}
BgpNeighborRoutesListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "BgpNeighborRoutesListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Paged Collection of Bgp neighbor routes.",
"items": {
"$ref": "BgpNeighborRoutes
},
"required": false,
"title": "Paged Collection of Bgp neighbor routes",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
BgpRouteFiltering (type)
{
"additionalProperties": false,
"id": "BgpRouteFiltering",
"module_id": "PolicyConnectivity",
"properties": {
"address_family": {
"description": "Address family type. If not configured, this property automatically derived for IPv4 & IPv6 peer configuration.",
"enum": [
"IPV4",
"IPV6",
"L2VPN_EVPN"
],
"title": "Address family type",
"type": "string"
},
"enabled": {
"default": true,
"description": "Flag to enable address family.",
"title": "Enable address family",
"type": "boolean"
},
"in_route_filters": {
"description": "Specify path of prefix-list or route map to filter routes for IN direction.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "Prefix-list or route map path for IN direction",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_PREFIX_LIST_RELATIONSHIP",
"rightType": [
"PrefixList"
]
},
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_ROUTE_MAP_RELATIONSHIP",
"rightType": [
"Tier0RouteMap"
]
}
]
},
"maximum_routes": {
"description": "Maximum number of routes for the address family.",
"maximum": 1000000,
"minimum": 1,
"required": false,
"title": "Maximum number of routes for the address family",
"type": "int"
},
"out_route_filters": {
"description": "Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "Prefix-list or route map path for OUT direction",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_PREFIX_LIST_RELATIONSHIP",
"rightType": [
"PrefixList"
]
},
{
"leftType": [
"BgpNeighborConfig"
],
"relationshipType": "BGP_NEIGHBOR_ROUTE_MAP_RELATIONSHIP",
"rightType": [
"Tier0RouteMap"
]
}
]
}
},
"title": "Enable address_families and route filtering in each direction",
"type": "object"
}
BgpRouteLeaking (type)
{
"additionalProperties": false,
"id": "BgpRouteLeaking",
"module_id": "PolicyConnectivity",
"properties": {
"address_family": {
"description": "Address family type. Assumed IPv4 address family when not specified.",
"enum": [
"IPV4",
"IPV6"
],
"title": "Address family type",
"type": "string"
},
"in_filter": {
"description": "Specify path of route map to filter routes for IN direction. If not specified then all exported routes from peer attachment will be imported.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "route map path for IN direction",
"type": "array"
},
"out_filter": {
"description": "Specify path of route map to filter routes for OUT direction. If not specified then all redistribute routes will be exported.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "route map path for OUT direction",
"type": "array"
}
},
"title": "BGP route leaking in each direction",
"type": "object"
}
BgpRoutesRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "BaseListRequestParameters
},
"id": "BgpRoutesRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"count": {
"default": 1000,
"description": "Number of routes to return in response. Not used when routes are requested in CSV format.",
"minimum": 1,
"title": "Number of routes to retrieve",
"type": "int"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.",
"title": "Enforcement point path",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "BGP Routes request parameters",
"type": "object"
}
BgpRoutingConfig (type)
{
"additionalProperties": false,
"description": "Contains BGP routing configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "BgpRoutingConfig",
"module_id": "PolicyConnectivity",
"policy_hierarchical_children": [
"ChildBgpNeighborConfig"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"ebgp_admin_distance": {
"default": 20,
"description": "Administrative distance for IPv4 and IPv6 eBGP learnt routes(inbound). User is allowed to set this value only if BGP is disabled.",
"maximum": 255,
"minimum": 1,
"required": false,
"title": "eBGP route administrative distance",
"type": "int"
},
"ecmp": {
"description": "Flag to enable ECMP.",
"required": false,
"title": "Flag to enable ECMP",
"type": "boolean"
},
"enabled": {
"description": "Flag to enable BGP configuration. Disabling will stop feature and BGP peering.",
"required": false,
"title": "Flag to enable BGP configuration",
"type": "boolean"
},
"graceful_restart": {
"deprecated": true,
"description": "Flag to enable graceful restart. This field is deprecated, please use graceful_restart_config parameter for graceful restart configuration. If both parameters are set and consistent with each other (i.e. graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR graceful_restart=true and graceful_restart_mode=GR_AND_HELPER) then this is allowed, but if inconsistent with each other then this is not allowed and validation error will be thrown.",
"required": false,
"title": "Flag to enable graceful restart",
"type": "boolean"
},
"graceful_restart_config": {
"$ref": "BgpGracefulRestartConfig,
"description": "Configuration field to hold BGP Restart mode and timer.",
"title": "BGP Graceful Restart Configuration"
},
"ibgp_admin_distance": {
"default": 200,
"description": "Administrative distance for IPv4 and IPv6 iBGP learnt routes(inbound). User is allowed to set this value only if BGP is disabled.",
"maximum": 255,
"minimum": 1,
"required": false,
"title": "iBGP route administrative distance",
"type": "int"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"inter_sr_ibgp": {
"description": "Flag to enable inter SR IBGP configuration. When not specified, inter SR IBGP is automatically enabled if Tier-0 is created in ACTIVE_ACTIVE ha_mode.",
"required": false,
"title": "Enable inter SR IBGP configuration",
"type": "boolean"
},
"local_as_num": {
"description": "Specify BGP AS number for Tier-0 to advertize to BGP peers. AS number can be specified in ASPLAIN (e.g., \"65546\") or ASDOT (e.g., \"1.10\") format. Empty string disables BGP feature. It is required by normal tier0 but not required in vrf tier0.",
"required": false,
"title": "BGP AS number in ASPLAIN/ASDOT Format",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"multipath_relax": {
"description": "Flag to enable BGP multipath relax option.",
"required": false,
"title": "Flag to enable BGP multipath relax option",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"route_aggregations": {
"description": "List of routes to be aggregated.",
"items": {
"$ref": "RouteAggregationEntry
},
"maxItems": 1000,
"required": false,
"title": "List of routes to be aggregated",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "BGP routing config",
"type": "object"
}
BinaryPacketData (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PacketData
},
"id": "BinaryPacketData",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "BinaryPacketData"
},
"properties": {
"frame_size": {
"default": 128,
"description": "If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.",
"maximum": 1000,
"minimum": 60,
"required": false,
"title": "Requested total size of the (logical) packet in bytes",
"type": "integer"
},
"payload": {
"description": "Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload must contain all headers (Ethernet, IP, etc). Note that VLAN is not supported in the logical space. Hence, payload must not contain 802.1Q headers.",
"maxLength": 1336,
"required": false,
"title": "RFC3548 compatible base64 encoded full payload",
"type": "string"
},
"resource_type": {
"default": "FieldsPacketData",
"enum": [
"BinaryPacketData",
"FieldsPacketData"
],
"required": true,
"title": "Packet configuration",
"type": "string"
},
"routed": {
"description": "When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. However, this flag will not be effective when injecting the traceflow packet to a VLAN backed port. This is because the gateway in this case is a physical gateway that is outside the scope of NSX. Therefore, users need to manually populate the gateway MAC address. If the user still sets this flag in this case, a validation error will be thrown. The scenario where a user injects a packet with a VLAN tag into a parent port is referred to as the traceflow container case. Please note that the value of `routed` depends on the connected network of the child segment rather than the connected network of segment of the parent port in this case. Here is the explanation: The parent port in this context is the port on a segment which is referred to by a SegmentConnectionBindingMap. The bound segment of the SegmentConnectionBindingMap is the child segment. The user-crafted traceflow packet will be directly forwarded to the corresponding child segment of the parent port without interacting with any layer 2 forwarding/layer 3 routing in this scenario. The crafted packet will follow the forwarding/routing polices of the child segment's connected network. For example, if a user injects a crafted packet to port_p, and the segment (seg_p) of port_p is referred to by the binding map m1, where m1 is bound to segment seg_c, and the destination port (port_d) of the packet is the VM vNIC connected to seg_p. Although port_p and port_d are on the same segment, the 'routed' value should be set to true if the user expects the crafted packet to be correctly delivered to the destination. This is because the child segments seg_c and seg_d are on different segments and require router interaction to communicate.",
"required": false,
"title": "Awareness of logical routing",
"type": "boolean"
},
"transport_type": {
"default": "UNICAST",
"description": "This type takes effect only for IP packet.",
"enum": [
"BROADCAST",
"UNICAST",
"MULTICAST",
"UNKNOWN"
],
"required": false,
"title": "Transport type of the traceflow packet",
"type": "string"
}
},
"type": "object"
}
BridgeEndpointStatistics (type)
{
"extends": {
"$ref": "AggregatedDataCounter
},
"id": "BridgeEndpointStatistics",
"module_id": "AggSvcBridging",
"properties": {
"endpoint_id": {
"readonly": true,
"required": true,
"title": "The id of the bridge endpoint",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"rx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"rx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
}
},
"type": "object"
}
BridgeEndpointStatus (type)
{
"id": "BridgeEndpointStatus",
"module_id": "AggSvcBridging",
"properties": {
"active_nodes": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "The Ids of the transport nodes which actively serve the endpoint.",
"type": "array"
},
"endpoint_id": {
"readonly": true,
"required": true,
"title": "The id of the bridge endpoint",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
}
},
"type": "object"
}
BridgeProfileConfig (type)
{
"additionalProperties": false,
"description": "configuration parameters for Bridge Profile",
"id": "BridgeProfileConfig",
"module_id": "PolicyConnectivity",
"properties": {
"bridge_profile_path": {
"description": "Same bridge profile can be configured on different segments. Each bridge profile on a segment must unique.",
"required": true,
"title": "Policy path to L2 Bridge profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "SEGMENT_BRIDGE_PROFILE_RELATIONSHIP",
"rightType": [
"L2BridgeEndpointProfile"
]
},
{
"leftType": [
"VpcSubnetBridgeProfile"
],
"relationshipType": "VPC_SUBNET_BRIDGE_PROFILE_RELATIONSHIP",
"rightType": [
"L2BridgeEndpointProfile"
]
}
]
},
"uplink_teaming_policy_name": {
"description": "The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one of the switching uplink teaming policy names listed in the VLAN transport zone specified by the property \"vlan_transport_zone_path\". When this property is not specified, the default teaming policy of the host-switch is assigned. Do not set a value when the 'bridge_profile_path' is the path of L2DistributedBridgeEndpointProfile.",
"title": "Uplink Teaming Policy Name",
"type": "string"
},
"vlan_ids": {
"description": "VLAN specification for bridge endpoint. Either VLAN ID or VLAN ranges can be specified. Not both.",
"items": {
"type": "string"
},
"required": true,
"title": "VLAN IDs",
"type": "array"
},
"vlan_transport_zone_path": {
"description": "The path of the VLAN transport zone that represents the underlay L2 zone in which the VLANs will be bridged to overlay segments. A unique VLAN transport zone should be assigned to each underlay L2 zone when needed for bridging. If two VLANs in two underlay L2 zones are combined together as one L2 broadcast-domain by certain L2 extension, the two underlay L2 zones still should have two different VLAN transport zones assigned to them. It is optional for distributed-bridging but required for other bridging modes. If it is not given, the distributed bridge will span all ESX transport nodes in the overlay transport zone of the segment that contains this profile.",
"required": false,
"title": "Policy path of the VLAN transport zone assigned to the underlay L2 zone for bridging.",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment",
"VpcSubnetBridgeProfile"
],
"relationshipType": "_UNOPTIMIZED_RELATIONSHIP_",
"rightType": [
"PolicyTransportZone"
]
}
]
}
},
"title": "Bridge Profile Configuration",
"type": "object"
}
BridgeProfileRequestParameters (type)
{
"additionalProperties": false,
"id": "BridgeProfileRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"bridge_profile_path": {
"description": "Policy path of Bridge profile using which a bridge end point was created.",
"required": true,
"title": "Bridge profile path",
"type": "string"
},
"enforcement_point_path": {
"description": "Enforcement point path.",
"title": "String Path of the enforcement point",
"type": "string"
}
},
"title": "Bridge profile request parameters",
"type": "object"
}
ByodPolicyServiceInstance (type)
{
"additionalProperties": false,
"description": "Represents an instance of partner's service whose wiring will be done by partner itself. As partner does all the wiring, we call it as Byod - Bring your own device.",
"extends": {
"$ref": "BasePolicyServiceInstance
},
"id": "ByodPolicyServiceInstance",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ByodPolicyServiceInstance"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"deployment_mode": {
"default": "ACTIVE_STANDBY",
"description": "Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.",
"enum": [
"STAND_ALONE",
"ACTIVE_STANDBY"
],
"readonly": false,
"required": false,
"title": "Deployment Mode",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"partner_service_name": {
"description": "Unique name of Partner Service in the Marketplace",
"required": true,
"title": "Name of Partner Service",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_type": {
"default": "L2_BRIDGE",
"description": "Transport to be used while deploying Service-VM.",
"enum": [
"L2_BRIDGE",
"L3_ROUTED"
],
"readonly": false,
"required": false,
"title": "Transport Type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents instance of self wiring partner's service",
"type": "object"
}
CCPUpgradeStatus (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ComponentUpgradeStatus
},
"id": "CCPUpgradeStatus",
"module_id": "Upgrade",
"properties": {
"can_rollback": {
"description": "This field indicates whether we can perform upgrade rollback.",
"readonly": true,
"required": false,
"title": "Can perform rollback",
"type": "boolean"
},
"can_skip": {
"readonly": true,
"required": false,
"title": "Can the upgrade of the remaining units in this component be skipped",
"type": "boolean"
},
"component_type": {
"readonly": true,
"required": false,
"title": "Component type for the upgrade status",
"type": "string"
},
"current_version_node_summary": {
"$ref": "NodeSummaryList,
"readonly": true,
"required": false,
"title": "Mapping of current versions of nodes and counts of nodes at the respective versions."
},
"details": {
"readonly": true,
"required": false,
"title": "Details about the upgrade status",
"type": "string"
},
"node_count_at_target_version": {
"description": "Number of nodes of the type and at the component version",
"readonly": true,
"required": false,
"title": "Count of nodes at target component version",
"type": "int"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"pre_upgrade_status": {
"$ref": "UpgradeChecksExecutionStatus,
"readonly": true,
"required": false,
"title": "Pre-upgrade status of the component-type"
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Upgrade status of component",
"type": "string"
},
"target_component_version": {
"readonly": true,
"required": false,
"title": "Target component version",
"type": "string"
}
},
"title": "Status of CCP upgrade",
"type": "object"
}
CNSGroupAssociationRequestParams (type)
{
"additionalProperties": false,
"description": "List request parameters containing Cloud Native service external ID and enforcement point path",
"extends": {
"$ref": "RealizationListRequestParameters
},
"id": "CNSGroupAssociationRequestParams",
"module_id": "PolicyGroupRealization",
"properties": {
"cns_external_id": {
"required": true,
"title": "Cloud Native Service external ID",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List request parameters containing Cloud Native Service external ID and enforcement point path",
"type": "object"
}
CaBundle (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "CaBundle",
"module_id": "PolicyCertificate",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"certificates": {
"description": "X509Certificates in the bundle",
"items": {
"$ref": "X509Certificate
},
"readonly": true,
"required": false,
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"earliest_not_after": {
"$ref": "EpochMsTimestamp,
"description": "The earliest time in epoch milliseconds at which a certificate becomes invalid.",
"readonly": true,
"required": false
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"not_after_list": {
"description": "Times for each certificate in the bundle at which the certificate becomes invalid.",
"items": {
"$ref": "EpochMsTimestamp
},
"readonly": true,
"required": false,
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pem_encoded": {
"description": "PEM-encoded CA bundle certificates.",
"readonly": false,
"required": true,
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "CA certificates bundle",
"type": "object"
}
CaBundleListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "CaBundleListResult",
"module_id": "PolicyCertificate",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "CA bundles list.",
"items": {
"$ref": "CaBundle
},
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "CA Bundle query result",
"type": "object"
}
CdpStatusType (type)
{
"enum": [
"NOT_READY",
"FETCHING",
"READY",
"ERROR"
],
"id": "CdpStatusType",
"module_id": "CertificateManager",
"title": "Status types supported of the CrlDistributionPoint",
"type": "string"
}
CentralConfigProperties (type)
{
"id": "CentralConfigProperties",
"properties": {
"local_override": {
"required": true,
"title": "Override Central Config",
"type": "boolean"
}
},
"title": "Central Config properties",
"type": "object"
}
Certificate (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "Certificate",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "Different categories of certificates to distinguish stored certificates. 'APPLIANCE_CERTIFICATE' are certs used by this cluster. 'PRINCIPAL_IDENTITY_CERTIFICATE' used by LM and GM for mutual auth. 'SITE_CERTIFICATE' are certificate of different sites. 'UNUSED_CERTIFICATE' are certs which are not applied yet. 'POLICY_CERTIFICATE' used for external services. 'OTHER_CERTIFICATE' is category for any certificate which is not identified.",
"enum": [
"OTHER_CERTIFICATE",
"APPLIANCE_CERTIFICATE",
"PRINCIPAL_IDENTITY_CERTIFICATE",
"SITE_CERTIFICATE",
"UNUSED_CERTIFICATE",
"POLICY_CERTIFICATE"
],
"readonly": true,
"required": false,
"title": "Category",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"details": {
"description": "List of X509Certificates.",
"items": {
"$ref": "X509Certificate
},
"readonly": true,
"required": false,
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"has_private_key": {
"default": false,
"description": "Whether we have the private key for this certificate.",
"readonly": true,
"required": true,
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"leaf_certificate_sha_256_thumbprint": {
"description": "Unique SHA-256 thumbprint of the leaf node certificate.",
"readonly": true,
"required": false,
"title": "Certificate thumbprint",
"type": "string"
},
"pem_encoded": {
"description": "PEM encoded certificate data.",
"readonly": false,
"required": true,
"type": "string"
},
"purpose": {
"description": "Purpose of this certificate. Can be empty or set to \"signing-ca\".",
"enum": [
"signing-ca"
],
"readonly": false,
"required": false,
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"used_by": {
"description": "List of node IDs with services, that are using this certificate.",
"items": {
"$ref": "NodeIdServicesMap
},
"readonly": true,
"required": false,
"type": "array"
}
},
"type": "object"
}
CertificateBinding (type)
{
"description": "Details on applied certificate.",
"id": "CertificateBinding",
"module_id": "CertificateManager",
"nsx_feature": "CertificateBatchOperations",
"properties": {
"certificate_id": {
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Certificate Id",
"type": "string"
},
"node_id": {
"description": "Node Id to which this certificate is applied to.",
"readonly": false,
"required": false,
"title": "Node Id",
"type": "string"
},
"service_type": {
"$ref": "ServiceType,
"description": "Service Type of the CertificateProfile to which the certificate is applied to.",
"readonly": false,
"required": true,
"title": "Service Type"
}
},
"title": "Certificate binding",
"type": "object"
}
CertificateCheckingStatus (type)
{
"additionalProperties": false,
"id": "CertificateCheckingStatus",
"module_id": "CertificateManager",
"properties": {
"error_message": {
"description": "Error message when checking the certificate.",
"readonly": true,
"required": false,
"title": "Error Message",
"type": "string"
},
"status": {
"$ref": "CertificateCheckingStatusType,
"description": "Status of the checked certificate.",
"readonly": true,
"required": true,
"title": "Status"
}
},
"title": "Result of checking a certificate",
"type": "object"
}
CertificateCheckingStatusType (type)
{
"enum": [
"OK",
"CRL_NOT_READY",
"REJECTED",
"ERROR"
],
"id": "CertificateCheckingStatusType",
"module_id": "CertificateManager",
"title": "Status types returned when checking a certificate",
"type": "string"
}
CertificateClass (type)
{
"enum": [
"REST",
"RPC",
"CBM",
"FEDERATION"
],
"id": "CertificateClass",
"module_id": "CertificateManager",
"nsx_feature": "CertificateBatchOperations",
"title": "Certificate Class",
"type": "string"
}
CertificateData (type)
{
"additionalProperties": false,
"id": "CertificateData",
"module_id": "InventoryCmObj",
"properties": {
"pem_encoded": {
"description": "PEM encoded certificate data.",
"readonly": false,
"required": true,
"title": "PEM encoded certificate data",
"type": "string"
},
"private_key": {
"description": "Private key of certificate.",
"readonly": false,
"required": true,
"sensitive": true,
"title": "Private key of certificate",
"type": "secure_string"
}
},
"type": "object"
}
CertificateId (type)
{
"additionalProperties": false,
"id": "CertificateId",
"properties": {
"certificate_id": {
"readonly": true,
"required": true,
"title": "Certificate ID",
"type": "string"
}
},
"type": "object"
}
CertificateList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "CertificateList",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Certificate list.",
"items": {
"$ref": "Certificate
},
"readonly": true,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Certificate queries result",
"type": "object"
}
CertificateOperationStatus (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CertificateBinding
},
"id": "CertificateOperationStatus",
"module_id": "CertificateManager",
"nsx_feature": "CertificateBatchOperations",
"properties": {
"affected_services": {
"description": "A comma-separated list of services that may be affected or interrupted when this certificate operation occurs.",
"readonly": true,
"required": false,
"title": "Affected services",
"type": "string"
},
"certificate_id": {
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Certificate Id",
"type": "string"
},
"certificate_name": {
"description": "Required field presenting new certificate name in certificate replacement operation, or the certificate to be deleted.",
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": true,
"required": true,
"title": "Name of the new certificate.",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"description": "The end time of this certificate operation in epoch milliseconds",
"readonly": true,
"required": false,
"title": "End time"
},
"estimated_duration": {
"description": "Estimated time duration in seconds for this certificate operation.",
"readonly": true,
"required": false,
"title": "Estimated duration",
"type": "integer"
},
"id": {
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": true,
"required": true,
"title": "Unique ID of the operation.",
"type": "string"
},
"message": {
"description": "Localized text explaining the details of the error or deprecation warning and remedial steps to be taken.",
"readonly": true,
"required": false,
"title": "Message",
"type": "string"
},
"node_id": {
"description": "Node Id to which this certificate is applied to.",
"readonly": false,
"required": false,
"title": "Node Id",
"type": "string"
},
"old_certificate_id": {
"description": "Optional field presenting old certificate id in certificate replacement operation.",
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": true,
"required": false,
"title": "Id of the old certificate",
"type": "string"
},
"old_certificate_name": {
"description": "Optional field presenting old certificate name in certificate replacement operation.",
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": true,
"required": false,
"title": "Name of the old certificate",
"type": "string"
},
"operation_type": {
"description": "Type of operation used for the batch.",
"enum": [
"REPLACE",
"DELETE"
],
"readonly": true,
"required": true,
"title": "Operation Type",
"type": "string"
},
"service_type": {
"$ref": "ServiceType,
"description": "Service Type of the CertificateProfile to which the certificate is applied to.",
"readonly": false,
"required": true,
"title": "Service Type"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"description": "The start time of this certificate operation in epoch milliseconds",
"readonly": true,
"required": false,
"title": "Start time"
},
"status": {
"description": "Status of this certificate operation",
"enum": [
"OK",
"ERROR",
"PENDING",
"ABORTED"
],
"readonly": true,
"required": true,
"title": "Status",
"type": "string"
}
},
"title": "Status of a certificate operation",
"type": "object"
}
CertificateProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "CertificateProfile",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"abort_on_error": {
"description": "If this field is true, the certificate batch operation would be aborted if an error occurs during the replacement operation for this certificate profile.",
"nsx_feature": "CertificateBatchOperations",
"readonly": true,
"required": false,
"title": "Abort when there's an error",
"type": "boolean"
},
"affected_services": {
"description": "A comma-separated list of service names that may be affected/interrupted when replacing the certificate for this service-type.",
"nsx_feature": "CertificateBatchOperations",
"readonly": true,
"required": false,
"title": "Affected Services",
"type": "string"
},
"certificate_class": {
"$ref": "CertificateClass,
"description": "Service-types that are in a 'class'' cannot be share a certificate with a service in another 'class'.",
"nsx_feature": "CertificateBatchOperations",
"readonly": true,
"required": false,
"title": "Category"
},
"cluster_certificate": {
"description": "True if this is for a cluster certificate",
"readonly": true,
"required": true,
"title": "Cluster Certificate",
"type": "boolean"
},
"deprecated_in_version": {
"description": "Version in which this certificate profile was deprecated.",
"nsx_feature": "CertificateBatchOperations",
"readonly": true,
"required": false,
"title": "Deprecated in version",
"type": "string"
},
"description": {
"description": "A longer description what the service-type is used for.",
"nsx_feature": "CertificateBatchOperations",
"readonly": true,
"required": false,
"title": "Description",
"type": "string"
},
"extended_key_usage": {
"description": "Indicating whether this certificate is used for server-auth, client-auth or both.",
"items": {
"$ref": "CertificateUsageType
},
"readonly": true,
"required": true,
"title": "Extended Key Usage",
"type": "array"
},
"node_type": {
"description": "List of types of node this certificate applies to.",
"items": {
"$ref": "NodeType
},
"readonly": true,
"required": true,
"title": "Node Type",
"type": "array"
},
"processing_order": {
"description": "The order in which service-type certificates are replaced in a batch-replace.",
"nsx_feature": "CertificateBatchOperations",
"readonly": true,
"required": false,
"title": "Processing Order",
"type": "integer"
},
"profile_name": {
"readonly": true,
"required": true,
"title": "Certificate Profile Name",
"type": "string"
},
"replacement_duration": {
"description": "The estimated amount of time it takes to replace the certificate for this service-type, in seconds.",
"nsx_feature": "CertificateBatchOperations",
"readonly": true,
"required": false,
"title": "Processing Duration",
"type": "integer"
},
"requires_private_key": {
"description": "True if this certificate needs a private key.",
"readonly": true,
"required": true,
"title": "Requires Private Key",
"type": "boolean"
},
"service_type": {
"$ref": "ServiceType,
"description": "A short and unique name for the type of service this certificate is used for.",
"readonly": true,
"required": true,
"title": "Unique Service Type"
},
"summary": {
"description": "A short phrase what this service-type is for.",
"nsx_feature": "CertificateBatchOperations",
"readonly": true,
"required": false,
"title": "Summary",
"type": "string"
},
"unique_use": {
"description": "True if the certificate used for this service-type cannot be used anywhere else.",
"readonly": true,
"required": true,
"title": "Unique Use",
"type": "boolean"
}
},
"type": "object"
}
CertificateProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "CertificateProfileListResult",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "CertificateProfile list.",
"items": {
"$ref": "CertificateProfile
},
"readonly": false,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "CertificateProfile query result",
"type": "object"
}
CertificateRenewalParameters (type)
{
"additionalProperties": false,
"id": "CertificateRenewalParameters",
"module_id": "CertificateManager",
"properties": {
"force": {
"default": false,
"description": "If true, perform certificate renewal even if blocked.",
"title": "Force renewal of certificates\n",
"type": "boolean"
}
},
"title": "Parameters that affect how certificate renewals are processed",
"type": "object"
}
CertificateReplacementConfig (type)
{
"id": "CertificateReplacementConfig",
"module_id": "CertificateManager",
"nsx_feature": "CertificateBatchOperations",
"properties": {
"new_certificate_id": {
"description": "Id of the certificate which will replace the old certificate. This is optional field. If not specified, and if the old certificate is a self-signed certificate, a fresh self-signed will be generated with identical attributes as the old certificate.",
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": false,
"title": "Id of the new certificate",
"type": "string"
},
"old_certificate_id": {
"description": "Id of the currently used certificate which needs to be replaced.",
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Id of the old certificate",
"type": "string"
}
},
"title": "Configuration for a certificate replacement operation",
"type": "object"
}
CertificateUsageType (type)
{
"enum": [
"SERVER",
"CLIENT"
],
"id": "CertificateUsageType",
"module_id": "CertificateManager",
"title": "Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER",
"type": "string"
}
CertificatesBatchOperationResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "CertificatesBatchOperationResult",
"module_id": "CertificateManager",
"nsx_feature": "CertificateBatchOperations",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"description": "The end time of this certificate batch operation in epoch milliseconds",
"readonly": true,
"required": false,
"title": "End time"
},
"pending_estimated_duration": {
"description": "Sum of estimated duration of pending certificate operations.",
"readonly": true,
"required": false,
"title": "Pending estimated duration",
"type": "integer"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "List of certificate operation statuses.",
"items": {
"$ref": "CertificateOperationStatus
},
"readonly": true,
"required": true,
"title": "Batch results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"description": "The start time of this certificate batch operation in epoch milliseconds",
"readonly": true,
"required": false,
"title": "Start time"
},
"total_estimated_duration": {
"description": "Sum of estimated duration of all certificate operations.",
"readonly": true,
"required": false,
"title": "Total estimated duration",
"type": "integer"
}
},
"title": "Result of certificates batch operation",
"type": "object"
}
CertificatesBatchReplacementRequest (type)
{
"additionalProperties": false,
"id": "CertificatesBatchReplacementRequest",
"module_id": "CertificateManager",
"nsx_feature": "CertificateBatchOperations",
"properties": {
"certificate_replacements": {
"description": "List of certificate replacement operation configurations.",
"items": {
"$ref": "CertificateReplacementConfig
},
"readonly": false,
"required": true,
"type": "array"
}
},
"title": "Request for batch replacement of certificates",
"type": "object"
}
ChildAntreaTraceflowConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper for AntreaTraceflowConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildAntreaTraceflowConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildAntreaTraceflowConfig"
},
"properties": {
"TraceflowConfig": {
"$ref": "AntreaTraceflowConfig,
"description": "Contains the actual AntreaTraceflowConfig object.",
"required": true,
"title": "AntreaTraceflowConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for AnteaTraceflowConfig",
"type": "object"
}
ChildBfdProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper for BfdProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildBfdProfile",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildBfdProfile"
},
"properties": {
"BfdProfile": {
"$ref": "BfdProfile,
"description": "Contains the actual BfdProfile object.",
"required": true,
"title": "Bfd Profile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for BfdProfile",
"type": "object"
}
ChildBgpNeighborConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for BgpNeighborConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildBgpNeighborConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildBgpNeighborConfig"
},
"properties": {
"BgpNeighborConfig": {
"$ref": "BgpNeighborConfig,
"description": "Contains the actual BgpNeighborConfig object.",
"required": true,
"title": "BgpNeighborConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for BgpNeighborConfig",
"type": "object"
}
ChildBgpRoutingConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for BgpRoutingConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildBgpRoutingConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildBgpRoutingConfig"
},
"properties": {
"BgpRoutingConfig": {
"$ref": "BgpRoutingConfig,
"description": "Contains the actual BgpRoutingConfig object.",
"required": true,
"title": "BgpRoutingConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for BgpRoutingConfig",
"type": "object"
}
ChildByodPolicyServiceInstance (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ByodPolicyServiceInstance used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildByodPolicyServiceInstance",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildByodPolicyServiceInstance"
},
"properties": {
"ByodPolicyServiceInstance": {
"$ref": "ByodPolicyServiceInstance,
"description": "Contains actual ByodPolicyServiceInstance.",
"required": true,
"title": "ByodPolicyServiceInstance"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ByodPolicyServiceInstance",
"type": "object"
}
ChildCaBundle (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildCaBundle",
"module_id": "PolicyCertificate",
"polymorphic-type-descriptor": {
"type-identifier": "ChildCaBundle"
},
"properties": {
"CaBundle": {
"$ref": "CaBundle,
"description": "Contains the actual CaBundle object.",
"required": true,
"title": "CaBundle"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Child wrapper for CA certificates bundle, used in hierarchical API.",
"type": "object"
}
ChildCommunicationEntry (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for CommunicationEntry, used in hierarchical API This type is deprecated. Use the type ChildRule instead.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildCommunicationEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildCommunicationEntry"
},
"properties": {
"CommunicationEntry": {
"$ref": "CommunicationEntry,
"description": "Contains the actual CommunicationEntry object.",
"required": true,
"title": "CommunicationEntry"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for CommunicationEntry",
"type": "object"
}
ChildCommunicationMap (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for CommunicationMap, used in hierarchical API This type is deprecated. Use the type ChildSecurityPolicy instead.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildCommunicationMap",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildCommunicationMap"
},
"properties": {
"CommunicationMap": {
"$ref": "CommunicationMap,
"description": "Contains the actual CommunicationMap object.",
"required": true,
"title": "CommunicationMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for CommunicationMap",
"type": "object"
}
ChildCommunityList (type)
{
"additionalProperties": false,
"description": "Child wrapper object for CommunityList, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildCommunityList",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildCommunityList"
},
"properties": {
"CommunityList": {
"$ref": "CommunityList,
"description": "Contains the actual CommunityList object",
"required": true,
"title": "CommunityList"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for CommunityList",
"type": "object"
}
ChildComputeClusterIdfwConfiguration (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildComputeClusterIdfwConfiguration",
"module_id": "PolicyFirewallConfiguration",
"polymorphic-type-descriptor": {
"type-identifier": "ChildComputeClusterIdfwConfiguration"
},
"properties": {
"ComputeClusterIdfwConfiguration": {
"$ref": "ComputeClusterIdfwConfiguration,
"description": "Contains the actual compute cluster idfw configuration object.",
"required": true,
"title": "ComputeClusterIdfwConfiguration"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ComputeClusterIdfwConfiguration",
"type": "object"
}
ChildConstraint (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Constraint, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildConstraint",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"type-identifier": "ChildConstraint"
},
"properties": {
"Constraint": {
"$ref": "Constraint,
"description": "Contains the actual Constraint object",
"required": true,
"title": "Constraint"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Constraint",
"type": "object"
}
ChildConstraintGlobalConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ConstraintGlobalConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildConstraintGlobalConfig",
"module_id": "Policy",
"properties": {
"GlobalConfig": {
"$ref": "ConstraintGlobalConfig,
"description": "Settings to Constraint global configs in NSX/NSX+ application platform.",
"required": true,
"title": "ConstraintGlobalConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ConstraintGlobalConfig",
"type": "object"
}
ChildDeploymentZone (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for DeploymentZone, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDeploymentZone",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "ChildDeploymentZone"
},
"properties": {
"DeploymentZone": {
"$ref": "DeploymentZone,
"description": "Contains the actual DeploymentZone object",
"required": true,
"title": "DeploymentZone"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for DeploymentZone",
"type": "object"
}
ChildDfwFirewallConfiguration (type)
{
"additionalProperties": false,
"experimental": true,
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDfwFirewallConfiguration",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildDfwFirewallConfiguration"
},
"properties": {
"DfwFirewallConfiguration": {
"$ref": "DfwFirewallConfiguration,
"description": "Contains the actual dfw firewall configuration list object.",
"required": true,
"title": "Dfw Firewall Configuration"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for FirewallConfiguration",
"type": "object"
}
ChildDhcpRelayConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for DhcpRelayConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDhcpRelayConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildDhcpRelayConfig"
},
"properties": {
"DhcpRelayConfig": {
"$ref": "DhcpRelayConfig,
"description": "Contains the actual DhcpRelayConfig object",
"required": true,
"title": "DhcpRelayConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for DhcpRelayConfig",
"type": "object"
}
ChildDhcpServerConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for DhcpServerConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDhcpServerConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildDhcpServerConfig"
},
"properties": {
"DhcpServerConfig": {
"$ref": "DhcpServerConfig,
"description": "Contains the actual DhcpServerConfig object",
"required": true,
"title": "DhcpServerConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for DhcpServerConfig",
"type": "object"
}
ChildDhcpStaticBindingConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper for DhcpStaticBindingConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDhcpStaticBindingConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildDhcpStaticBindingConfig"
},
"properties": {
"DhcpStaticBindingConfig": {
"$ref": "DhcpStaticBindingConfig,
"description": "Contains the actual DhcpStaticBindingConfig object.",
"required": true,
"title": "DhcpStaticBindingConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for DhcpStaticBindingConfig",
"type": "object"
}
ChildDnsSecurityProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for DnsSecurityProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDnsSecurityProfile",
"module_id": "PolicyProfile",
"properties": {
"DnsSecurityProfile": {
"$ref": "DnsSecurityProfile,
"description": "Contains the actual DnsSecurityProfile object",
"required": true,
"title": "DnsSecurityProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for DnsSecurityProfile",
"type": "object"
}
ChildDnsSecurityProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper obejct for DnsSecurityProfileBindingMap used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDnsSecurityProfileBindingMap",
"module_id": "PolicyFirewallDnsSecurityProfileBinding",
"properties": {
"DnsSecurityProfileBindingMap": {
"$ref": "DnsSecurityProfileBindingMap,
"description": "Contains the actual DnsSecurityProfileBindingMap object",
"required": true,
"title": "DnsSecurityProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for DnsSecurityProfileBindingMap",
"type": "object"
}
ChildDomain (type)
{
"additionalProperties": false,
"description": "Child wrapper object for domain, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDomain",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildDomain"
},
"properties": {
"Domain": {
"$ref": "Domain,
"description": "Contains the actual domain object.",
"required": true,
"title": "Domain"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Domain",
"type": "object"
}
ChildDomainDeploymentMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for DomainDeploymentMap, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildDomainDeploymentMap",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "ChildDomainDeploymentMap"
},
"properties": {
"DomainDeploymentMap": {
"$ref": "DomainDeploymentMap,
"description": "Contains the actual DomainDeploymentMap object.",
"required": true,
"title": "DomainDeploymentMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for DomainDeploymentMap",
"type": "object"
}
ChildEndpointPolicy (type)
{
"additionalProperties": false,
"description": "Child wrapper object for EndpointPolicy used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildEndpointPolicy",
"module_id": "PolicyGuestIntrospection",
"polymorphic-type-descriptor": {
"type-identifier": "ChildEndpointPolicy"
},
"properties": {
"EndpointPolicy": {
"$ref": "EndpointPolicy,
"description": "Contains actual EndpointPolicy.",
"required": true,
"title": "EndpointPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Endpoint Policy",
"type": "object"
}
ChildEndpointRule (type)
{
"additionalProperties": false,
"description": "Child wrapper object for EndpointRule used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildEndpointRule",
"module_id": "PolicyGuestIntrospection",
"polymorphic-type-descriptor": {
"type-identifier": "ChildEndpointRule"
},
"properties": {
"EndpointRule": {
"$ref": "EndpointRule,
"description": "Contains actual EndpointRule.",
"required": true,
"title": "EndpointRule"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Endpoint Rule",
"type": "object"
}
ChildEnforcementPoint (type)
{
"additionalProperties": false,
"description": "Child wrapper object for EnforcementPoint, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildEnforcementPoint",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "ChildEnforcementPoint"
},
"properties": {
"EnforcementPoint": {
"$ref": "EnforcementPoint,
"description": "Contains the actual Enforcement point object.",
"required": true,
"title": "EnforcementPoint"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for EnforcementPoint",
"type": "object"
}
ChildEvpnConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for EvpnConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildEvpnConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildEvpnConfig"
},
"properties": {
"EvpnConfig": {
"$ref": "EvpnConfig,
"description": "Contains the actual EvpnConfig object.",
"required": true,
"title": "EvpnConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for EvpnConfig",
"type": "object"
}
ChildEvpnTunnelEndpointConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for EvpnTunnelEndpointConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildEvpnTunnelEndpointConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildEvpnTunnelEndpointConfig"
},
"properties": {
"EvpnTunnelEndpointConfig": {
"$ref": "EvpnTunnelEndpointConfig,
"description": "Contains the actual EvpnTunnelEndpointConfig object.",
"required": true,
"title": "EvpnTunnelEndpointConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for EvpnTunnelEndpointConfig",
"type": "object"
}
ChildFloodProtectionProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for FloodProtectionProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildFloodProtectionProfile",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildFloodProtectionProfile"
},
"properties": {
"FloodProtectionProfile": {
"$ref": "FloodProtectionProfile,
"description": "Contains the actual FloodProtectionProfile object",
"required": true,
"title": "FloodProtectionProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for FloodProtectionProfile",
"type": "object"
}
ChildFloodProtectionProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for FloodProtectionProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildFloodProtectionProfileBindingMap",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildFloodProtectionProfileBindingMap"
},
"properties": {
"FloodProtectionProfileBindingMap": {
"$ref": "FloodProtectionProfileBindingMap,
"description": "Contains the actual FloodProtectionProfileBindingMap object",
"required": true,
"title": "FloodProtectionProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for FloodProtectionProfileBindingMap",
"type": "object"
}
ChildForwardingPolicy (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for ForwardingPolicy used in Hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildForwardingPolicy",
"module_id": "PolicyForwarding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildForwardingPolicy"
},
"properties": {
"ForwardingPolicy": {
"$ref": "ForwardingPolicy,
"description": "Contains actual ForwardingPolicy.",
"required": true,
"title": "ForwardingPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for children of type ForwardingPolicy\n",
"type": "object"
}
ChildForwardingRule (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for ForwardingRule used in Hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildForwardingRule",
"module_id": "PolicyForwarding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildForwardingRule"
},
"properties": {
"ForwardingRule": {
"$ref": "ForwardingRule,
"description": "Contains actual ForwardingRule.",
"required": true,
"title": "ForwardingRule"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ForwardingRule\n",
"type": "object"
}
ChildFqdnAnalysisConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for FqdnAnalysisConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildFqdnAnalysisConfig",
"module_id": "PolicyUrlCategorization",
"polymorphic-type-descriptor": {
"type-identifier": "ChildFqdnAnalysisConfig"
},
"properties": {
"FqdnAnalysisConfig": {
"$ref": "FqdnAnalysisConfig,
"description": "Contains the actual FqdnAnalysisConfig object",
"required": true,
"title": "FQDN Analysis Config"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for FqdnAnalysisConfig",
"type": "object"
}
ChildGatewayPolicy (type)
{
"additionalProperties": false,
"description": "Child wrapper object for GatewayPolicy, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGatewayPolicy",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGatewayPolicy"
},
"properties": {
"GatewayPolicy": {
"$ref": "GatewayPolicy,
"description": "Contains the actual GatewayPolicy object",
"required": true,
"title": "GatewayPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GatewayPolicy",
"type": "object"
}
ChildGatewayQosProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper for GatewayQosProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGatewayQosProfile",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGatewayQosProfile"
},
"properties": {
"GatewayQosProfile": {
"$ref": "GatewayQosProfile,
"description": "Contains the actual GatewayQosProfile object.",
"required": true,
"title": "GatewayQosProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GatewayQosProfile",
"type": "object"
}
ChildGeneralSecurityProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for GeneralSecurityProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGeneralSecurityProfile",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGeneralSecurityProfile"
},
"properties": {
"GeneralSecurityProfile": {
"$ref": "GeneralSecurityProfile,
"description": "Contains the actual GeneralSecurityProfile object",
"required": true,
"title": "GeneralSecurityProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GeneralSecurityProfile",
"type": "object"
}
ChildGeneralSecurityProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for GeneralSecurityProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGeneralSecurityProfileBindingMap",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGeneralSecurityProfileBindingMap"
},
"properties": {
"GeneralSecurityProfileBindingMap": {
"$ref": "GeneralSecurityProfileBindingMap,
"description": "Contains the actual GeneralSecurityProfileBindingMap object",
"required": true,
"title": "GeneralSecurityProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GeneralSecurityProfileBindingMap",
"type": "object"
}
ChildGlobalConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for GlobalConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGlobalConfig",
"module_id": "Policy",
"properties": {
"GlobalConfig": {
"$ref": "GlobalConfig,
"description": "Contains the actual GlobalConfig object.",
"required": true,
"title": "GlobalConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GlobalConfig",
"type": "object"
}
ChildGlobalDfwConfiguration (type)
{
"additionalProperties": false,
"experimental": true,
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGlobalDfwConfiguration",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGlobalDfwConfiguration"
},
"properties": {
"GlobalDfwConfiguration": {
"$ref": "GlobalDfwConfiguration,
"description": "Contains the actual global distributed firewall configuration object.",
"required": true,
"title": "Global distributed firewall configuration"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GlobalDfwConfiguration",
"type": "object"
}
ChildGlobalIdsSettings (type)
{
"additionalProperties": false,
"description": "Child wrapper object for GlobalIdsSettings, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGlobalIdsSettings",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGlobalIdsSettings"
},
"properties": {
"GlobalIdsSettings": {
"$ref": "GlobalIdsSettings,
"description": "Contains the GlobalIdsSettings object",
"required": true,
"title": "GlobalIdsSettings"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GlobalIdsSettings",
"type": "object"
}
ChildGlobalIdsSignature (type)
{
"additionalProperties": false,
"description": "Child wrapper object for GlobalIdsSignature, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGlobalIdsSignature",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGlobalIdsSignature"
},
"properties": {
"GlobalIdsSignature": {
"$ref": "GlobalIdsSignature,
"description": "Contains the GlobalIdsSignature object",
"required": true,
"title": "GlobalIdsSignature"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GlobalIdsSignature",
"type": "object"
}
ChildGlobalManager (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Global Manager, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGlobalManager",
"module_id": "PolicySiteGM",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGlobalManager"
},
"properties": {
"GlobalManager": {
"$ref": "GlobalManager,
"description": "Contains the actual Global Manager object.",
"required": true,
"title": "GlobalManager"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Global Manager",
"type": "object"
}
ChildGroup (type)
{
"additionalProperties": false,
"description": "Child wrapper object for group, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGroup",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGroup"
},
"properties": {
"Group": {
"$ref": "Group,
"description": "Contains the actual group objects.",
"required": true,
"title": "Group"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Group",
"type": "object"
}
ChildGroupDiscoveryProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper obejct for GroupDiscoveryProfileBindingMap used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGroupDiscoveryProfileBindingMap",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"GroupDiscoveryProfileBindingMap": {
"$ref": "GroupDiscoveryProfileBindingMap,
"description": "Contains the actual GroupDiscoveryProfileBindingMap object",
"required": true,
"title": "GroupDiscoveryProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GroupDiscoveryProfileBindingMap",
"type": "object"
}
ChildGroupMonitoringProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for GroupMonitoringProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildGroupMonitoringProfileBindingMap",
"module_id": "PolicyMonitoringProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildGroupMonitoringProfileBindingMap"
},
"properties": {
"GroupMonitoringProfileBindingMap": {
"$ref": "GroupMonitoringProfileBindingMap,
"description": "Contains the actual GroupMonitoringProfileBindingMap object",
"required": true,
"title": "GroupMonitoringProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for GroupMonitoringProfileBindingMap",
"type": "object"
}
ChildIPDiscoveryProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPDiscoveryProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPDiscoveryProfile",
"module_id": "PolicyIpDiscovery",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPDiscoveryProfile"
},
"properties": {
"IPDiscoveryProfile": {
"$ref": "IPDiscoveryProfile,
"description": "Contains the actual IPDiscoveryProfile object",
"required": true,
"title": "IPDiscoveryProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPDiscoveryProfile",
"type": "object"
}
ChildIPFIXDFWCollectorProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPFIXDFWCollectorProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPFIXDFWCollectorProfile",
"module_id": "PolicyIPFIXDFW",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPFIXDFWCollectorProfile"
},
"properties": {
"IPFIXDFWCollectorProfile": {
"$ref": "IPFIXDFWCollectorProfile,
"description": "Contains the actual IPFIXDFWCollectorProfile object",
"required": true,
"title": "IPFIXDFWCollectorProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPFIXDFWCollectorProfile",
"type": "object"
}
ChildIPFIXDFWProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPFIXDFWProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPFIXDFWProfile",
"module_id": "PolicyIPFIXDFW",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPFIXDFWProfile"
},
"properties": {
"IPFIXDFWProfile": {
"$ref": "IPFIXDFWProfile,
"description": "Contains the actual IPFIXDFWProfile object",
"required": true,
"title": "IPFIXDFWProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPFIXDFWProfile",
"type": "object"
}
ChildIPFIXL2CollectorProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPFIXL2CollectorProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPFIXL2CollectorProfile",
"module_id": "PolicyIPFIXSwitch",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPFIXL2CollectorProfile"
},
"properties": {
"IPFIXL2CollectorProfile": {
"$ref": "IPFIXL2CollectorProfile,
"description": "Contains the actual IPFIXL2CollectorProfile object",
"required": true,
"title": "IPFIXL2CollectorProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPFIXL2CollectorProfile",
"type": "object"
}
ChildIPFIXL2Profile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPFIXL2Profile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPFIXL2Profile",
"module_id": "PolicyIPFIXSwitch",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPFIXL2Profile"
},
"properties": {
"IPFIXL2Profile": {
"$ref": "IPFIXL2Profile,
"description": "Contains the actual IPFIXL2Profile object",
"required": true,
"title": "IPFIXL2Profile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPFIXL2Profile",
"type": "object"
}
ChildIPSecVpnDpdProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPSecVpnDpdProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPSecVpnDpdProfile",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPSecVpnDpdProfile"
},
"properties": {
"IPSecVpnDpdProfile": {
"$ref": "IPSecVpnDpdProfile,
"description": "Contains the actual IPSecVpnDpdProfile object.",
"required": true,
"title": "IPSecVpnDpdProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPSecVpnDpdProfile",
"type": "object"
}
ChildIPSecVpnIkeProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPSecVpnIkeProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPSecVpnIkeProfile",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPSecVpnIkeProfile"
},
"properties": {
"IPSecVpnIkeProfile": {
"$ref": "IPSecVpnIkeProfile,
"description": "Contains the actual IPSecVpnIkeProfile object.",
"required": true,
"title": "IPSecVpnIkeProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPSecVpnIkeProfile",
"type": "object"
}
ChildIPSecVpnLocalEndpoint (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPSecVpnLocalEndpoint, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPSecVpnLocalEndpoint",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPSecVpnLocalEndpoint"
},
"properties": {
"IPSecVpnLocalEndpoint": {
"$ref": "IPSecVpnLocalEndpoint,
"description": "Contains the actual IPSecVpnLocalEndpoint object.",
"required": true,
"title": "IPSecVpnLocalEndpoint"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPSecVpnLocalEndpoint",
"type": "object"
}
ChildIPSecVpnService (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPSecVpnService, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPSecVpnService",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPSecVpnService"
},
"properties": {
"IPSecVpnService": {
"$ref": "IPSecVpnService,
"description": "Contains the actual IPSecVpnService object.",
"required": true,
"title": "IPSecVpnService"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPSecVpnService",
"type": "object"
}
ChildIPSecVpnSession (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPSecVpnSession, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPSecVpnSession",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPSecVpnSession"
},
"properties": {
"IPSecVpnSession": {
"$ref": "IPSecVpnSession,
"description": "Contains the actual IPSecVpnSession object.",
"required": true,
"title": "IPSecVpnSession"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPSecVpnSession",
"type": "object"
}
ChildIPSecVpnTunnelProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IPSecVpnTunnelProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIPSecVpnTunnelProfile",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIPSecVpnTunnelProfile"
},
"properties": {
"IPSecVpnTunnelProfile": {
"$ref": "IPSecVpnTunnelProfile,
"description": "Contains the actual IPSecVpnTunnelProfile object",
"required": true,
"title": "IPSecVpnTunnelProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IPSecVpnTunnelProfile",
"type": "object"
}
ChildIdentityFirewallStore (type)
{
"additionalProperties": false,
"description": "Child wrapper for IdentityFirewallStore, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdentityFirewallStore",
"module_id": "PolicyIdentity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdentityFirewallStore"
},
"properties": {
"IdentityFirewallStore": {
"$ref": "IdentityFirewallStore,
"description": "Contains the actual IdentityFirewallStore object.",
"required": true,
"title": "IdentityFirewallStore"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdentityFirewallStore",
"type": "object"
}
ChildIdsClusterConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsClusterConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsClusterConfig",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsClusterConfig"
},
"properties": {
"IdsClusterConfig": {
"$ref": "IdsClusterConfig,
"description": "Contains the IdsClusterConfig object",
"required": true,
"title": "IdsClusterConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsClusterConfig",
"type": "object"
}
ChildIdsCustomSignatureSettings (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsCustomSignatureSettings, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsCustomSignatureSettings",
"module_id": "PolicyIDSCustomSignature",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsCustomSignatureSettings"
},
"properties": {
"IdsCustomSignatureSettings": {
"$ref": "IdsCustomSignatureSettings,
"description": "Contains the IdsCustomSignatureSettings object",
"required": true,
"title": "IdsCustomSignatureSettings"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsCustomSignatureSettings",
"type": "object"
}
ChildIdsGatewayPolicy (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsGatewayPolicy, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsGatewayPolicy",
"module_id": "PolicyIDSGateway",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsGatewayPolicy"
},
"properties": {
"IdsGatewayPolicy": {
"$ref": "IdsGatewayPolicy,
"description": "Contains the IdsGatewayPolicy object",
"required": true,
"title": "IdsGatewayPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsGatewayPolicy",
"type": "object"
}
ChildIdsGlobalEventConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsGlobalEventConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsGlobalEventConfig",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsGlobalEventConfig"
},
"properties": {
"IdsGlobalEventConfig": {
"$ref": "IdsGlobalEventConfig,
"description": "Contains the IdsGlobalEventConfig object",
"required": true,
"title": "IdsGlobalEventConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsGlobalEventConfig",
"type": "object"
}
ChildIdsPcapFileMetadata (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsPcapFileMetadata, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsPcapFileMetadata",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsPcapFileMetadata"
},
"properties": {
"IdsPcapFileMetadata": {
"$ref": "IdsPcapFileMetadata,
"description": "Contains the IdsPcapFileMetadata object",
"required": true,
"title": "IdsPcapFileMetadata"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsPcapFileMetadata",
"type": "object"
}
ChildIdsProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsProfile",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsProfile"
},
"properties": {
"IdsProfile": {
"$ref": "IdsProfile,
"description": "Contains the IdsProfile object",
"required": true,
"title": "IdsProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsProfile",
"type": "object"
}
ChildIdsRule (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsRule, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsRule",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsRule"
},
"properties": {
"IdsRule": {
"$ref": "IdsRule,
"description": "Contains the IdsRule object",
"required": true,
"title": "IdsRule"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsRule",
"type": "object"
}
ChildIdsSecurityPolicy (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsSecurityPolicy, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsSecurityPolicy",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsSecurityPolicy"
},
"properties": {
"IdsSecurityPolicy": {
"$ref": "IdsSecurityPolicy,
"description": "Contains the IdsSecurityPolicy object",
"required": true,
"title": "IdsSecurityPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsSecurityPolicy",
"type": "object"
}
ChildIdsSettings (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsSettings, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsSettings",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsSettings"
},
"properties": {
"IdsSettings": {
"$ref": "IdsSettings,
"description": "Contains the IdsSettings object",
"required": true,
"title": "IdsSettings"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsSettings",
"type": "object"
}
ChildIdsSignature (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsSignature, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsSignature",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsSignature"
},
"properties": {
"IdsSignature": {
"$ref": "IdsSignature,
"description": "Contains the IdsSignature object",
"required": true,
"title": "IdsSignature"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsSignature",
"type": "object"
}
ChildIdsSignatureStatus (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsSignatureStatus, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsSignatureStatus",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsSignatureStatus"
},
"properties": {
"IdsSignatureStatus": {
"$ref": "IdsSignatureStatus,
"description": "Contains the IdsSignatureStatus object",
"required": true,
"title": "IdsSignatureStatus"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsSignatureStatus",
"type": "object"
}
ChildIdsSignatureVersion (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsSignatureVersion, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsSignatureVersion",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsSignatureVersion"
},
"properties": {
"IdsSignatureVersion": {
"$ref": "IdsSignatureVersion,
"description": "Contains the IdsSignatureVersion object",
"required": true,
"title": "IdsSignatureVersion"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsSignatureVersion",
"type": "object"
}
ChildIdsStandaloneHostConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsStandaloneHostConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsStandaloneHostConfig",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsStandaloneHostConfig"
},
"properties": {
"IdsStandaloneHostConfig": {
"$ref": "IdsStandaloneHostConfig,
"description": "Contains the IdsStandaloneHostConfig object",
"required": true,
"title": "IdsStandaloneHostConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsStandaloneHostConfig",
"type": "object"
}
ChildIdsThresholdConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IdsThresholdConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIdsThresholdConfig",
"module_id": "PolicyIDS",
"nsx_feature": "IdsThreshold",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIdsThresholdConfig"
},
"properties": {
"IdsThresholdConfig": {
"$ref": "IdsThresholdConfig,
"description": "Contains the IdsThresholdConfig object.",
"required": true,
"title": "IdsThresholdConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IdsThresholdConfig",
"type": "object"
}
ChildInfra (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Infra, used in multi-tenancy hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildInfra",
"module_id": "Policy",
"properties": {
"Infra": {
"$ref": "Infra,
"description": "Contains the actual Infra object",
"required": true,
"title": "Infra"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Infra",
"type": "object"
}
ChildIpAddressAllocation (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IpAddressAllocation, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIpAddressAllocation",
"module_id": "PolicyIpam",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIpAddressAllocation"
},
"properties": {
"IpAddressAllocation": {
"$ref": "IpAddressAllocation,
"description": "Contains the actual IpAddressAllocation object",
"required": true,
"title": "IpAddressAllocation"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IpAddressAllocation",
"type": "object"
}
ChildIpAddressBlock (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IpAddressBlock, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIpAddressBlock",
"module_id": "PolicyIpam",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIpAddressBlock"
},
"properties": {
"IpAddressBlock": {
"$ref": "IpAddressBlock,
"description": "Contains the actual IpAddressBlock object",
"required": true,
"title": "IpAddressBlock"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IpAddressBlock",
"type": "object"
}
ChildIpAddressPool (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IpAddressPool, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIpAddressPool",
"module_id": "PolicyIpam",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIpAddressPool"
},
"properties": {
"IpAddressPool": {
"$ref": "IpAddressPool,
"description": "Contains the actual IpAddressPool object",
"required": true,
"title": "IpAddressPool"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IpAddressPool",
"type": "object"
}
ChildIpAddressPoolSubnet (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IpAddressPoolSubnet, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIpAddressPoolSubnet",
"module_id": "PolicyIpam",
"polymorphic-type-descriptor": {
"type-identifier": "ChildIpAddressPoolSubnet"
},
"properties": {
"IpAddressPoolSubnet": {
"$ref": "IpAddressPoolSubnet,
"description": "Contains the actual IpAddressPoolSubnet object",
"required": true,
"title": "IpAddressPoolSubnet"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for IpAddressPoolSubnet",
"type": "object"
}
ChildIpv6DadProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Ipv6DadProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIpv6DadProfile",
"module_id": "PolicyConnectivity",
"properties": {
"Ipv6DadProfile": {
"$ref": "Ipv6DadProfile,
"description": "Contains the actual Ipv6DadProfile objects",
"required": true,
"title": "Ipv6DadProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Ipv6DadProfile",
"type": "object"
}
ChildIpv6NdraProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Ipv6NdraProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildIpv6NdraProfile",
"module_id": "PolicyConnectivity",
"properties": {
"Ipv6NdraProfile": {
"$ref": "Ipv6NdraProfile,
"description": "Contains the actual Ipv6NdraProfile objects",
"required": true,
"title": "Ipv6NdraProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Ipv6NdraProfile",
"type": "object"
}
ChildL2BridgeEndpointProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for L2BridgeEndpointProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL2BridgeEndpointProfile",
"module_id": "PolicyConnectivity",
"properties": {
"L2BridgeEndpointProfile": {
"$ref": "L2BridgeEndpointProfile,
"description": "Contains the actual L2BridgeEndpointProfile object",
"required": true,
"title": "L2BridgeEndpointProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L2BridgeEndpointProfile",
"type": "object"
}
ChildL2VPNService (type)
{
"additionalProperties": false,
"description": "Child wrapper object for L2VPNService, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL2VPNService",
"module_id": "PolicyVpnLayer2VPN",
"polymorphic-type-descriptor": {
"type-identifier": "ChildL2VPNService"
},
"properties": {
"L2VPNService": {
"$ref": "L2VPNService,
"description": "Contains the actual L2VPNService object.",
"required": true,
"title": "L2VPNService"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L2VPNService",
"type": "object"
}
ChildL2VPNSession (type)
{
"additionalProperties": false,
"description": "Child wrapper object for L2VPNSession, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL2VPNSession",
"module_id": "PolicyVpnLayer2VPN",
"polymorphic-type-descriptor": {
"type-identifier": "ChildL2VPNSession"
},
"properties": {
"L2VPNSession": {
"$ref": "L2VPNSession,
"description": "Contains the actual L2VPNSession object.",
"required": true,
"title": "L2VPNSession"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L2VPNSession",
"type": "object"
}
ChildL2Vpn (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for L2Vpn, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL2Vpn",
"module_id": "PolicyL2Vpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildL2Vpn"
},
"properties": {
"L2Vpn": {
"$ref": "L2Vpn,
"description": "Contains the actual L2Vpn object.",
"required": true,
"title": "L2Vpn"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L2Vpn",
"type": "object"
}
ChildL2VpnContext (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for L2VpnContext, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL2VpnContext",
"module_id": "PolicyL2Vpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildL2VpnContext"
},
"properties": {
"L2VpnContext": {
"$ref": "L2VpnContext,
"description": "Contains the actual L2VpnContext object.",
"required": true,
"title": "L2VpnContext"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L2VpnContext",
"type": "object"
}
ChildL3Vpn (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for L3Vpn, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL3Vpn",
"module_id": "PolicyL3Vpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildL3Vpn"
},
"properties": {
"L3Vpn": {
"$ref": "L3Vpn,
"description": "Contains the actual L3Vpn object.",
"required": true,
"title": "L3Vpn"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L3Vpn",
"type": "object"
}
ChildL3VpnContext (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper object for L3VpnContext, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL3VpnContext",
"module_id": "PolicyL3Vpn",
"polymorphic-type-descriptor": {
"type-identifier": "ChildL3VpnContext"
},
"properties": {
"L3VpnContext": {
"$ref": "L3VpnContext,
"description": "Contains the actual L3VpnContext object.",
"required": true,
"title": "L3VpnContext"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L3VpnContext",
"type": "object"
}
ChildL7AccessEntry (type)
{
"additionalProperties": false,
"description": "Child wrapper object for L7 Access Entry, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL7AccessEntry",
"module_id": "L7AccessProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildL7AccessEntry"
},
"properties": {
"L7AccessEntry": {
"$ref": "L7AccessEntry,
"description": "Contains the actual L7 access entry object",
"required": true,
"title": "L7 Access Entry"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L7 Access Entry",
"type": "object"
}
ChildL7AccessProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for L7 Access Profile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildL7AccessProfile",
"module_id": "L7AccessProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildL7AccessProfile"
},
"properties": {
"L7AccessProfile": {
"$ref": "L7AccessProfile,
"description": "Contains the actual L7 access profile object",
"required": true,
"title": "L7 access profile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for L7 Access Profile",
"type": "object"
}
ChildLBAppProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper for LBAppProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLBAppProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLBAppProfile"
},
"properties": {
"LBAppProfile": {
"$ref": "LBAppProfile,
"description": "Contains the actual LBAppProfile object.",
"required": true,
"title": "LBAppProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LBAppProfile",
"type": "object"
}
ChildLBClientSslProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper for LBClientSslProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLBClientSslProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLBClientSslProfile"
},
"properties": {
"LBClientSslProfile": {
"$ref": "LBClientSslProfile,
"description": "Contains the actual LBClientSslProfile object.",
"required": true,
"title": "LBClientSslProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LBClientSslProfile",
"type": "object"
}
ChildLBMonitorProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper for LBMonitorProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLBMonitorProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLBMonitorProfile"
},
"properties": {
"LBMonitorProfile": {
"$ref": "LBMonitorProfile,
"description": "Contains the actual LBMonitorProfile object.",
"required": true,
"title": "LBMonitorProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LBMonitorProfile",
"type": "object"
}
ChildLBPersistenceProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper for LBPersistenceProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLBPersistenceProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLBPersistenceProfile"
},
"properties": {
"LBPersistenceProfile": {
"$ref": "LBPersistenceProfile,
"description": "Contains the actual LBPersistenceProfile object.",
"required": true,
"title": "LBPersistenceProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LBPersistenceProfile",
"type": "object"
}
ChildLBPool (type)
{
"additionalProperties": false,
"description": "Child wrapper for LBPool, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLBPool",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLBPool"
},
"properties": {
"LBPool": {
"$ref": "LBPool,
"description": "Contains the actual LBPool object.",
"required": true,
"title": "LBPool"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LBPool",
"type": "object"
}
ChildLBServerSslProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Child wrapper for LBServerSslProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLBServerSslProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLBServerSslProfile"
},
"properties": {
"LBServerSslProfile": {
"$ref": "LBServerSslProfile,
"description": "Contains the actual LBServerSslProfile object.",
"required": true,
"title": "LBServerSslProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LBServerSslProfile",
"type": "object"
}
ChildLBService (type)
{
"additionalProperties": false,
"description": "Child wrapper for LBService, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLBService",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLBService"
},
"properties": {
"LBService": {
"$ref": "LBService,
"description": "Contains the actual LBService object.",
"required": true,
"title": "LBService"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LBService",
"type": "object"
}
ChildLBVirtualServer (type)
{
"additionalProperties": false,
"description": "Child wrapper for LBVirtualServer, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLBVirtualServer",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLBVirtualServer"
},
"properties": {
"LBVirtualServer": {
"$ref": "LBVirtualServer,
"description": "Contains the actual LBVirtualServer object.",
"required": true,
"title": "LBVirtualServer"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LBVirtualServer",
"type": "object"
}
ChildLiveTraceConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper for LiveTraceConfig for Hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLiveTraceConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLiveTraceConfig"
},
"properties": {
"LiveTraceConfig": {
"$ref": "LiveTraceConfig,
"description": "The actual LiveTraceConfig object.",
"required": true,
"title": "LiveTraceConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LiveTraceConfig",
"type": "object"
}
ChildLocaleServices (type)
{
"additionalProperties": false,
"description": "Child wrapper object for LocaleServices, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildLocaleServices",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildLocaleServices"
},
"properties": {
"LocaleServices": {
"$ref": "LocaleServices,
"description": "Contains the actual LocaleServices object",
"required": true,
"title": "LocaleServices"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for LocaleServices",
"type": "object"
}
ChildMacDiscoveryProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for MacDiscoveryProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildMacDiscoveryProfile",
"module_id": "PolicyMacDiscovery",
"polymorphic-type-descriptor": {
"type-identifier": "ChildMacDiscoveryProfile"
},
"properties": {
"MacDiscoveryProfile": {
"$ref": "MacDiscoveryProfile,
"description": "Contains the actual MacDiscoveryProfile object",
"required": true,
"title": "MacDiscoveryProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for MacDiscoveryProfile",
"type": "object"
}
ChildMalwarePreventionProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for MalwarePreventionProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildMalwarePreventionProfile",
"module_id": "PolicyAntiMalware",
"polymorphic-type-descriptor": {
"type-identifier": "ChildMalwarePreventionProfile"
},
"properties": {
"MalwarePreventionProfile": {
"$ref": "MalwarePreventionProfile,
"description": "Contains the MalwarePreventionProfile object",
"required": true,
"title": "MalwarePreventionProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for MalwarePreventionProfile",
"type": "object"
}
ChildMalwarePreventionSignature (type)
{
"additionalProperties": false,
"description": "Child wrapper object for MalwarePreventionSignature, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildMalwarePreventionSignature",
"module_id": "PolicyAntiMalware",
"polymorphic-type-descriptor": {
"type-identifier": "ChildMalwarePreventionSignature"
},
"properties": {
"MalwarePreventionSignature": {
"$ref": "MalwarePreventionSignature,
"description": "Contains the MalwarePreventionSignature object",
"required": true,
"title": "MalwarePreventionSignature"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for MalwarePreventionSignature",
"type": "object"
}
ChildMetadataProxyConfig (type)
{
"additionalProperties": false,
"descritpion": "Child wrapper object for MetadataProxyConfig, used in hierarchical APIs",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildMetadataProxyConfig",
"module_id": "PolicyMetadataProxy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildMetadataProxyConfig"
},
"properties": {
"MetadataProxyConfig": {
"$ref": "MetadataProxyConfig,
"description": "Contains the actual MetadataProxyConfig object.",
"required": true,
"title": "MetadataProxyConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for MetadataProxyConfig",
"type": "object"
}
ChildOdsDynamicRunbookInstance (type)
{
"additionalProperties": false,
"description": "Child wrapper for OdsDynamicRunbookInstance for Hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildOdsDynamicRunbookInstance",
"module_id": "PolicyOds",
"polymorphic-type-descriptor": {
"type-identifier": "ChildOdsDynamicRunbookInstance"
},
"properties": {
"OdsDynamicRunbookInstance": {
"$ref": "OdsDynamicRunbookInstance,
"description": "The actual OdsDynamicRunbookInstance object.",
"required": true,
"title": "OdsDynamicRunbookInstance"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for OdsDynamicRunbookInstance",
"type": "object"
}
ChildOdsRunbookInvocation (type)
{
"additionalProperties": false,
"description": "Child wrapper for OdsRunbookInvocation for Hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildOdsRunbookInvocation",
"module_id": "PolicyOds",
"polymorphic-type-descriptor": {
"type-identifier": "ChildOdsRunbookInvocation"
},
"properties": {
"OdsRunbookInvocation": {
"$ref": "OdsRunbookInvocation,
"description": "The actual OdsRunbookInvocation object.",
"required": true,
"title": "OdsRunbookInvocation"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for OdsRunbookInvocation",
"type": "object"
}
ChildOdsRunbookInvocationArtifactBatchRequest (type)
{
"additionalProperties": false,
"description": "Child wrapper for OdsRunbookInvocationArtifactBatchRequest for Hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildOdsRunbookInvocationArtifactBatchRequest",
"module_id": "PolicyOds",
"polymorphic-type-descriptor": {
"type-identifier": "ChildOdsRunbookInvocationArtifactBatchRequest"
},
"properties": {
"OdsRunbookInvocation": {
"$ref": "OdsRunbookInvocationArtifactBatchRequest,
"description": "The actual OdsRunbookInvocationArtifactBatchRequest object.",
"required": true,
"title": "OdsRunbookInvocationArtifactBatchRequest"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for OdsRunbookInvocationArtifactBatchRequest",
"type": "object"
}
ChildOpsGlobalConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for OpsGlobalConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildOpsGlobalConfig",
"module_id": "Policy",
"properties": {
"GlobalConfig": {
"$ref": "OpsGlobalConfig,
"description": "Contains the actual OpsGlobalConfig object.",
"required": true,
"title": "OpsGlobalConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for OpsGlobalConfig",
"type": "object"
}
ChildOrg (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Org, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildOrg",
"module_id": "PolicyOrg",
"properties": {
"Org": {
"$ref": "Org,
"description": "Contains the actual Org object",
"required": true,
"title": "Org"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Org",
"type": "object"
}
ChildOrgRoot (type)
{
"additionalProperties": false,
"description": "Child wrapper object for OrgRoot, used in multi-tenancy hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildOrgRoot",
"module_id": "PolicyOrgRoot",
"properties": {
"OrgRoot": {
"$ref": "OrgRoot,
"description": "Contains the actual OrgRoot object",
"required": true,
"title": "OrgRoot"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for OrgRoot",
"type": "object"
}
ChildOspfAreaConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for OspfAreaConfig used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildOspfAreaConfig",
"module_id": "PolicyOspf",
"properties": {
"OspfAreaConfig": {
"$ref": "OspfAreaConfig,
"description": "Contains actual OspfAreaConfig.",
"required": true,
"title": "OspfAreaConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for OSPF routing config",
"type": "object"
}
ChildOspfRoutingConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for OspfRoutingConfig used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildOspfRoutingConfig",
"module_id": "PolicyOspf",
"properties": {
"OspfRoutingConfig": {
"$ref": "OspfRoutingConfig,
"description": "Contains actual OspfRoutingConfig.",
"required": true,
"title": "OspfRoutingConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for OSPF routing config",
"type": "object"
}
ChildPolicyConfigResource (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Represents an object on the desired state",
"extends": {
"$ref": "ManagedResource
},
"id": "ChildPolicyConfigResource",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Represents the desired state object as child resource",
"type": "object"
}
ChildPolicyContextProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyContextProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyContextProfile",
"module_id": "PolicyContextProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyContextProfile"
},
"properties": {
"PolicyContextProfile": {
"$ref": "PolicyContextProfile,
"description": "Contains the actual PolicyContextProfile objects",
"required": true,
"title": "PolicyContextProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyContextProfile",
"type": "object"
}
ChildPolicyCustomAttributes (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyCustomAttributes, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyCustomAttributes",
"module_id": "PolicyContextProfile",
"properties": {
"PolicyCustomAttributes": {
"$ref": "PolicyCustomAttributes,
"description": "Contains the actual PolicyCustomAttributes objects",
"required": true,
"title": "PolicyCustomAttributes"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyCustomAttributes",
"type": "object"
}
ChildPolicyDnsForwarder (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyDnsForwarder, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyDnsForwarder",
"module_id": "PolicyDnsForwarder",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyDnsForwarder"
},
"properties": {
"PolicyDnsForwarder": {
"$ref": "PolicyDnsForwarder,
"description": "Contains the actual PolicyDnsForwarder object",
"required": true,
"title": "PolicyDnsForwarder"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyDnsForwarder",
"type": "object"
}
ChildPolicyDnsForwarderZone (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyDnsForwarderZone, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyDnsForwarderZone",
"module_id": "PolicyDnsForwarder",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyDnsForwarderZone"
},
"properties": {
"PolicyDnsForwarderZone": {
"$ref": "PolicyDnsForwarderZone,
"description": "Contains the actual PolicyDnsForwarderZone object",
"required": true,
"title": "PolicyDnsForwarderZone"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyDnsForwarderZone",
"type": "object"
}
ChildPolicyEdgeCluster (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyEdgeCluster, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyEdgeCluster",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyEdgeCluster"
},
"properties": {
"PolicyEdgeCluster": {
"$ref": "PolicyEdgeCluster,
"description": "Contains the actual PolicyEdgeCluster object.",
"required": true,
"title": "PolicyEdgeCluster"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyEdgeCluster",
"type": "object"
}
ChildPolicyEdgeNode (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyEdgeNode, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyEdgeNode",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyEdgeNode"
},
"properties": {
"PolicyEdgeNode": {
"$ref": "PolicyEdgeNode,
"description": "Contains the actual PolicyEdgeNode object.",
"required": true,
"title": "PolicyEdgeNode"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyEdgeNode",
"type": "object"
}
ChildPolicyExcludeList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyExcludeList",
"module_id": "PolicyFirewallConfiguration",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyExcludeList"
},
"properties": {
"PolicyExcludeList": {
"$ref": "PolicyExcludeList,
"description": "Contains the actual policy exclude list object.",
"required": true,
"title": "PolicyExcludeList"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyExcludeList",
"type": "object"
}
ChildPolicyFirewallCPUMemThresholdsProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyFirewallCPUMemThresholdsProfileBindingMap",
"module_id": "PolicyFirewallCPUMemThresholdsProfileBinding",
"properties": {
"PolicyFirewallCPUMemThresholdsProfileBindingMap": {
"$ref": "PolicyFirewallCPUMemThresholdsProfileBindingMap,
"description": "Contains the actual PolicyFirewallCPUMemThresholdsProfileBindingMap object.",
"required": true,
"title": "PolicyFirewallCPUMemThresholdsProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap",
"type": "object"
}
ChildPolicyFirewallCpuMemThresholdsProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyFirewallCpuMemThresholdsProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyFirewallCpuMemThresholdsProfile",
"module_id": "PolicyProfile",
"properties": {
"PolicyFirewallCpuMemThresholdsProfile": {
"$ref": "PolicyFirewallCpuMemThresholdsProfile,
"description": "Contains the actual PolicyFirewallCpuMemThresholdsProfile object",
"required": true,
"title": "PolicyFirewallCpuMemThresholdsProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyFirewallCpuMemThresholdsProfile",
"type": "object"
}
ChildPolicyFirewallFloodProtectionProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyFirewallFloodProtectionProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyFirewallFloodProtectionProfileBindingMap",
"module_id": "PolicyFirewallFloodProtectionProfileBinding",
"properties": {
"PolicyFirewallFloodProtectionProfileBindingMap": {
"$ref": "PolicyFirewallFloodProtectionProfileBindingMap,
"description": "Contains the actual PolicyFirewallFloodProtectionProfileBindingMap object",
"required": true,
"title": "PolicyFirewallFloodProtectionProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyFirewallFloodProtectionProfileBindingMap",
"type": "object"
}
ChildPolicyFirewallIpReputationConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyFirewallIpReputationConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyFirewallIpReputationConfig",
"module_id": "PolicyFirewallIpReputation",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyFirewallIpReputationConfig"
},
"properties": {
"PolicyFirewallIpReputationConfig": {
"$ref": "PolicyFirewallIpReputationConfig,
"description": "Contains the actual PolicyFirewallIpReputationConfig object.",
"required": true,
"title": "IP reputation config"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyFirewallIpReputationConfig",
"type": "object"
}
ChildPolicyFirewallScheduler (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyFirewallScheduler, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyFirewallScheduler",
"module_id": "PolicyFirewallScheduler",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyFirewallScheduler"
},
"properties": {
"PolicyFirewallScheduler": {
"$ref": "PolicyFirewallScheduler,
"description": "Contains the actual PolicyFirewallScheduler objects",
"required": true,
"title": "PolicyFirewallScheduler"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyFirewallScheduler",
"type": "object"
}
ChildPolicyFirewallSessionTimerProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyFirewallSessionTimerProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyFirewallSessionTimerProfile",
"module_id": "PolicyFirewallSessionTimerProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyFirewallSessionTimerProfile"
},
"properties": {
"PolicyFirewallSessionTimerProfile": {
"$ref": "PolicyFirewallSessionTimerProfile,
"description": "Contains the actual PolicyFirewallSessionTimerProfile object",
"required": true,
"title": "PolicyFirewallSessionTimerProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyFirewallSessionTimerProfile",
"type": "object"
}
ChildPolicyFirewallSessionTimerProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyFirewallSessionTimerProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyFirewallSessionTimerProfileBindingMap",
"module_id": "PolicyFirewallSessionTimerProfileBinding",
"properties": {
"PolicyFirewallSessionTimerProfileBindingMap": {
"$ref": "PolicyFirewallSessionTimerProfileBindingMap,
"description": "Contains the actual PolicyFirewallSessionTimerProfileBindingMap object",
"required": true,
"title": "PolicyFirewallSessionTimerProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyFirewallSessionTimerProfileBindingMap",
"type": "object"
}
ChildPolicyIgmpProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyIgmpProfile used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyIgmpProfile",
"module_id": "PolicyMulticast",
"properties": {
"PolicyIgmpProfile": {
"$ref": "PolicyIgmpProfile,
"description": "Contains actual PolicyIgmpProfile.",
"required": true,
"title": "PolicyIgmpProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyIgmpProfile",
"type": "object"
}
ChildPolicyInterVrfRoutingConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyInterVrfRoutingConfig used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyInterVrfRoutingConfig",
"module_id": "PolicyConnectivity",
"properties": {
"PolicyInterVrfRoutingConfig": {
"$ref": "PolicyInterVrfRoutingConfig,
"description": "Contains actual PolicyInterVrfRoutingConfig.",
"required": true,
"title": "PolicyInterVrfRoutingConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for inter-vrf routing config",
"type": "object"
}
ChildPolicyLabel (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyLabel, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyLabel",
"module_id": "PolicyLabel",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyLabel"
},
"properties": {
"PolicyLabel": {
"$ref": "PolicyLabel,
"description": "Contains the actual PolicyLabel object",
"required": true,
"title": "PolicyLabel"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyLabel",
"type": "object"
}
ChildPolicyLatencyStatProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyLatencyStatProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyLatencyStatProfile",
"module_id": "PolicyLatency",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyLatencyStatProfile"
},
"properties": {
"PolicyLatencyStatProfile": {
"$ref": "PolicyLatencyStatProfile,
"description": "Contains the actual PolicyLatencyStatProfile object",
"required": true,
"title": "PolicyLatencyStatProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyLatencyStatProfile",
"type": "object"
}
ChildPolicyMulticastConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyMulticastConfig used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyMulticastConfig",
"module_id": "PolicyMulticast",
"properties": {
"PolicyMulticastConfig": {
"$ref": "PolicyMulticastConfig,
"description": "Contains actual PolicyMulticastConfig.",
"required": true,
"title": "PolicyMulticastConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyMulticastConfig",
"type": "object"
}
ChildPolicyNat (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyNat, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyNat",
"module_id": "PolicyNAT",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyNat"
},
"properties": {
"PolicyNat": {
"$ref": "PolicyNat,
"description": "Contains the actual PolicyNAT object",
"required": true,
"title": "PolicyNat"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyNat",
"type": "object"
}
ChildPolicyNatRule (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyNatRule, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyNatRule",
"module_id": "PolicyNAT",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyNatRule"
},
"properties": {
"PolicyNatRule": {
"$ref": "PolicyNatRule,
"description": "Contains the actual PolicyNatRule object",
"required": true,
"title": "PolicyNatRule"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyNatRule",
"type": "object"
}
ChildPolicyPimProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyPimProfile used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyPimProfile",
"module_id": "PolicyMulticast",
"properties": {
"PolicyPimProfile": {
"$ref": "PolicyPimProfile,
"description": "Contains actual PolicyPimProfile.",
"required": true,
"title": "PolicyPimProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyPimProfile",
"type": "object"
}
ChildPolicySIExcludeList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicySIExcludeList",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicySIExcludeList"
},
"properties": {
"PolicySIExcludeList": {
"$ref": "PolicySIExcludeList,
"description": "Contains the actual policy exclude list object.",
"required": true,
"title": "PolicySIExcludeList"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicySIExcludeList",
"type": "object"
}
ChildPolicyServiceChain (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyServiceInstance used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyServiceChain",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyServiceChain"
},
"properties": {
"PolicyServiceChain": {
"$ref": "PolicyServiceChain,
"description": "Contains actual PolicyServiceChain.",
"required": true,
"title": "PolicyServiceChain"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyServiceChain",
"type": "object"
}
ChildPolicyServiceInstance (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyServiceInstance used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyServiceInstance",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyServiceInstance"
},
"properties": {
"PolicyServiceInstance": {
"$ref": "PolicyServiceInstance,
"description": "Contains actual PolicyServiceInstance.",
"required": true,
"title": "PolicyServiceInstance"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyServiceInstance",
"type": "object"
}
ChildPolicyServiceProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyServiceProfile used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyServiceProfile",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyServiceProfile"
},
"properties": {
"PolicyServiceProfile": {
"$ref": "PolicyServiceProfile,
"description": "Contains actual PolicyServiceProfile.",
"required": true,
"title": "PolicyServiceProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyServiceProfile",
"type": "object"
}
ChildPolicyTier1MulticastConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyTier1MulticastConfig used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyTier1MulticastConfig",
"module_id": "PolicyMulticast",
"properties": {
"PolicyTier1MulticastConfig": {
"$ref": "PolicyTier1MulticastConfig,
"description": "Contains actual PolicyTier1MulticastConfig.",
"required": true,
"title": "PolicyTier1MulticastConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyTier1MulticastConfig",
"type": "object"
}
ChildPolicyTransportZone (type)
{
"description": "Child wrapper object for PolicyTransportZone, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyTransportZone",
"module_id": "PolicyTransportZone",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyTransportZone"
},
"properties": {
"PolicyTransportZone": {
"$ref": "PolicyTransportZone,
"additionalProperties": false,
"description": "Contains the actual PolicyTransportZone object.",
"required": true,
"title": "PolicyTransportZone"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyTransportZone",
"type": "object"
}
ChildPolicyTransportZoneProfile (type)
{
"description": "Child wrapper object for PolicyTransportZoneProfile, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyTransportZoneProfile",
"module_id": "PolicyTransportZoneProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyTransportZoneProfile"
},
"properties": {
"PolicyTransportZoneProfile": {
"$ref": "PolicyTransportZoneProfile,
"additionalProperties": false,
"description": "Contains the actual PolicyTransportZoneProfile object.",
"required": true,
"title": "PolicyTransportZoneProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyTransportZoneProfile",
"type": "object"
}
ChildPolicyUrlCategorizationConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyUrlCategorizationConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyUrlCategorizationConfig",
"module_id": "PolicyUrlCategorization",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyUrlCategorizationConfig"
},
"properties": {
"PolicyUrlCategorizationConfig": {
"$ref": "PolicyUrlCategorizationConfig,
"description": "Contains the actual PolicyUrlCategorizationConfig object",
"required": true,
"title": "URL Categorization Config"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyUrlCategorizationConfig",
"type": "object"
}
ChildPolicyVpcNatRule (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PolicyVpcNatRule, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPolicyVpcNatRule",
"module_id": "PolicyVpcNat",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicyVpcNatRule"
},
"properties": {
"PolicyVpcNatRule": {
"$ref": "PolicyVpcNatRule,
"description": "Contains the actual Policy VPC Nat Rule object",
"required": true,
"title": "Policy VPC Nat Rule"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicyVpcNatRule",
"type": "object"
}
ChildPortDiscoveryProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PortDiscoveryProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPortDiscoveryProfileBindingMap",
"module_id": "PolicyDiscoveryProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPortDiscoveryProfileBindingMap"
},
"properties": {
"PortDiscoveryProfileBindingMap": {
"$ref": "PortDiscoveryProfileBindingMap,
"description": "Contains the actual PortDiscoveryProfileBindingMap object",
"required": true,
"title": "PortDiscoveryProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PortDiscoveryProfileBindingMap",
"type": "object"
}
ChildPortMirroringProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PortMirroringProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPortMirroringProfile",
"module_id": "PolicyPortMirroring",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPortMirroringProfile"
},
"properties": {
"PortMirroringProfile": {
"$ref": "PortMirroringProfile,
"description": "Contains the actual PortMirroringProfile object",
"required": true,
"title": "PortMirroringProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PortMirroringProfile",
"type": "object"
}
ChildPortMonitoringProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PortMonitoringProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPortMonitoringProfileBindingMap",
"module_id": "PolicyMonitoringProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPortMonitoringProfileBindingMap"
},
"properties": {
"PortMonitoringProfileBindingMap": {
"$ref": "PortMonitoringProfileBindingMap,
"description": "Contains the actual PortMonitoringProfileBindingMap object",
"required": true,
"title": "PortMonitoringProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PortMonitoringProfileBindingMap",
"type": "object"
}
ChildPortQoSProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PortQoSProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPortQoSProfileBindingMap",
"module_id": "PolicyQoSProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPortQoSProfileBindingMap"
},
"properties": {
"PortQoSProfileBindingMap": {
"$ref": "PortQoSProfileBindingMap,
"description": "Contains the actual PortQoSProfileBindingMap object",
"required": true,
"title": "PortQoSProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PortQoSProfileBindingMap",
"type": "object"
}
ChildPortSecurityProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PortSecurityProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPortSecurityProfileBindingMap",
"module_id": "PolicySecurityProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPortSecurityProfileBindingMap"
},
"properties": {
"PortSecurityProfileBindingMap": {
"$ref": "PortSecurityProfileBindingMap,
"description": "Contains the actual PortSecurityProfileBindingMap object",
"required": true,
"title": "PortSecurityProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PortSecurityProfileBindingMap",
"type": "object"
}
ChildPrefixList (type)
{
"additionalProperties": false,
"description": "Child wrapper object for PrefixList, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildPrefixList",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPrefixList"
},
"properties": {
"PrefixList": {
"$ref": "PrefixList,
"description": "Contains the actual PrefixList object.",
"required": true,
"title": "PrefixList"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PrefixList",
"type": "object"
}
ChildProject (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Project, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildProject",
"module_id": "PolicyProject",
"properties": {
"Project": {
"$ref": "Project,
"description": "Contains the actual Project object",
"required": true,
"title": "PROJECT"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PROJECT",
"type": "object"
}
ChildProjectRouteFilter (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ProjectRouteFilter used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildProjectRouteFilter",
"module_id": "PolicyConnectivity",
"properties": {
"ProjectRouteFilter": {
"$ref": "ProjectRouteFilter,
"description": "Contains actual ProjectRouteFilter.",
"required": true,
"title": "ProjectRouteFilter"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for project route filter",
"type": "object"
}
ChildQoSProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for QoSProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildQoSProfile",
"module_id": "PolicyQoS",
"polymorphic-type-descriptor": {
"type-identifier": "ChildQoSProfile"
},
"properties": {
"QoSProfile": {
"$ref": "QoSProfile,
"description": "Contains the actual QoSProfile object",
"required": true,
"title": "QoSProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for QoSProfile",
"type": "object"
}
ChildReaction (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Reaction used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildReaction",
"module_id": "PolicyReaction",
"properties": {
"Reaction": {
"$ref": "Reaction,
"description": "Contains the actual Reaction object.",
"required": true,
"title": "Reaction"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Reaction",
"type": "object"
}
ChildRedirectionPolicy (type)
{
"additionalProperties": false,
"description": "Child wrapper object for RedirectionPolicy used in Hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildRedirectionPolicy",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildRedirectionPolicy"
},
"properties": {
"RedirectionPolicy": {
"$ref": "RedirectionPolicy,
"description": "Contains actual RedirectionPolicy.",
"required": true,
"title": "RedirectionPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for RedirectionPolicy\n",
"type": "object"
}
ChildRedirectionRule (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ChildRedirectionRule used in Hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildRedirectionRule",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildRedirectionRule"
},
"properties": {
"RedirectionRule": {
"$ref": "RedirectionRule,
"description": "Contains actual RedirectionRule.",
"required": true,
"title": "RedirectionRule"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for RedirectionRule\n",
"type": "object"
}
ChildResourceReference (type)
{
"additionalProperties": false,
"description": "Represents a reference to ChildPolicyConfigResource in the hierarchical API. resource_type, id and target_type are mandatory fields.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildResourceReference",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"target_type": {
"required": true,
"title": "The target type of this reference",
"type": "string"
}
},
"title": "Represents the reference to ChildPolicyConfigResource",
"type": "object"
}
ChildRule (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Rule, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildRule",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildRule"
},
"properties": {
"Rule": {
"$ref": "Rule,
"description": "Contains the actual Rule object",
"required": true,
"title": "Rule"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Rule",
"type": "object"
}
ChildSIStatusConfiguration (type)
{
"additionalProperties": false,
"experimental": true,
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSIStatusConfiguration",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildPolicySIStatusConfiguration"
},
"properties": {
"PolicySIStatusConfiguration": {
"$ref": "PolicySIStatusConfiguration,
"description": "Contains the actual service insertion status configuration list object.",
"required": true
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for PolicySIStatusConfiguration",
"type": "object"
}
ChildSecurityFeatures (type)
{
"additionalProperties": false,
"description": "Child wrapper object for T1 Security Feature, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSecurityFeatures",
"module_id": "PolicyGatewaySecurityFeature",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSecurityFeatures"
},
"properties": {
"SecurityFeatures": {
"$ref": "SecurityFeatures,
"description": "Contains the actual SecurityFeatures object",
"required": true,
"title": "Security configs"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Security Feature",
"type": "object"
}
ChildSecurityPolicy (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SecurityPolicy, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSecurityPolicy",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSecurityPolicy"
},
"properties": {
"SecurityPolicy": {
"$ref": "SecurityPolicy,
"description": "Contains the actual SecurityPolicy object",
"required": true,
"title": "SecurityPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SecurityPolicy",
"type": "object"
}
ChildSegment (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Segment, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSegment",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSegment"
},
"properties": {
"Segment": {
"$ref": "Segment,
"description": "Contains the actual Segment object.",
"required": true,
"title": "Segment"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Segment",
"type": "object"
}
ChildSegmentConnectionBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper for SegmentConnectionBindingMap, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSegmentConnectionBindingMap",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSegmentConnectionBindingMap"
},
"properties": {
"SegmentConnectionBindingMap": {
"$ref": "SegmentConnectionBindingMap,
"description": "Contains the actual SegmentConnectionBindingMap object.",
"required": true,
"title": "Segment Connection Binding Map"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SegmentConnectionBindingMap",
"type": "object"
}
ChildSegmentDiscoveryProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SegmentDiscoveryProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSegmentDiscoveryProfileBindingMap",
"module_id": "PolicyDiscoveryProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSegmentDiscoveryProfileBindingMap"
},
"properties": {
"SegmentDiscoveryProfileBindingMap": {
"$ref": "SegmentDiscoveryProfileBindingMap,
"description": "Contains the actual SegmentDiscoveryProfileBindingMap object",
"required": true,
"title": "SegmentDiscoveryProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SegmentDiscoveryProfileBindingMap",
"type": "object"
}
ChildSegmentMonitoringProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SegmentMonitoringProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSegmentMonitoringProfileBindingMap",
"module_id": "PolicyMonitoringProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSegmentMonitoringProfileBindingMap"
},
"properties": {
"SegmentMonitoringProfileBindingMap": {
"$ref": "SegmentMonitoringProfileBindingMap,
"description": "Contains the actual SegmentMonitoringProfileBindingMap object",
"required": true,
"title": "SegmentMonitoringProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SegmentMonitoringProfileBindingMap",
"type": "object"
}
ChildSegmentPort (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SegmentPort, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSegmentPort",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSegmentPort"
},
"properties": {
"SegmentPort": {
"$ref": "SegmentPort,
"description": "Contains the actual SegmentPort object",
"required": true,
"title": "SegmentPort"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SegmentPort",
"type": "object"
}
ChildSegmentQoSProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SegmentQoSProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSegmentQoSProfileBindingMap",
"module_id": "PolicyQoSProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSegmentQoSProfileBindingMap"
},
"properties": {
"SegmentQoSProfileBindingMap": {
"$ref": "SegmentQoSProfileBindingMap,
"description": "Contains the actual SegmentQoSProfileBindingMap object",
"required": true,
"title": "SegmentQoSProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SegmentQoSProfileBindingMap",
"type": "object"
}
ChildSegmentSecurityProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SegmentSecurityProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSegmentSecurityProfile",
"module_id": "PolicySegmentSecurity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSegmentSecurityProfile"
},
"properties": {
"SegmentSecurityProfile": {
"$ref": "SegmentSecurityProfile,
"description": "Contains the actual SegmentSecurityProfile object",
"required": true,
"title": "SegmentSecurityProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SegmentSecurityProfile",
"type": "object"
}
ChildSegmentSecurityProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SegmentSecurityProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSegmentSecurityProfileBindingMap",
"module_id": "PolicySecurityProfileBinding",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSegmentSecurityProfileBindingMap"
},
"properties": {
"SegmentSecurityProfileBindingMap": {
"$ref": "SegmentSecurityProfileBindingMap,
"description": "Contains the actual SegmentSecurityProfileBindingMap object",
"required": true,
"title": "SegmentSecurityProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SegmentSecurityProfileBindingMap",
"type": "object"
}
ChildService (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Service, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildService",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildService"
},
"properties": {
"Service": {
"$ref": "Service,
"description": "Contains the actual Service object.",
"required": true,
"title": "Service"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Service",
"type": "object"
}
ChildServiceEntry (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ServiceEntry, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildServiceEntry"
},
"properties": {
"Service": {
"$ref": "ServiceEntry,
"deprecated": true,
"description": "This is a deprecated property, Please use 'ServiceEntry' instead.",
"title": "ServiceEntry"
},
"ServiceEntry": {
"$ref": "ServiceEntry,
"description": "Contains the actual ServiceEntry object.",
"required": true,
"title": "ServiceEntry"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ServiceEntry",
"type": "object"
}
ChildServiceInstanceEndpoint (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ServiceInstanceEndpoint used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildServiceInstanceEndpoint",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildServiceInstanceEndpoint"
},
"properties": {
"ServiceInstanceEndpoint": {
"$ref": "ServiceInstanceEndpoint,
"description": "Contains actual ServiceInstanceEndpoint.",
"required": true,
"title": "ServiceInstanceEndpoint"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ServiceInstanceEndpoint",
"type": "object"
}
ChildServiceInterface (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ServiceInterface, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildServiceInterface",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildServiceInterface"
},
"properties": {
"ServiceInterface": {
"$ref": "ServiceInterface,
"description": "Contains the actual ServiceInterface object.",
"required": true,
"title": "ServiceInterface"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ServiceInterface",
"type": "object"
}
ChildServiceReference (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ServiceReference used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildServiceReference",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildServiceReference"
},
"properties": {
"ServiceReference": {
"$ref": "ServiceReference,
"description": "Contains actual ServiceReference.",
"required": true,
"title": "ServiceReference"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ServiceReference",
"type": "object"
}
ChildServiceSegment (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ServiceSegment, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildServiceSegment",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildServiceSegment"
},
"properties": {
"ServiceSegment": {
"$ref": "ServiceSegment,
"description": "Contains the actual ServiceSegment objects",
"required": true,
"title": "ServiceSegments"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SerivceSegment",
"type": "object"
}
ChildSessionTimerProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SessionTimerProfileBindingMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSessionTimerProfileBindingMap",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSessionTimerProfileBindingMap"
},
"properties": {
"SessionTimerProfileBindingMap": {
"$ref": "SessionTimerProfileBindingMap,
"description": "Contains the actual SessionTimerProfileBindingMap object",
"required": true,
"title": "SessionTimerProfileBindingMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SessionTimerProfileBindingMap",
"type": "object"
}
ChildShaDynamicPlugin (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ShaDynamicPlugin, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildShaDynamicPlugin",
"module_id": "PolicySha",
"polymorphic-type-descriptor": {
"type-identifier": "ChildShaDynamicPlugin"
},
"properties": {
"ShaPluginProfile": {
"$ref": "ShaDynamicPlugin,
"description": "Contains the actual ShaDynamicPlugin object",
"required": true,
"title": "ShaDynamicPlugin"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ShaDynamicPlugin",
"type": "object"
}
ChildShaPluginProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ShaPluginProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildShaPluginProfile",
"module_id": "PolicySha",
"polymorphic-type-descriptor": {
"type-identifier": "ChildShaPluginProfile"
},
"properties": {
"ShaPluginProfile": {
"$ref": "ShaPluginProfile,
"description": "Contains the actual ShaPluginProfile object",
"required": true,
"title": "ShaPluginProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ShaPluginProfile",
"type": "object"
}
ChildShaPredefinedPlugin (type)
{
"additionalProperties": false,
"description": "Child wrapper object for ShaPredefinedPlugin, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildShaPredefinedPlugin",
"module_id": "PolicySha",
"polymorphic-type-descriptor": {
"type-identifier": "ChildShaPredefinedPlugin"
},
"properties": {
"ShaPluginProfile": {
"$ref": "ShaPredefinedPlugin,
"description": "Contains the actual ShaPredefinedPlugin object",
"required": true,
"title": "ShaPredefinedPlugin"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for ShaDynamicPlugin",
"type": "object"
}
ChildShare (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Share, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildShare",
"module_id": "PolicyShare",
"properties": {
"Share": {
"$ref": "Share,
"description": "Contains the actual Share object",
"required": true,
"title": "Share"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Share",
"type": "object"
}
ChildSharedResource (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SharedResource, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSharedResource",
"module_id": "PolicyShare",
"properties": {
"SharedResource": {
"$ref": "SharedResource,
"description": "Contains the actual SharedResource object",
"required": true,
"title": "SharedResource"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SharedResource",
"type": "object"
}
ChildSite (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Site, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSite",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSite"
},
"properties": {
"Site": {
"$ref": "Site,
"description": "Contains the actual Site object.",
"required": true,
"title": "Site"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Site",
"type": "object"
}
ChildSpoofGuardProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for SpoofGuardProfile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildSpoofGuardProfile",
"module_id": "PolicySpoofGuard",
"polymorphic-type-descriptor": {
"type-identifier": "ChildSpoofGuardProfile"
},
"properties": {
"SpoofGuardProfile": {
"$ref": "SpoofGuardProfile,
"description": "Contains the actual SpoofGuardProfile object",
"required": true,
"title": "SpoofGuardProfile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for SpoofGuardProfile",
"type": "object"
}
ChildStandaloneHostIdfwConfiguration (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildStandaloneHostIdfwConfiguration",
"module_id": "PolicyFirewallConfiguration",
"polymorphic-type-descriptor": {
"type-identifier": "ChildStandaloneHostIdfwConfiguration"
},
"properties": {
"StandaloneHostIdfwConfiguration": {
"$ref": "StandaloneHostIdfwConfiguration,
"description": "Contains the actual standalone host idfw configuration object.",
"required": true,
"title": "StandaloneHostIdfwConfiguration"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for StandaloneHostIdfwConfiguration",
"type": "object"
}
ChildStaticARPConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for StaticARPConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildStaticARPConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildStaticARPConfig"
},
"properties": {
"StaticARPConfig": {
"$ref": "StaticARPConfig,
"description": "Contains the actual StaticARPConfig object.",
"required": true,
"title": "StaticARPConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for StaticARPConfig",
"type": "object"
}
ChildStaticMimeContent (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Static MIME content, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildStaticMimeContent",
"module_id": "PolicyStaticMimeContent",
"polymorphic-type-descriptor": {
"type-identifier": "ChildStaticMimeContent"
},
"properties": {
"TlsProfile": {
"$ref": "StaticMimeContent,
"description": "Contains the actual Static MIME content object.",
"required": true,
"title": "Static Mime Content"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Child Static MIME content",
"type": "object"
}
ChildStaticRouteBfdPeer (type)
{
"additionalProperties": false,
"description": "Child wrapper for StaticRouteBfdPeer, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildStaticRouteBfdPeer",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildStaticRouteBfdPeer"
},
"properties": {
"BfdPeer": {
"$ref": "StaticRouteBfdPeer,
"description": "Contains the actual StaticRouteBfdPeer object.",
"required": true,
"title": "Static Route BFD Peer"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for StaticRouteBfdPeer",
"type": "object"
}
ChildStaticRoutes (type)
{
"additionalProperties": false,
"description": "Child wrapper object for StaticRoutes, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildStaticRoutes",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildStaticRoutes"
},
"properties": {
"StaticRoutes": {
"$ref": "StaticRoutes,
"description": "Contains the actual StaticRoutes object.",
"required": true,
"title": "StaticRoutes"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for StaticRoutes",
"type": "object"
}
ChildTagBulkOperation (type)
{
"additionalProperties": false,
"description": "Child wrapper object for TagBulkOperation, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTagBulkOperation",
"module_id": "PolicyTag",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTagBulkOperation"
},
"properties": {
"TagBulkOperation": {
"$ref": "TagBulkOperation,
"description": "Contains actual TagBulkOperation object.",
"required": true,
"title": "TagBulkOperation"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Child wrapper object for TagBulkOperation",
"type": "object"
}
ChildTier0 (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier-0, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier0",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier0"
},
"properties": {
"Tier0": {
"$ref": "Tier0,
"description": "Contains the actual Tier-0 object.",
"required": true,
"title": "Tier-0"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier-0",
"type": "object"
}
ChildTier0DeploymentMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier0DeploymentMap, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier0DeploymentMap",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier0DeploymentMap"
},
"properties": {
"Tier0DeploymentMap": {
"$ref": "Tier0DeploymentMap,
"description": "Contains the actual Tier0DeploymentMap object.",
"required": true,
"title": "Tier0DeploymentMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier0DeploymentMap",
"type": "object"
}
ChildTier0Interface (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier0Interface, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier0Interface",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier0Interface"
},
"properties": {
"Tier0Interface": {
"$ref": "Tier0Interface,
"description": "Contains the actual Tier0Interface object.",
"required": true,
"title": "Tier0Interface"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier0Interface",
"type": "object"
}
ChildTier0InterfaceGroup (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier0InterfaceGroup, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier0InterfaceGroup",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier0InterfaceGroup"
},
"properties": {
"Tier0InterfaceGroup": {
"$ref": "Tier0InterfaceGroup,
"description": "Contains the actual Tier0InterfaceGroup object.",
"required": true,
"title": "Tier0InterfaceGroup"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier0InterfaceGroup",
"type": "object"
}
ChildTier0RouteMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier0RouteMap, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier0RouteMap",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier0RouteMap"
},
"properties": {
"Tier0RouteMap": {
"$ref": "Tier0RouteMap,
"description": "Contains the actual Tier0RouteMap object",
"required": true,
"title": "Tier0RouteMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier0RouteMap",
"type": "object"
}
ChildTier0SecurityFeatures (type)
{
"additionalProperties": false,
"description": "Child wrapper object for T0 Security Feature, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier0SecurityFeatures",
"module_id": "PolicyGatewaySecurityFeature",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier0SecurityFeatures"
},
"properties": {
"Tier0SecurityFeatures": {
"$ref": "Tier0SecurityFeatures,
"description": "Contains the actual TO SecurityFeatures object",
"required": true,
"title": "T0 Security configs"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for T0 Security Feature",
"type": "object"
}
ChildTier1 (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier-1 , used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier1",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier1"
},
"properties": {
"Tier1": {
"$ref": "Tier1,
"description": "Contains the actual Tier-1 object.",
"required": true,
"title": "Tier-1"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier-1",
"type": "object"
}
ChildTier1DeploymentMap (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier1DeploymentMap, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier1DeploymentMap",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier1DeploymentMap"
},
"properties": {
"Tier1DeploymentMap": {
"$ref": "Tier1DeploymentMap,
"description": "Contains the actual Tier1DeploymentMap object.",
"required": true,
"title": "Tier1DeploymentMap"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier1DeploymentMap",
"type": "object"
}
ChildTier1Interface (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier1Interface, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier1Interface",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier1Interface"
},
"properties": {
"Tier1Interface": {
"$ref": "Tier1Interface,
"description": "Contains the actual Tier1Interface object.",
"required": true,
"title": "Tier1Interface"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier1Interface",
"type": "object"
}
ChildTier1InterfaceGroup (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tier1InterfaceGroup, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTier1InterfaceGroup",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTier1InterfaceGroup"
},
"properties": {
"Tier1InterfaceGroup": {
"$ref": "Tier1InterfaceGroup,
"description": "Contains the actual Tier1InterfaceGroup object.",
"required": true,
"title": "Tier1InterfaceGroup"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tier1InterfaceGroup",
"type": "object"
}
ChildTlsCertificate (type)
{
"additionalProperties": false,
"description": "Child wrapper for TlsCertificate, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTlsCertificate",
"module_id": "PolicyCertificate",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTlsCertificate"
},
"properties": {
"TlsCertificate": {
"$ref": "TlsCertificate,
"description": "Contains the actual TlsCertificate object.",
"required": true,
"title": "TlsCertificate"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for TlsCertificate",
"type": "object"
}
ChildTlsCrl (type)
{
"additionalProperties": false,
"description": "Child wrapper for TlsCrl, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTlsCrl",
"module_id": "PolicyCertificate",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTlsCrl"
},
"properties": {
"TlsCrl": {
"$ref": "TlsCrl,
"description": "Contains the actual TlsCrl object.",
"required": true,
"title": "TlsCrl"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for TlsCrl",
"type": "object"
}
ChildTlsPolicy (type)
{
"additionalProperties": false,
"description": "Child wrapper object for TLSPolicy, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTlsPolicy",
"module_id": "PolicyTls",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTlsPolicy"
},
"properties": {
"TlsPolicy": {
"$ref": "TlsPolicy,
"description": "Contains the actual TLSPolicy object",
"required": true,
"title": "TlsPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for TlsPolicy",
"type": "object"
}
ChildTlsProfile (type)
{
"additionalProperties": false,
"description": "Child wrapper object for TLS Profile, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTlsProfile",
"module_id": "PolicyTlsActionProfile",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTlsProfile"
},
"properties": {
"TlsProfile": {
"$ref": "TlsProfile,
"description": "Contains the actual TLS profile object.",
"required": true,
"title": "TLS Profile"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Child TLS Profile",
"type": "object"
}
ChildTlsRule (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Rule, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTlsRule",
"module_id": "PolicyTls",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTlsRule"
},
"properties": {
"TlsRule": {
"$ref": "TlsRule,
"description": "Contains the actual TLS Rule object",
"required": true,
"title": "TLS Rule"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Rule",
"type": "object"
}
ChildTlsTrustData (type)
{
"additionalProperties": false,
"description": "Child wrapper for TlsTrustData, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTlsTrustData",
"module_id": "PolicyCertificate",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTlsTrustData"
},
"properties": {
"TlsTrustData": {
"$ref": "TlsTrustData,
"description": "Contains the actual TlsTrustData object.",
"required": true,
"title": "TlsTrustData"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for TlsTrustData",
"type": "object"
}
ChildTraceflowConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper for TraceflowConfig, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTraceflowConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTraceflowConfig"
},
"properties": {
"TraceflowConfig": {
"$ref": "TraceflowConfig,
"description": "Contains the actual TraceflowConfig object.",
"required": true,
"title": "TraceflowConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for TraceflowConfig",
"type": "object"
}
ChildTunnel (type)
{
"additionalProperties": false,
"description": "Child wrapper object for Tunnel, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildTunnel",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildTunnel"
},
"properties": {
"Tunnel": {
"$ref": "Tunnel,
"description": "Contains the actual Tunnel object.",
"required": true,
"title": "Tunnel"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for Tunnel",
"type": "object"
}
ChildTypesRequestParameter (type)
{
"description": "Specified child resource types will be populated in the response body",
"id": "ChildTypesRequestParameter",
"module_id": "Policy",
"properties": {
"base_path": {
"description": "Base path of the resource for which user wants to retrieve the hierarchy. This should be the fully qualified path for the resource. - Sample examples - base_path=/infra/domains/default/groups/Group1 base_path=/infra/domains/default/security-policies/SecurityPolicy1/rules/Rule1",
"required": false,
"title": "Base Path for retrieving hierarchical intent",
"type": "string"
},
"filter": {
"description": "Filter string, can contain multiple or single java regular expressions separated by ';'. By default populates immediate child resources of the resource indicated by the URL. These child resources will be filtered by the type provided in the filter. It is recommended to use type_filter parameter instead of filter parameter. - Sample query string to prevent loading services and deployment zones: filter=Type-^(?!.*?(?:Service|DeploymentZone)).*$ - Sample query string to populate all the Group objects under Infra & Domain: filter=Type-Domain%7CGroup - Sample query string to load every policy object under Infra: filter=Type-.*",
"required": false,
"title": "Filter string as java regex",
"type": "string"
},
"type_filter": {
"description": "Advanced filter string in which user can directly specify the resourceTypes to be filtered. Can be used in conjunction with base_path. - Sample example of type_filter to load all groups - type_filter=Group - Sample example of multiple type_filter - type_filter=Group;SercurityPolicy;RedirectionPolicy - Sample example to load all groups in default domain using base_path in conjunction with type_filter - base_path=/infra/domains/default&type_filter=Group",
"required": false,
"title": "Filter string to retrieve hierarchy.",
"type": "string"
}
},
"title": "Filter to populate child types of the policyConfigResource",
"type": "object"
}
ChildVMTagReplicationPolicy (type)
{
"additionalProperties": false,
"description": "Child wrapper object for VMTagReplicationPolicy, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildVMTagReplicationPolicy",
"module_id": "VMTagReplicationPolicy",
"polymorphic-type-descriptor": {
"type-identifier": "ChildVMTagReplicationPolicy"
},
"properties": {
"VMTagReplicationPolicy": {
"$ref": "VMTagReplicationPolicy,
"description": "Contains the actual VMTagReplicationPolicy object",
"required": true,
"title": "VMTagReplicationPolicy"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for VMTagReplicationPolicy",
"type": "object"
}
ChildVirtualEndpoint (type)
{
"additionalProperties": false,
"description": "Child wrapper object for VirtualEndpoint used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildVirtualEndpoint",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ChildVirtualEndpoint"
},
"properties": {
"VirtualEndpoint": {
"$ref": "VirtualEndpoint,
"description": "Contains reference to actual VirtualEndpoint.",
"required": true,
"title": "VirtualEndpoint"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for VirtualEndpoint",
"type": "object"
}
ChildVniPoolConfig (type)
{
"additionalProperties": false,
"description": "Child wrapper object for VniPoolConfig, used in hierarchical API.",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildVniPoolConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "ChildVniPoolConfig"
},
"properties": {
"VniPoolConfig": {
"$ref": "VniPoolConfig,
"description": "Contains the actual VniPoolConfig object.",
"required": true,
"title": "VniPoolConfig"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for VniPoolConfig",
"type": "object"
}
ChildVpc (type)
{
"additionalProperties": false,
"description": "Child wrapper object for VPC, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildVpc",
"module_id": "PolicyVpc",
"properties": {
"Vpc": {
"$ref": "Vpc,
"description": "Contains the actual VPC object",
"required": true,
"title": "VPC"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for VPC",
"type": "object"
}
ChildVpcIpAddressAllocation (type)
{
"additionalProperties": false,
"description": "Child wrapper object for IpAddressAllocation, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildVpcIpAddressAllocation",
"module_id": "PolicyVpcSubnetIpam",
"polymorphic-type-descriptor": {
"type-identifier": "ChildVpcIpAddressAllocation"
},
"properties": {
"VpcIpAddressAllocation": {
"$ref": "VpcIpAddressAllocation,
"description": "Contains the actual VpcIpAddressAllocation object",
"required": true,
"title": "VpcIpAddressAllocation"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for VpcIpAddressAllocation",
"type": "object"
}
ChildVpcSubnet (type)
{
"additionalProperties": false,
"description": "Child wrapper object for VPC Subnet, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildVpcSubnet",
"module_id": "PolicyVpcSubnet",
"properties": {
"VpcSubnet": {
"$ref": "VpcSubnet,
"description": "Contains the actual VPC Subnet object",
"required": true,
"title": "VPC Subnet"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for VPC Subnet",
"type": "object"
}
ChildVpcSubnetPort (type)
{
"additionalProperties": false,
"description": "Child wrapper object for VPC Subnet Port, used in hierarchical API",
"extends": {
"$ref": "ChildPolicyConfigResource
},
"id": "ChildVpcSubnetPort",
"module_id": "PolicyVpcSubnet",
"properties": {
"VpcSubnetPort": {
"$ref": "VpcSubnetPort,
"description": "Contains the actual VPC Subnet Port object",
"required": true,
"title": "VPC Subnet Port"
},
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mark_for_override": {
"default": false,
"required": false,
"title": "Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.",
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"request_parameter": {
"$ref": "PolicyRequestParameter,
"required": false,
"title": "Generic type for passing the API request parameters."
},
"resource_type": {
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Wrapper object for VPC Subnet Port",
"type": "object"
}
CidrArrayConstraintValue (type)
{
"additionalProperties": false,
"description": "List of CIDR values",
"extends": {
"$ref": "ConstraintValue
},
"id": "CidrArrayConstraintValue",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"type-identifier": "CidrArrayConstraintValue"
},
"properties": {
"resource_type": {
"enum": [
"StringArrayConstraintValue",
"CidrArrayConstraintValue",
"IntegerArrayConstraintValue"
],
"required": true,
"type": "string"
},
"values": {
"description": "This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, \"192.168.1.1\", \"192.168.1.1-192.168.1.100\", \"192.168.0.0/24\", \"fe80::250:56ff:fe83:318c\", \"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c\", \"fe80::250:56ff:fe83:318c/64\".",
"items": {
"$ref": "IPElement
},
"maxItems": 100,
"minItems": 1,
"required": true,
"title": "Array of IP addresses",
"type": "array"
}
},
"title": "Array of CIDR Values to perform operation",
"type": "object"
}
CipherSuite (type)
{
"additionalProperties": false,
"id": "CipherSuite",
"module_id": "ApiServiceConfig",
"properties": {
"enabled": {
"required": true,
"title": "Enable status for this cipher suite",
"type": "boolean"
},
"name": {
"required": true,
"title": "Name of the TLS cipher suite",
"type": "string"
}
},
"title": "HTTP cipher suite",
"type": "object"
}
ClaimMap (type)
{
"description": "Information about how to map a single OIDC ID token claim to one or more NSX roles.",
"id": "ClaimMap",
"module_id": "CertificateManager",
"properties": {
"claim_name": {
"type": "string"
},
"value_to_role_map": {
"items": {
"$ref": "ClaimValueToRoleMap
},
"type": "array"
}
},
"title": "Claim map",
"type": "object"
}
ClaimValueToRoleMap (type)
{
"descrption": "Information about how to map one value of an OIDC ID token claim to one or more NSX roles.",
"id": "ClaimValueToRoleMap",
"module_id": "CertificateManager",
"properties": {
"claim_value": {
"description": "The value of the claim to map.",
"title": "Claim value",
"type": "string"
},
"roles": {
"description": "The NSX roles that this particular claim value should map to.",
"items": {
"type": "string"
},
"title": "Mapped roles",
"type": "array"
}
},
"title": "Claim value map",
"type": "object"
}
ClasslessStaticRoute (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "DHCP classless static route option.",
"id": "ClasslessStaticRoute",
"module_id": "Dhcp",
"properties": {
"network": {
"$ref": "IPElement,
"description": "Destination network in CIDR format.",
"required": true,
"title": "Destination in CIDR"
},
"next_hop": {
"$ref": "IPAddress,
"description": "IP address of next hop of the route.",
"required": true,
"title": "Router"
}
},
"title": "DHCP classless static route option",
"type": "object"
}
ClientAuthType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Client authentication could be REQUIRED or IGNORE. REQUIRED means that client is required to present its certificate to the server for authentication. To be accepted, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified in the same client SSL profile binding. IGNORE means that client certificate would be ignored.",
"enum": [
"REQUIRED",
"IGNORE"
],
"id": "ClientAuthType",
"module_id": "LoadBalancer",
"title": "client authentication mode",
"type": "string"
}
ClusterBackupInfo (type)
{
"additionalProperties": false,
"id": "ClusterBackupInfo",
"module_id": "ClusterRestore",
"properties": {
"ip_address": {
"description": "IP address or FQDN of the node which would be used for the restoration. This should be same as the one on which backup was taken",
"format": "hostname-or-ip",
"readonly": true,
"required": false,
"title": "IP address or FQDN of the node from which the backup was taken",
"type": "string"
},
"ipv6_address": {
"description": "IPv6 address or FQDN v6 of the node which would be used for the restoration. This should be same as the one on which backup was taken",
"format": "hostname-or-ip",
"readonly": true,
"required": false,
"title": "IPv6 address or FQDN v6 of the node from which the backup was taken",
"type": "string"
},
"node_id": {
"readonly": true,
"required": true,
"title": "ID of the node from which the backup was taken",
"type": "string"
},
"restore_type": {
"default": [],
"items": {
"enum": [
"REGULAR_RESTORE",
"POLICY_ONLY_RESTORE"
],
"type": "string"
},
"readonly": true,
"required": false,
"title": "Type of restore allowed",
"type": "array",
"uniqueItems": true
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"required": true,
"title": "timestamp of the cluster backup file"
}
},
"title": "Cluster backup details",
"type": "object"
}
ClusterBackupInfoListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ClusterBackupInfoListResult",
"module_id": "ClusterRestore",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ClusterBackupInfo
},
"readonly": true,
"required": true,
"title": "List of timestamps of backed-up cluster files",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
ClusterCertificateId (type)
{
"additionalProperties": false,
"id": "ClusterCertificateId",
"properties": {
"certificate_id": {
"required": true,
"title": "Certificate ID",
"type": "string"
}
},
"title": "Cluster Certificate ID",
"type": "object"
}
ClusterMemberDetails (type)
{
"additionalProperties": false,
"description": "Details of the member belonging to a Group",
"id": "ClusterMemberDetails",
"module_id": "PolicyGroupRealization",
"properties": {
"cluster_id": {
"readonly": true,
"required": true,
"title": "The Antrea cluster id of the pod",
"type": "string"
},
"cluster_name": {
"readonly": true,
"required": true,
"title": "The Antrea cluster name of the pod",
"type": "string"
},
"namespaces": {
"items": {
"$ref": "NamespaceMemberDetails
},
"required": true,
"type": "array"
}
},
"title": "Group member details",
"type": "object"
}
ClusterNodeRole (type)
{
"description": "Enumerates the roles that can be specified in VM auto-deployment.",
"enum": [
"CONTROLLER",
"MANAGER"
],
"id": "ClusterNodeRole",
"module_id": "ClusterNodeVMDeployment",
"title": "Cluster node role",
"type": "string"
}
ClusterNodeVMDeletionParameters (type)
{
"description": "Parameters for deletion of a cluster node VM.",
"id": "ClusterNodeVMDeletionParameters",
"module_id": "ClusterNodeVMDeployment",
"properties": {
"force_delete": {
"description": "If true, the VM will be undeployed even if it cannot be removed from its cluster.",
"title": "Delete by force",
"type": "boolean"
}
},
"title": "Parameters for DeleteAutoDeployedClusterNodeVM",
"type": "object"
}
ClusterNodeVMDeploymentConfig (type)
{
"description": "Contains info used to configure the VM on deployment",
"id": "ClusterNodeVMDeploymentConfig",
"module_id": "ClusterNodeVMDeployment",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "placement_type"
},
"properties": {
"placement_type": {
"description": "Specifies the config for the platform through which to deploy the VM",
"enum": [
"VsphereClusterNodeVMDeploymentConfig"
],
"required": true,
"title": "Type of deployment",
"type": "string"
}
},
"title": "Configuration for deploying cluster node VM",
"type": "object"
}
ClusterNodeVMDeploymentRequest (type)
{
"additionalProperties": false,
"description": "Contains the deployment information for a cluster node VM soon to be deployed or already deployed by the Manager",
"id": "ClusterNodeVMDeploymentRequest",
"module_id": "ClusterNodeVMDeployment",
"properties": {
"deployment_config": {
"$ref": "ClusterNodeVMDeploymentConfig,
"description": "Info needed to configure a cluster node VM at deployment for a specific platform. May require different parameters depending on the method used to deploy the VM.",
"required": true,
"title": "Deployment config for cluster node VM"
},
"form_factor": {
"$ref": "ClusterNodeVMFormFactor,
"default": "MEDIUM",
"description": "Specifies the desired \"size\" of the VM",
"required": false,
"title": "Form factor for cluster node VMs"
},
"roles": {
"description": "List of cluster node role (or roles) which the VM should take on. They specify what type (or types) of cluster node which the new VM should act as. Currently both CONTROLLER and MANAGER must be provided, since this permutation is the only one supported now.",
"items": {
"$ref": "ClusterNodeRole
},
"required": true,
"title": "Cluster node roles of the VM",
"type": "array"
},
"user_settings": {
"$ref": "NodeUserSettings,
"description": "Username and password settings for the cluster node VM. Passwords must be at least 12 characters in length and contain at least one lowercase, one uppercase, one numerical, and one special character. Note: These settings will be honored only during VM deployment. Post-deployment, CLI must be used for changing the user settings and changes to these parameters will not have any effect.",
"required": true,
"sensitive": true,
"title": "User settings for the VM"
},
"vm_id": {
"description": "ID of the VM maintained internally and used to recognize it. Note: This is automatically generated and cannot be modified.",
"readonly": true,
"required": false,
"title": "ID of VM used to recognize it",
"type": "string"
}
},
"title": "Info for an auto-deployment request",
"type": "object"
}
ClusterNodeVMDeploymentRequestList (type)
{
"additionalProperties": false,
"description": "List of ClusterNodeVMDeploymentRequests",
"extends": {
"$ref": "ListResult
},
"id": "ClusterNodeVMDeploymentRequestList",
"module_id": "ClusterNodeVMDeployment",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Array of existing ClusterNodeVMDeploymentRequests",
"items": {
"$ref": "ClusterNodeVMDeploymentRequest
},
"required": true,
"title": "Results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "ClusterNodeVMDeploymentRequest list",
"type": "object"
}
ClusterNodeVMDeploymentStatusReport (type)
{
"description": "Contains up-to-date information relating to an auto-deployed VM, including its status and (potentially) an error message.",
"id": "ClusterNodeVMDeploymentStatusReport",
"module_id": "ClusterNodeVMDeployment",
"properties": {
"deployment_progress_state": {
"$ref": "VMDeploymentProgressState,
"description": "Detailed progress state of node VM deployment realization",
"readonly": true,
"required": false,
"title": "Deployment progress state of node VM"
},
"failure_code": {
"description": "In case of auto-deployment-related failure, the code for the error will be stored here.",
"required": false,
"title": "Error code for failure",
"type": "integer"
},
"failure_message": {
"description": "In case of auto-deployment-related failure, an error message will be stored here.",
"required": false,
"title": "Error message for failure",
"type": "string"
},
"status": {
"description": "Status of the addition or deletion of an auto-deployed cluster node VM.",
"enum": [
"UNKNOWN_STATE",
"VM_DEPLOYMENT_QUEUED",
"VM_DEPLOYMENT_IN_PROGRESS",
"VM_DEPLOYMENT_FAILED",
"VM_POWER_ON_IN_PROGRESS",
"VM_POWER_ON_FAILED",
"WAITING_TO_REGISTER_VM",
"VM_REGISTRATION_FAILED",
"VM_WAITING_TO_CLUSTER",
"VM_WAITING_TO_COME_ONLINE",
"VM_ONLINE_FAILED",
"VM_CLUSTERING_IN_PROGRESS",
"VM_CLUSTERING_FAILED",
"VM_CLUSTERING_SUCCESSFUL",
"WAITING_TO_UNDEPLOY_VM",
"VM_DECLUSTER_IN_PROGRESS",
"VM_DECLUSTER_FAILED",
"VM_DECLUSTER_SUCCESSFUL",
"VM_POWER_OFF_IN_PROGRESS",
"VM_POWER_OFF_FAILED",
"VM_UNDEPLOY_IN_PROGRESS",
"VM_UNDEPLOY_FAILED",
"VM_UNDEPLOY_SUCCESSFUL"
],
"required": true,
"title": "Auto-deployed VM's deployment status",
"type": "string"
}
},
"title": "Report of a VM's deployment status",
"type": "object"
}
ClusterNodeVMFormFactor (type)
{
"description": "Specifies the desired \"size\" of the VM. Affects number of virtual CPUs and/or memory size given to the new cluster node VM.",
"enum": [
"SMALL",
"MEDIUM",
"LARGE",
"XLARGE"
],
"id": "ClusterNodeVMFormFactor",
"module_id": "ClusterNodeVMDeployment",
"title": "Supported VM form factor for cluster nodes",
"type": "string"
}
ClusterRestoreStatus (type)
{
"id": "ClusterRestoreStatus",
"module_id": "ClusterRestore",
"properties": {
"allowed_actions": {
"default": [],
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of actions that are allowed.",
"type": "array",
"uniqueItems": true
},
"backup_timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"required": false,
"title": "Timestamp when backup was initiated in epoch millisecond"
},
"endpoints": {
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"required": true,
"title": "The list of allowed endpoints, based on the current state of\nthe restore process\n",
"type": "array"
},
"id": {
"readonly": true,
"required": false,
"title": "Unique id for backup request",
"type": "string"
},
"instructions": {
"items": {
"$ref": "InstructionInfo
},
"readonly": true,
"required": false,
"title": "Instructions for users to reconcile Restore operations",
"type": "array"
},
"not_allowed_actions": {
"default": [],
"items": {
"enum": [
"VC_UPDATES"
],
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of actions that are not allowed",
"type": "array",
"uniqueItems": true
},
"restore_end_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"required": false,
"title": "Timestamp when restore was completed in epoch millisecond"
},
"restore_start_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"required": false,
"title": "Timestamp when restore was started in epoch millisecond"
},
"status": {
"$ref": "GlobalRestoreStatus
},
"step": {
"$ref": "RestoreStep
},
"total_steps": {
"readonly": true,
"required": false,
"title": "Total number of steps in the entire restore process",
"type": "integer"
}
},
"title": "Cluster restore status",
"type": "object"
}
ClusterRestoreStatusRequestParameters (type)
{
"id": "ClusterRestoreStatusRequestParameters",
"properties": {
"restore_component": {
"default": "LOCAL_MANAGER",
"enum": [
"LOCAL_MANAGER",
"GLOBAL_MANAGER"
],
"readonly": true,
"required": false,
"type": "string"
}
},
"type": "object"
}
ClusterVirtualIpProperties (type)
{
"additionalProperties": false,
"id": "ClusterVirtualIpProperties",
"properties": {
"force": {
"default": "false",
"enum": [
"true",
"false"
],
"title": "On enable it ignores duplicate address detection and DNS lookup validation check",
"type": "string"
},
"ip6_address": {
"title": "Virtual IPv6 address, :: if not configured",
"type": "string"
},
"ip_address": {
"title": "Virtual IP address, 0.0.0.0 if not configured",
"type": "string"
}
},
"title": "Cluster virtual IP properties",
"type": "object"
}
ClusteringConfig (type)
{
"description": "Configuration for automatically joining a cluster node to the cluster after it is deployed. ClusteringConfig is required if any of the deployment nodes has CONTROLLER role.",
"id": "ClusteringConfig",
"module_id": "ClusterNodeVMDeployment",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "clustering_type"
},
"properties": {
"clustering_type": {
"description": "Specifies the type of clustering config to be used.",
"enum": [
"ControlClusteringConfig"
],
"required": true,
"title": "Type for the clustering config",
"type": "string"
}
},
"title": "Configuration for VM's clustering",
"type": "object"
}
CmThumbprintHashingConfig (type)
{
"additionalProperties": false,
"id": "CmThumbprintHashingConfig",
"module_id": "InventoryCmObj",
"properties": {
"hashing_algorithm_type": {
"description": "This specifies the hashing algorithm to be used for stamping NSX manager thumbprint in compute manager extension. e.g. When a vCenter is registered as compute manager, thumbprint of NSX manager certificate is stamped in NSXT extension on vCenter. If algorithm type is SHA1, then SHA1 thumbprint of NSX manager API certificate is stamped. If algorithm type is SHA256, then SHA256 thumbprint of NSX manager certificate is stamped. Changing this setting to SHA256 will result in communication issues between WCP component in VC and NSX manager. Hence it is recommended not to use SHA256 if VC WCP feature is being used with NSX.",
"enum": [
"SHA1",
"SHA256"
],
"readonly": false,
"required": true,
"title": "Algorithm type for thumbprint hashing",
"type": "string"
}
},
"type": "object"
}
ColumnItem (type)
{
"additionalProperties": false,
"description": "Represents a column of the Grid",
"id": "ColumnItem",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"column_identifier": {
"description": "Identifies the column and used for fetching content upon an user click or drilldown. If column identifier is not provided, the column's data will not participate in searches and drilldowns.",
"title": "Identifier for this column",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"field": {
"description": "Field from which values of the column will be derived.",
"maxLength": 1024,
"required": true,
"title": "Column Field",
"type": "string"
},
"hidden": {
"default": false,
"description": "If set to true, hides the column",
"title": "Hide the column",
"type": "boolean"
},
"label": {
"$ref": "Label,
"description": "Label of the column.",
"readonly": false,
"required": true,
"title": "Column Label"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"render_configuration": {
"description": "Render configuration to be applied, if any.",
"items": {
"$ref": "RenderConfiguration
},
"title": "Render Configuration",
"type": "array"
},
"sort_ascending": {
"default": true,
"description": "If true, the value of the column are sorted in ascending order. Otherwise, in descending order.",
"title": "Represents order of sorting the values",
"type": "boolean"
},
"sort_key": {
"description": "Sorting on column is based on the sort_key. sort_key represents the field in the output data on which sort is requested.",
"maxLength": 255,
"title": "Key for sorting on this column",
"type": "string"
},
"tooltip": {
"description": "Multi-line text to be shown on tooltip while hovering over a cell in the grid.",
"items": {
"$ref": "Tooltip
},
"title": "Multi-line tooltip",
"type": "array"
},
"type": {
"default": "String",
"description": "Data type of the field.",
"enum": [
"String",
"Number",
"Date"
],
"maxLength": 255,
"required": true,
"title": "Field data type",
"type": "string"
}
},
"title": "Grid Column",
"type": "object"
}
CommunicationEntry (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "A communication entry indicates the action to be performed for various types of traffic flowing between workload groups. This type is deprecated. Use the type Rule instead.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "CommunicationEntry",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "The action to be applied to all the services.",
"enum": [
"ALLOW",
"DROP",
"REJECT"
],
"required": false,
"title": "Action",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Destination group paths",
"type": "array"
},
"direction": {
"default": "IN_OUT",
"description": "Define direction of traffic.",
"enum": [
"IN",
"OUT",
"IN_OUT"
],
"required": false,
"title": "Direction",
"type": "string"
},
"disabled": {
"default": false,
"description": "Flag to deactivate the rule. Default is activated.",
"readonly": false,
"required": false,
"title": "Flag to deactivate the rule",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"logged": {
"default": false,
"description": "Flag to enable packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"notes": {
"description": "Text for additional notes on changes.",
"required": false,
"title": "Text for additional notes on changes",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"scope": {
"description": "The list of policy paths where the communication entry is applied Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied on multiple LRs/LRPs.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array"
},
"sequence_number": {
"description": "This field is used to resolve conflicts between multiple CommunicationEntries under CommunicationMap for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple communication entries with the same sequence number then their order is not deterministic. If a specific order of communication entry is desired, then one has to specify unique sequence numbers or use the POST request on the communication entry entity with a query parameter action=revise to let the framework assign a sequence number",
"required": false,
"title": "Sequence number of the this CommunicationEntry",
"type": "int"
},
"services": {
"description": "In order to specify all services, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Names of services",
"type": "array"
},
"source_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Source group paths",
"type": "array"
},
"tag": {
"description": "User level field which will be printed in CLI and packet logs.",
"maxLength": 32,
"required": false,
"title": "Tag applied on the communication entry",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A communication entry specifies the security policy between the workload groups",
"type": "object"
}
CommunicationMap (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Ordered list of CommunicationEntries. This object is created by default along with the Domain. This type is deprecated. Use the type SecurityPolicy instead.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "CommunicationMap",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework for Distributed Firewall provides four pre-defined categories for classifying a communication map. They are \"Emergency\", \"Infrastructure\", \"Environment\" and \"Application\". Amongst the layer 3 communication maps,there is a pre-determined order in which the policy framework manages the priority of these communication maps. Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a communication map into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four layer 3 categories.",
"required": false,
"title": "A way to classify a communication map, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"communication_entries": {
"items": {
"$ref": "CommunicationEntry
},
"required": false,
"title": "CommunicationEntries that are a part of this CommunicationMap",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"precedence": {
"description": "This field is used to resolve conflicts between communication maps across domains. In order to change the precedence of a communication map one can fire a POST request on the communication map entity with a query parameter action=revise The precedence field will reflect the value of the computed precedence upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several communication maps, the only way to set the precedence is to explicitly specify the precedence number for each communication map. If no precedence is specified in the payload, a value of 0 is assigned by default. If there are multiple communication maps with the same precedence then their order is not deterministic. If a specific order of communication map is desired, then one has to specify a unique precedence or use the POST request on the communication map entity with a query parameter action=revise to let the framework assign a precedence",
"title": "Precedence to resolve conflicts across Domains",
"type": "int"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of CommunicationEntries",
"type": "object"
}
CommunityList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "CommunityList",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"communities": {
"description": "List of BGP community entries. Both standard and large communities are supported. Standard community format: aa:nn where aa and nn must be within the range [1 - 65536]. Large BGP Community format: aa:bb:nn where aa (Global Administrator), bb (Local Data Part 1) and nn (Local Data Part 2) must be within the range [1 - 4294967295]. In additon to numbered communites (e.g. 3356:2040), predefined communities (NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED) are supported.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "List of BGP community entries",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Community list for BGP routing configuration",
"type": "object"
}
CommunityListListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "CommunityListListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "CommunityList
},
"required": true,
"title": "CommunityList results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of CommunityLists",
"type": "object"
}
CommunityMatchCriteria (type)
{
"additionalProperties": false,
"id": "CommunityMatchCriteria",
"module_id": "PolicyConnectivity",
"properties": {
"criteria": {
"description": "Match criteria specified as a community list path or a regular expression.",
"required": true,
"title": "Match criteria based on community list path or a regular expression",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0RouteMap"
],
"relationshipType": "ROUTEMAP_COMMUNITY_LIST_RELATIONSHIP",
"rightType": [
"CommunityList"
]
}
]
},
"match_operator": {
"description": "Match operator for community list entries. Not valid when a regular expression is specified for criteria.",
"enum": [
"MATCH_ANY",
"MATCH_ALL",
"MATCH_EXACT",
"MATCH_COMMUNITY_REGEX",
"MATCH_LARGE_COMMUNITY_REGEX"
],
"required": false,
"title": "Match operator for community list entries",
"type": "string"
}
},
"title": "Match criteria based on a community list",
"type": "object"
}
CompatibilityCheckResult (type)
{
"additionalProperties": false,
"description": "Result of prechecks run for onboarding standby Global Manager or remote site. The checks include NSX version compatibility with active Global Manager, Round Trip Time (RTT), etc. Note that some of checks like RTT are soft limits.",
"extends": {
"$ref": "BaseCompatibilityCheckResult
},
"id": "CompatibilityCheckResult",
"module_id": "PolicySiteGM",
"properties": {
"local_nsx_version": {
"description": "Local Site NSX version where active Global Mananger is running.",
"readonly": true,
"title": "Local Site NSX version where active Global Mananger is running",
"type": "string"
},
"nsx_version": {
"description": "Remote Site NSX version.",
"readonly": true,
"title": "Remote Site NSX version",
"type": "string"
},
"rtt": {
"description": "Round trip time to the remote Site or Global Manager from active Global Manager.",
"readonly": true,
"title": "Round trip time to the remote Site or Global Manager from active\nGlobal Manager\n",
"type": "integer"
},
"rtt_exceeded": {
"description": "Flag to indicate if RTT to remote Site exceeds the recommended limit.",
"readonly": true,
"title": "Flag to indicate if RTT to remote Site exceeds the recommended limit",
"type": "boolean"
},
"version_compatible": {
"description": "Flag to indicate if remote Site NSX version is compatible with active Global Manager.",
"readonly": true,
"title": "Flag to indicate if remote Site NSX version is compatible",
"type": "boolean"
}
},
"title": "Precheck result for onboaring standby Global Manager or remote Site to\nfederation\n",
"type": "object"
}
CompatibilityDetail (type)
{
"description": "Feature compatibility status details indicating specific site configuration incompatibility with global manager configuration.",
"id": "CompatibilityDetail",
"module_id": "GmConfigOnboarding",
"properties": {
"attributes": {
"items": {
"$ref": "OnboardingAttribute
},
"maxItems": 20,
"readonly": true,
"required": false,
"title": "Additional Attributes",
"type": "array"
},
"status_code": {
"description": "Unique integer number indicating configuration incompatibility.",
"readonly": true,
"required": true,
"title": "Status Code",
"type": "integer"
},
"status_message": {
"description": "A brief explaination of status code.",
"readonly": true,
"required": false,
"title": "Status Message",
"type": "string"
}
},
"title": "Feature Compatibility Details",
"type": "object"
}
ComponentTargetVersion (type)
{
"id": "ComponentTargetVersion",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": true,
"required": true,
"type": "string"
},
"target_version": {
"readonly": true,
"required": true,
"type": "string"
}
},
"type": "object"
}
ComponentTypeListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "ComponentTypeListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": false,
"title": "Component type on which the action is performed or on which the results are filtered",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
ComponentUpgradeChecksInfo (type)
{
"additionalProperties": false,
"description": "Meta-data of pre/post-upgrade checks for a component",
"id": "ComponentUpgradeChecksInfo",
"module_id": "Upgrade",
"properties": {
"component_type": {
"description": "Component type of the pre/post-upgrade checks",
"readonly": false,
"required": true,
"title": "Component type",
"type": "string"
},
"post_upgrade_checks_info": {
"items": {
"$ref": "UpgradeCheckInfo
},
"required": false,
"title": "Collection of post-upgrade checks",
"type": "array"
},
"pre_upgrade_checks_info": {
"items": {
"$ref": "UpgradeCheckInfo
},
"required": false,
"title": "Collection of pre-upgrade checks",
"type": "array"
}
},
"title": "Meta-data of pre/post-upgrade checks for a component",
"type": "object"
}
ComponentUpgradeChecksInfoListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ComponentUpgradeChecksInfoListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ComponentUpgradeChecksInfo
},
"required": true,
"title": "Collection of info of pre/post-upgrade checks for components",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
ComponentUpgradeStatus (type)
{
"additionalProperties": false,
"id": "ComponentUpgradeStatus",
"module_id": "Upgrade",
"properties": {
"can_rollback": {
"description": "This field indicates whether we can perform upgrade rollback.",
"readonly": true,
"required": false,
"title": "Can perform rollback",
"type": "boolean"
},
"can_skip": {
"readonly": true,
"required": false,
"title": "Can the upgrade of the remaining units in this component be skipped",
"type": "boolean"
},
"component_type": {
"readonly": true,
"required": false,
"title": "Component type for the upgrade status",
"type": "string"
},
"current_version_node_summary": {
"$ref": "NodeSummaryList,
"readonly": true,
"required": false,
"title": "Mapping of current versions of nodes and counts of nodes at the respective versions."
},
"details": {
"readonly": true,
"required": false,
"title": "Details about the upgrade status",
"type": "string"
},
"node_count_at_target_version": {
"description": "Number of nodes of the type and at the component version",
"readonly": true,
"required": false,
"title": "Count of nodes at target component version",
"type": "int"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"pre_upgrade_status": {
"$ref": "UpgradeChecksExecutionStatus,
"readonly": true,
"required": false,
"title": "Pre-upgrade status of the component-type"
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Upgrade status of component",
"type": "string"
},
"target_component_version": {
"readonly": true,
"required": false,
"title": "Target component version",
"type": "string"
}
},
"type": "object"
}
ComputeClusterIdfwConfiguration (type)
{
"additionalProperties": false,
"description": "Idfw configuration for activate/deactivate idfw on cluster level.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ComputeClusterIdfwConfiguration",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cluster_idfw_enabled": {
"description": "If set to true, idfw is enabled for this cluster",
"readonly": false,
"required": true,
"title": "Idfw enabled flag",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_stale": {
"description": "If set to true, this cluster has been deleted from NSX.",
"readonly": true,
"title": "Cluster stale flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"member": {
"$ref": "PolicyResourceReference,
"description": "Contains actual policy resource reference object",
"required": true,
"title": "PolicyResourceReference"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Compute cluster idfw configuration",
"type": "object"
}
ComputeManager (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "ComputeManager",
"module_id": "InventoryCmObj",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"access_level_for_oidc": {
"default": "FULL",
"description": "Specifies the maximum access level allowed for calls from compute manager to NSX using the OIDC provider.",
"enum": [
"FULL",
"LIMITED"
],
"readonly": false,
"required": false,
"title": "Specifies access level to NSX from the compute manager",
"type": "string"
},
"create_service_account": {
"default": false,
"description": "Enable this flag to create service account user on compute manager. This is required by features such as vSphere Lifecycle Manager for authentication with vAPIs from nsx.",
"readonly": false,
"required": false,
"title": "Specifies whether service account is created or not on compute manager",
"type": "boolean"
},
"credential": {
"$ref": "LoginCredential,
"description": "Supported credential types are 'UsernamePasswordLoginCredential', 'SamlTokenLoginCredential', 'SessionLoginCredential'. VerifiableAsymmetricLoginCredential is used for internal purpose only.",
"readonly": false,
"required": false,
"title": "Login credentials for the compute manager"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"extension_certificate": {
"$ref": "CertificateData,
"description": "Specifies certificate for compute manager extension registered on vCenter.",
"readonly": false,
"required": false,
"title": "Specifies certificate for compute manager extension"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"multi_nsx": {
"default": false,
"description": "Enable this flag to manage same compute manager by multiple nsx.",
"readonly": false,
"required": false,
"title": "Specifies whether multi nsx feature is enabled for compute manager",
"type": "boolean"
},
"origin_properties": {
"items": {
"$ref": "KeyValuePair
},
"readonly": true,
"required": false,
"title": "Key-Value map of additional specific properties of compute manager",
"type": "array"
},
"origin_type": {
"readonly": false,
"required": true,
"title": "Compute manager type like vCenter",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"reverse_proxy_https_port": {
"default": 443,
"description": "Specifies https port of the reverse proxy to connect to compute manager. For e.g. In case of VC, this port can be retrieved from this config file /etc/vmware-rhttpproxy/config.xml.",
"maximum": 65535,
"minimum": 1,
"readonly": false,
"required": false,
"title": "Proxy https port of compute manager",
"type": "integer"
},
"server": {
"format": "hostname-or-ip",
"readonly": false,
"required": true,
"title": "IP address or hostname of compute manager",
"type": "string"
},
"set_as_oidc_provider": {
"default": false,
"description": "If the compute manager is VC and need to set set as OIDC provider for NSX then this flag should be set as true. This is specific to wcp feature, should be enabled when this feature is being used.",
"readonly": false,
"required": false,
"title": "Specifies whether compute manager has been set as OIDC provider",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
ComputeManagerListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "ComputeManagerListRequestParameters",
"module_id": "InventoryCmObj",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"origin_type": {
"readonly": false,
"required": false,
"title": "Compute manager type like vCenter",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"server": {
"format": "hostname-or-ip",
"readonly": false,
"required": false,
"title": "IP address or hostname of compute manager",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Compute manager list parameters",
"type": "object"
}
ComputeManagerListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ComputeManagerListResult",
"module_id": "InventoryCmObj",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ComputeManager
},
"required": true,
"title": "List of compute managers",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List of compute managers",
"type": "object"
}
ComputeManagerStatus (type)
{
"additionalProperties": false,
"id": "ComputeManagerStatus",
"module_id": "InventoryCmObj",
"properties": {
"connection_errors": {
"help_detail": "Errors will be cleared after successful connection",
"items": {
"$ref": "ErrorInfo
},
"readonly": true,
"required": false,
"title": "Errors when connecting with compute manager",
"type": "array"
},
"connection_status": {
"enum": [
"UP",
"DOWN",
"CONNECTING"
],
"readonly": true,
"required": false,
"title": "Status of connection with the compute manager",
"type": "string"
},
"connection_status_details": {
"help_detail": "Details, if any, about the current status of the connection with the compute manager",
"readonly": true,
"required": false,
"title": "Details about connection status",
"type": "string"
},
"last_sync_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"required": false,
"title": "Timestamp of the last successful update of Inventory, in epoch milliseconds."
},
"oidc_end_point_id": {
"description": "If Compute manager is trusted as authorization server, then this Id will be Id of corresponding oidc end point.",
"readonly": true,
"required": false,
"title": "Specifies Id of corresponding OidcEndPoint",
"type": "string"
},
"registration_errors": {
"help_detail": "Errors will be cleared after successful registration",
"items": {
"$ref": "ErrorInfo
},
"readonly": true,
"required": false,
"title": "Errors when registering with compute manager",
"type": "array"
},
"registration_status": {
"enum": [
"REGISTERED",
"UNREGISTERED",
"REGISTERING",
"REGISTERED_WITH_ERRORS"
],
"readonly": true,
"required": false,
"title": "Registration status of compute manager",
"type": "string"
},
"version": {
"readonly": true,
"required": false,
"title": "Version of the compute manager",
"type": "string"
}
},
"title": "Runtime status information of the compute manager",
"type": "object"
}
Condition (type)
{
"additionalProperties": false,
"description": "Represents the leaf level condition. Evaluation of the condition expression will be case insensitive.",
"extends": {
"$ref": "Expression
},
"id": "Condition",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "Condition"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"exclude": {
"$ref": "ExcludedMembersList,
"description": "List of members to be excluded from the condition. This field is applicable only for condition representing the list of malicious IPs. Only IPAddressExpression and PathExpression are supported. The PathExpression should have paths of Groups that of the group_type IPAddress. Multiple PathExpressions are not supported here.",
"required": false,
"title": "Members to be excluded from the condition"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"key": {
"enum": [
"Tag",
"Name",
"OSName",
"ComputerName",
"NodeType",
"GroupType",
"ALL",
"IPAddress",
"PodCidr"
],
"required": true,
"title": "Key",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"member_type": {
"description": "For global groups (groups created from Global Manager), the supported Member Types are - VirtualMachine, Segment, SegmentPort, Group, DVPG and DVPort. For local groups (groups created on the local policy manager), the supported member types are IPSet, VirtualMachine, LogicalPort, LogicalSwitch, Segment, SegmentPort, Pod, Service, Namespace, TransportNode, Group, DVPG, DVPort, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService and KubernetesNode.",
"enum": [
"IPSet",
"VirtualMachine",
"LogicalPort",
"LogicalSwitch",
"Segment",
"SegmentPort",
"Pod",
"Service",
"Namespace",
"TransportNode",
"Group",
"DVPG",
"DVPort",
"IPAddress",
"VpcSubnet",
"KubernetesCluster",
"KubernetesNamespace",
"AntreaEgress",
"AntreaIPPool",
"KubernetesIngress",
"KubernetesGateway",
"KubernetesService",
"KubernetesNode",
"VpcSubnetPort"
],
"required": true,
"title": "Group member type",
"type": "string"
},
"operator": {
"description": "Operator is made non-mandatory to support Segment and SegmentPort tag based expression. To evaluate expression for other types, operator value should be provided.",
"enum": [
"EQUALS",
"CONTAINS",
"STARTSWITH",
"ENDSWITH",
"NOTEQUALS",
"NOTIN",
"MATCHES",
"IN"
],
"required": false,
"title": "operator",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"scope_operator": {
"description": "Default operator when not specified explicitly would be considered as EQUALS. If value for Condition is empty, then condition will not be evaluated. For example, Condition with key as Tag and value as \"|tag\" would be evaluated for tag value not for empty scope value.",
"enum": [
"EQUALS",
"NOTEQUALS"
],
"required": false,
"title": "operator",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"value": {
"minLength": 1,
"required": true,
"title": "Value",
"type": "string"
}
},
"title": "Represents the leaf level condition",
"type": "object"
}
ConditionalValueConstraintExpression (type)
{
"additionalProperties": false,
"description": "Represents the leaf level expression to restrict the target attribute value based on the set of existing values. Generally, used in combination with RelatedAttributeConditionalExpression to constraint the values related to another attribute on the same resource. This object is always used in conjunction with some exression. Example - { \"condition\" : { \"operator\":\"INCLUDES\", \"rhs_value\": [\"/infra/domains/mgw/groups/VCENTER\", \"/infra/domains/mgw/groups/SRM\", \"/infra/domains/mgw/groups/NSX\"], \"value_constraint\": { \"resource_type\": \"ValueConstraintExpression\", \"operator\":\"EXCLUDES\", \"values\":[\"/infra/domains/mgw/groups/VCENTER\", \"/infra/domains/mgw/groups/SRM\", \"/infra/domains/mgw/groups/NSX\"] } }",
"id": "ConditionalValueConstraintExpression",
"module_id": "PolicyConstraints",
"properties": {
"operator": {
"description": "INCLUDES_ANY operator supported only for StringArrayConstraintValue",
"enum": [
"INCLUDES",
"INCLUDES_ANY",
"EXCLUDES",
"EQUALS"
],
"required": true,
"title": "Set operation to constraint values.",
"type": "string"
},
"rhs_value": {
"description": "List of values.",
"items": {
"type": "string"
},
"required": false,
"title": "Array of values to perform operation.",
"type": "array"
},
"rhs_value_with_type": {
"$ref": "ConstraintValue,
"description": "List of values.",
"required": false,
"title": "Array of values to perform operation."
},
"value_constraint": {
"$ref": "ValueConstraintExpression,
"description": "Values to apply the conditional constraint on target.",
"required": true,
"title": "Value Constraint"
}
},
"title": "Represents the leaf level conditional value constraint.",
"type": "object"
}
ConfigOnboardingConflictRequest (type)
{
"additionalProperties": false,
"description": "Config onboarding request to verify conflicts in onboarding configuration on global manager for a site.",
"id": "ConfigOnboardingConflictRequest",
"module_id": "GmConfigOnboarding",
"properties": {
"prefix": {
"description": "User provided prefix string to resolve conflicting site entities.",
"readonly": true,
"required": false,
"title": "Prefix string",
"type": "string"
},
"site_id": {
"description": "Site Id.",
"readonly": true,
"required": false,
"title": "Site Id",
"type": "string"
},
"suffix": {
"description": "User provided suffix string to resolve conflicting site entities.",
"title": "Suffix string",
"type": "string"
}
},
"title": "Config onboarding conflict Request",
"type": "object"
}
ConfigOnboardingConflictStatus (type)
{
"additionalProperties": false,
"description": "Represents config onboarding conflict status on Global Manager.",
"id": "ConfigOnboardingConflictStatus",
"module_id": "GmConfigOnboarding",
"properties": {
"details": {
"$ref": "OnboardingFeatureInfo,
"readonly": true,
"required": false
},
"gm_details": {
"$ref": "GmConfigOnboardingConflictEntityInfo,
"readonly": true,
"required": false
},
"site_id": {
"description": "Site identifier of the site being onboarded.",
"readonly": true,
"required": true,
"title": "Site Id",
"type": "string"
},
"status": {
"$ref": "OnboardingConflictStatus,
"readonly": true,
"required": true
}
},
"title": "Config onboarding conflict status",
"type": "object"
}
ConfigOnboardingError (type)
{
"description": "Represents error details in case of system fail to onboard site configuration on global manager.",
"id": "ConfigOnboardingError",
"module_id": "GmConfigOnboarding",
"properties": {
"error_code": {
"description": "Error code for errors found during onboarding process.",
"readonly": true,
"required": false,
"title": "Error Code",
"type": "integer"
},
"error_message": {
"description": "Failure reason during onboarding process.",
"readonly": true,
"required": false,
"title": "Error message",
"type": "string"
}
},
"title": "Config Onboarding Error",
"type": "object"
}
ConfigOnboardingInProgressStatus (type)
{
"description": "Represents config onboarding status including processing phase compared to of total number of phases to complete config onboarding.",
"id": "ConfigOnboardingInProgressStatus",
"module_id": "GmConfigOnboarding",
"properties": {
"current_step": {
"description": "Represent intermidiate phase when onboarding or rollback is in-progress on global manager.",
"readonly": true,
"required": false,
"title": "Current Onboarding Step",
"type": "integer"
},
"feature": {
"$ref": "OnboardingFeatureInfo,
"readonly": true,
"required": false
},
"stage": {
"$ref": "OnboardingStage,
"readonly": true,
"required": false
},
"total_steps": {
"description": "Total number of phases involved in onboarding workflow.",
"readonly": true,
"required": false,
"title": "Total number of Onboarding Steps",
"type": "integer"
}
},
"title": "Config Onboarding in-progress status",
"type": "object"
}
ConfigOnboardingRequest (type)
{
"additionalProperties": false,
"description": "Config onboarding request to initiate onboarding workflow on global manager for a site.",
"id": "ConfigOnboardingRequest",
"module_id": "GmConfigOnboarding",
"properties": {
"prefix": {
"description": "User provided prefix string to resolve conflicting site entities.",
"readonly": true,
"required": false,
"title": "Prefix string",
"type": "string"
},
"site_backup_reference": {
"description": "Site backup image details to hint user to restore site before starting onboarding process.",
"readonly": true,
"required": true,
"title": "Site Backup Reference",
"type": "string"
},
"site_id": {
"description": "Site Id.",
"readonly": true,
"required": false,
"title": "Site Id",
"type": "string"
},
"suffix": {
"description": "User provided suffix string to resolve conflicting site entities.",
"title": "Suffix string",
"type": "string"
}
},
"title": "Config onboarding Request",
"type": "object"
}
ConfigOnboardingStatus (type)
{
"additionalProperties": false,
"description": "Represents config onboarding status on Global Manager.",
"id": "ConfigOnboardingStatus",
"module_id": "GmConfigOnboarding",
"properties": {
"details": {
"$ref": "ConfigOnboardingStatusDetails,
"readonly": true,
"required": false
},
"site_id": {
"description": "Site identifier of the site being onboarded.",
"readonly": true,
"required": true,
"title": "Site Id",
"type": "string"
},
"status": {
"$ref": "OnboardingStatus,
"readonly": true,
"required": true
},
"supported_features": {
"description": "List of supported features on global manager.",
"items": {
"$ref": "OnboardingFeatureInfo
},
"readonly": true,
"required": false,
"title": "List of supported features",
"type": "array"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Onboarding status as of current timestamp.",
"readonly": false,
"required": true,
"title": "Status Timestamp"
},
"unsupported_features": {
"description": "List of unsupported features on global manager.",
"items": {
"$ref": "OnboardingFeatureInfo
},
"readonly": true,
"required": false,
"title": "List of unsupported features",
"type": "array"
}
},
"title": "Config on-boarding status",
"type": "object"
}
ConfigOnboardingStatusDetails (type)
{
"description": "Represents config on-boarding progress phase details per feature information with progress metric like completed entity count against total number of entities.",
"id": "ConfigOnboardingStatusDetails",
"module_id": "GmConfigOnboarding",
"properties": {
"error_messages": {
"items": {
"$ref": "ConfigOnboardingError
},
"readonly": true,
"required": false,
"type": "array"
},
"import_progress": {
"$ref": "ConfigOnboardingInProgressStatus,
"readonly": true,
"required": false
},
"revert_progress": {
"$ref": "ConfigOnboardingInProgressStatus,
"readonly": true,
"required": false
},
"site_backup_reference": {
"description": "Site backup image details to hint user to restore site before starting onboarding process.",
"readonly": true,
"required": false,
"title": "Site Backup Reference",
"type": "string"
}
},
"title": "Config on-boarding status details",
"type": "object"
}
ConfigState (type)
{
"additionalProperties": false,
"description": "Configuration State. | SANDBOXED_REALIZATION_PENDING - This is applicable to only Global intent in the NSX+ platform. The intent in this state indicates that the Global intent is having a conflict with local intent in the corresponding site and it is sandboxed in an intent logical store. Also the realization is pending until the conflict is resolved. Policy Alarm will be genereated and notified to the NSX+ admin to alert the user to take action to resolve the conflicts.",
"enum": [
"SUCCESS",
"IN_PROGRESS",
"ERROR",
"UNKNOWN",
"UNINITIALIZED",
"SANDBOXED_REALIZATION_PENDING"
],
"id": "ConfigState",
"module_id": "PolicyRealizedState",
"title": "Config State",
"type": "string"
}
ConfigurationState (type)
{
"id": "ConfigurationState",
"module_id": "Common",
"properties": {
"details": {
"items": {
"$ref": "ConfigurationStateElement
},
"readonly": true,
"required": false,
"title": "Array of configuration state of various sub systems",
"type": "array"
},
"failure_code": {
"readonly": true,
"required": false,
"title": "Error code",
"type": "integer"
},
"failure_message": {
"readonly": true,
"required": false,
"title": "Error message in case of failure",
"type": "string"
},
"state": {
"description": "Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. \"in_sync\" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to \"success\". Please note, failed state is deprecated.",
"enum": [
"pending",
"in_progress",
"success",
"failed",
"partial_success",
"orphaned",
"unknown",
"error",
"in_sync",
"NOT_AVAILABLE",
"VM_DEPLOYMENT_QUEUED",
"VM_DEPLOYMENT_IN_PROGRESS",
"VM_DEPLOYMENT_FAILED",
"VM_POWER_ON_IN_PROGRESS",
"VM_POWER_ON_FAILED",
"REGISTRATION_PENDING",
"NODE_NOT_READY",
"NODE_READY",
"VM_POWER_OFF_IN_PROGRESS",
"VM_POWER_OFF_FAILED",
"VM_UNDEPLOY_IN_PROGRESS",
"VM_UNDEPLOY_FAILED",
"VM_UNDEPLOY_SUCCESSFUL",
"EDGE_CONFIG_ERROR",
"VM_DEPLOYMENT_RESTARTED",
"REGISTRATION_FAILED",
"TRANSPORT_NODE_SYNC_PENDING",
"TRANSPORT_NODE_CONFIGURATION_MISSING",
"EDGE_HARDWARE_NOT_SUPPORTED",
"MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED",
"TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER",
"TZ_ENDPOINTS_NOT_SPECIFIED",
"NO_PNIC_PREPARED_IN_EDGE",
"APPLIANCE_INTERNAL_ERROR",
"VTEP_DHCP_NOT_SUPPORTED",
"UNSUPPORTED_HOST_SWITCH_PROFILE",
"UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED",
"HOSTSWITCH_PROFILE_NOT_FOUND",
"LLDP_SEND_ENABLED_NOT_SUPPORTED",
"UNSUPPORTED_NAMED_TEAMING_POLICY",
"LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM",
"LACP_NOT_SUPPORTED_FOR_EDGE_VM",
"STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM",
"MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE",
"UNSUPPORTED_LACP_LB_ALGO_FOR_NODE",
"EDGE_NODE_VERSION_NOT_SUPPORTED",
"NO_PNIC_SPECIFIED_IN_TN",
"INVALID_PNIC_DEVICE_NAME",
"TRANSPORT_NODE_READY",
"VM_NETWORK_EDIT_PENDING",
"UNSUPPORTED_DEFAULT_TEAMING_POLICY",
"MPA_DISCONNECTED",
"VM_RENAME_PENDING",
"VM_CONFIG_EDIT_PENDING",
"VM_NETWORK_EDIT_FAILED",
"VM_RENAME_FAILED",
"VM_CONFIG_EDIT_FAILED",
"VM_CONFIG_DISCREPANCY",
"VM_NODE_REFRESH_FAILED",
"VM_PLACEMENT_REFRESH_FAILED",
"REGISTRATION_TIMEDOUT",
"REPLACE_FAILED",
"UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED",
"LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING",
"DELETE_VM_IN_REDEPLOY_FAILED",
"DEPLOY_VM_IN_REDEPLOY_FAILED",
"INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE",
"VM_RESOURCE_RESERVATION_FAILED",
"DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER",
"DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"EDGE_NODE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE",
"EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE",
"COMPUTE_MANAGER_NOT_FOUND",
"DELETE_IN_PROGRESS",
"ADVANCED_CONFIG_EDIT_FAILED",
"UPT_MODE_REALIZATION_POLL_TIMED_OUT",
"DATAPATH_CONFIGURATION_EDIT_FAILED",
"MAINTENANCE_MODE_ENABLED",
"ERROR_IN_ENABLE_MAINTENANCE_MODE",
"ERROR_IN_DISABLE_MAINTENANCE_MODE",
"CONFIGURE_UPT_ON_VM_FAILED",
"VM_VERSION_IS_UPT_INCOMPATIBLE",
"DELETE_FAILED_FOR_DIFFERENT_MOREF_ID",
"DELETE_FAILED_ON_VM_NOT_FOUND",
"DELETE_FAILED_FOR_NON_LCM_EDGE",
"ADVANCED_CONFIG_EDIT_PENDING",
"DUPLICATE_VLANS_SHARING_SAME_PNIC",
"MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"REDEPLOY_ACTIVITY_FAILED",
"REDEPLOY_ACTIVITY_IN_PROGRESS",
"REDEPLOY_ACTIVITY_SCHEDULED",
"REDEPLOY_ACTIVITY_SUCCESSFUL",
"REPLACE_ACTIVITY_FAILED",
"REPLACE_ACTIVITY_IN_PROGRESS",
"REPLACE_ACTIVITY_SCHEDULED",
"REPLACE_ACTIVITY_SUCCESSFUL",
"REPLACED_RPC_CLIENT_OF_TN",
"RETRYING_REPLACE",
"UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR",
"VM_REDEPLOY_FAILED",
"VM_RESOURCE_RESERVATION_EDIT_PENDING",
"REDEPLOYED_VM_REGISTRATION_PENDING"
],
"readonly": true,
"required": true,
"title": "Overall state of desired configuration",
"type": "string"
}
},
"title": "Describes status of configuration of an entity",
"type": "object"
}
ConfigurationStateElement (type)
{
"id": "ConfigurationStateElement",
"module_id": "Common",
"properties": {
"failure_code": {
"readonly": true,
"required": false,
"title": "Error code",
"type": "integer"
},
"failure_message": {
"readonly": true,
"required": false,
"title": "Error message in case of failure",
"type": "string"
},
"state": {
"enum": [
"in_progress",
"success",
"failed",
"partial_success",
"in_sync",
"VM_DEPLOYMENT_FAILED",
"VM_POWER_ON_FAILED",
"VM_POWER_OFF_FAILED",
"VM_UNDEPLOY_FAILED",
"REPLACE_FAILED",
"UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED",
"LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING",
"DELETE_VM_IN_REDEPLOY_FAILED",
"DEPLOY_VM_IN_REDEPLOY_FAILED",
"INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE",
"EDGE_CONFIG_ERROR",
"REGISTRATION_FAILED",
"TRANSPORT_NODE_CONFIGURATION_MISSING",
"EDGE_HARDWARE_NOT_SUPPORTED",
"MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED",
"TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER",
"TZ_ENDPOINTS_NOT_SPECIFIED",
"NO_PNIC_PREPARED_IN_EDGE",
"APPLIANCE_INTERNAL_ERROR",
"VTEP_DHCP_NOT_SUPPORTED",
"UNSUPPORTED_HOST_SWITCH_PROFILE",
"UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED",
"HOSTSWITCH_PROFILE_NOT_FOUND",
"LLDP_SEND_ENABLED_NOT_SUPPORTED",
"UNSUPPORTED_NAMED_TEAMING_POLICY",
"LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM",
"LACP_NOT_SUPPORTED_FOR_EDGE_VM",
"STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM",
"MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE",
"UNSUPPORTED_LACP_LB_ALGO_FOR_NODE",
"EDGE_NODE_VERSION_NOT_SUPPORTED",
"NO_PNIC_SPECIFIED_IN_TN",
"INVALID_PNIC_DEVICE_NAME",
"UNSUPPORTED_DEFAULT_TEAMING_POLICY",
"MPA_DISCONNECTED",
"VM_NETWORK_EDIT_PENDING",
"VM_RENAME_PENDING",
"VM_CONFIG_EDIT_PENDING",
"VM_NETWORK_EDIT_FAILED",
"VM_RENAME_FAILED",
"VM_CONFIG_EDIT_FAILED",
"VM_CONFIG_DISCREPANCY",
"VM_NODE_REFRESH_FAILED",
"VM_PLACEMENT_REFRESH_FAILED",
"NOT_AVAILABLE",
"REGISTRATION_TIMEDOUT",
"ADVANCED_CONFIG_EDIT_FAILED",
"VM_RESOURCE_RESERVATION_FAILED",
"UPT_MODE_REALIZATION_POLL_TIMED_OUT",
"DATAPATH_CONFIGURATION_EDIT_FAILED",
"MAINTENANCE_MODE_ENABLED",
"ERROR_IN_ENABLE_MAINTENANCE_MODE",
"ERROR_IN_DISABLE_MAINTENANCE_MODE",
"CONFIGURE_UPT_ON_VM_FAILED",
"VM_VERSION_IS_UPT_INCOMPATIBLE",
"pending",
"orphaned",
"unknown",
"error",
"VM_DEPLOYMENT_QUEUED",
"VM_DEPLOYMENT_IN_PROGRESS",
"VM_POWER_ON_IN_PROGRESS",
"REGISTRATION_PENDING",
"NODE_NOT_READY",
"NODE_READY",
"VM_POWER_OFF_IN_PROGRESS",
"VM_UNDEPLOY_IN_PROGRESS",
"VM_UNDEPLOY_SUCCESSFUL",
"VM_DEPLOYMENT_RESTARTED",
"TRANSPORT_NODE_SYNC_PENDING",
"TRANSPORT_NODE_READY",
"DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER",
"DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"EDGE_NODE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE",
"EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE",
"COMPUTE_MANAGER_NOT_FOUND",
"ADVANCED_CONFIG_EDIT_PENDING",
"DELETE_FAILED_FOR_DIFFERENT_MOREF_ID",
"DELETE_FAILED_FOR_NON_LCM_EDGE",
"DELETE_FAILED_ON_VM_NOT_FOUND",
"DELETE_IN_PROGRESS",
"DUPLICATE_VLANS_SHARING_SAME_PNIC",
"MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"REDEPLOY_ACTIVITY_FAILED",
"REDEPLOY_ACTIVITY_IN_PROGRESS",
"REDEPLOY_ACTIVITY_SCHEDULED",
"REDEPLOY_ACTIVITY_SUCCESSFUL",
"REPLACE_ACTIVITY_FAILED",
"REPLACE_ACTIVITY_IN_PROGRESS",
"REPLACE_ACTIVITY_SCHEDULED",
"REPLACE_ACTIVITY_SUCCESSFUL",
"REPLACED_RPC_CLIENT_OF_TN",
"RETRYING_REPLACE",
"UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR",
"VM_REDEPLOY_FAILED",
"VM_RESOURCE_RESERVATION_EDIT_PENDING",
"REDEPLOYED_VM_REGISTRATION_PENDING"
],
"readonly": true,
"required": true,
"title": "State of configuration on this sub system",
"type": "string"
},
"sub_system_address": {
"readonly": true,
"required": false,
"title": "URI of backing resource on sub system",
"type": "string"
},
"sub_system_id": {
"readonly": true,
"required": false,
"title": "Identifier of backing resource on sub system",
"type": "string"
},
"sub_system_name": {
"readonly": true,
"required": false,
"title": "Name of backing resource on sub system",
"type": "string"
},
"sub_system_type": {
"readonly": true,
"required": false,
"title": "Type of backing resource on sub system",
"type": "string"
}
},
"title": "Describes status of configuration of an entity",
"type": "object"
}
ConflictingEntityListResponse (type)
{
"additionalProperties": false,
"id": "ConflictingEntityListResponse",
"module_id": "GmConfigOnboarding",
"properties": {
"example": {
"$ref": "OnboardingFeatureInfo,
"description": "Conflict example",
"readonly": true,
"required": false,
"title": "Conflict example"
},
"feature_compability_data": {
"items": {
"$ref": "FeatureCompatibilityInfo
},
"maxItems": 100,
"readonly": true,
"required": false,
"type": "array"
},
"feature_descendants": {
"items": {
"$ref": "FeatureConflictInfo
},
"readonly": true,
"required": false,
"type": "array"
},
"feature_summary": {
"$ref": "FeatureSummary,
"readonly": true,
"required": false
},
"infra_descendants": {
"items": {
"$ref": "FeatureConflictInfo
},
"readonly": true,
"required": false,
"type": "array"
}
},
"title": "List of Features with conflict information",
"type": "object"
}
ConjunctionOperator (type)
{
"additionalProperties": false,
"description": "Represents the operators AND or OR.",
"extends": {
"$ref": "Expression
},
"id": "ConjunctionOperator",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ConjunctionOperator"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"conjunction_operator": {
"enum": [
"OR",
"AND"
],
"required": true,
"title": "Conjunction Operator Node",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents the operators AND or OR",
"type": "object"
}
ConnectivityAdvancedConfig (type)
{
"additionalProperties": false,
"id": "ConnectivityAdvancedConfig",
"module_id": "PolicyConnectivity",
"properties": {
"connectivity": {
"default": "ON",
"description": "Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity.",
"enum": [
"ON",
"OFF"
],
"required": false,
"title": "Connectivity configuration",
"type": "string"
}
},
"title": "Advanced configuration for Policy connectivity",
"type": "object"
}
ConsolidatedRealizedStatus (type)
{
"additionalProperties": false,
"description": "Consolidated Realized Status of an intent object across enforcement points.",
"extends": {
"$ref": "AggregatePolicyRuntimeInfo
},
"id": "ConsolidatedRealizedStatus",
"module_id": "PolicyRealizedState",
"properties": {
"consolidated_status": {
"$ref": "ConsolidatedStatus,
"description": "Consolidated Realized Status across enforcement points.",
"readonly": true,
"title": "Consolidated Realized Status"
},
"consolidated_status_per_enforcement_point": {
"description": "List of Consolidated Realized Status per enforcement point.",
"items": {
"$ref": "ConsolidatedStatusPerEnforcementPoint
},
"readonly": true,
"title": "List of Consolidated Realized Status per Enforcement Point",
"type": "array"
},
"intent_path": {
"description": "Intent path of object, forward slashes must be escaped using %2F.",
"readonly": true,
"required": true,
"title": "String Path of the intent object",
"type": "string"
},
"intent_version": {
"description": "Represent highest intent version across all realized objects",
"readonly": true,
"title": "Intent version for the status",
"type": "string"
},
"publish_status": {
"enum": [
"UNAVAILABLE",
"UNREALIZED",
"REALIZED",
"ERROR"
],
"required": true,
"title": "Aggregated Realization state of this object",
"type": "string"
},
"publish_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time",
"readonly": true,
"title": "Publish time of the intent"
},
"site_uuid": {
"description": "Site UUID supplied for realized site.",
"title": "id of Site",
"type": "string"
},
"time_taken_for_realization": {
"description": "This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization.",
"title": "Appoximate time taken in milliseconds for end to end realization.",
"type": "integer"
}
},
"title": "Consolidated Realized Status for an Intent Object",
"type": "object"
}
ConsolidatedStatus (type)
{
"additionalProperties": false,
"description": "Consolidated Status of an intent object. Status Consolidation of an intent happens at multiple levels: - Per Enforcement Point: calculation of the consolidated status is performed using all realized entities that the intent objet maps to on a specific enforcement point. - Across Enforcement Points: calculation of the consolidated status is performend aggregating the consolidated status from each enforcement point.",
"id": "ConsolidatedStatus",
"module_id": "PolicyRealizedState",
"properties": {
"consolidated_status": {
"$ref": "ConfigState,
"description": "Consolidated Realized Status of an intent object.",
"readonly": true,
"title": "Consolidated Realized Status"
}
},
"title": "Consolidated Status",
"type": "object"
}
ConsolidatedStatusNsxT (type)
{
"additionalProperties": false,
"description": "Detailed Realized Status of an intent object on an NSX-T type of enforcement point.",
"extends": {
"$ref": "ConsolidatedStatusPerEnforcementPoint
},
"id": "ConsolidatedStatusNsxT",
"module_id": "PolicyRealizationStatus",
"polymorphic-type-descriptor": {
"type-identifier": "ConsolidatedStatusNsxT"
},
"properties": {
"alarm": {
"$ref": "PolicyRuntimeAlarm,
"description": "Alarm information details.",
"readonly": true,
"title": "Alarm Information Details"
},
"consolidated_status": {
"$ref": "ConsolidatedStatus,
"description": "Consolidated Realized Status of an Intent object per enforcement point.",
"readonly": true,
"title": "Consolidated Realized Status"
},
"enforced_status": {
"$ref": "EnforcedStatusDetailsNsxT,
"description": "Detailed Realized Status inherent to an NSX-T Enforcement Point.",
"readonly": true,
"title": "Enforced Realized Status"
},
"enforcement_point_id": {
"description": "Enforcement Point Id.",
"readonly": true,
"title": "Enforcement Point Id",
"type": "string"
},
"enforcement_point_path": {
"description": "Policy Path referencing the enforcement point where the info is fetched.",
"readonly": true,
"title": "Enforcement point Path",
"type": "string"
},
"resource_type": {
"required": true,
"type": "string"
},
"site_path": {
"description": "The site where this enforcement point resides.",
"readonly": true,
"title": "Site Path",
"type": "string"
}
},
"title": "NSX-T Consolidated Status",
"type": "object"
}
ConsolidatedStatusPerEnforcementPoint (type)
{
"additionalProperties": false,
"description": "Consolidated Realized Status Per Enforcement Point.",
"extends": {
"$ref": "BaseConsolidatedStatusPerEnforcementPoint
},
"id": "ConsolidatedStatusPerEnforcementPoint",
"module_id": "PolicyRealizedState",
"polymorphic-type-descriptor": {
"type-identifier": "ConsolidatedStatusPerEnforcementPoint"
},
"properties": {
"alarm": {
"$ref": "PolicyRuntimeAlarm,
"description": "Alarm information details.",
"readonly": true,
"title": "Alarm Information Details"
},
"consolidated_status": {
"$ref": "ConsolidatedStatus,
"description": "Consolidated Realized Status of an Intent object per enforcement point.",
"readonly": true,
"title": "Consolidated Realized Status"
},
"enforcement_point_id": {
"description": "Enforcement Point Id.",
"readonly": true,
"title": "Enforcement Point Id",
"type": "string"
},
"enforcement_point_path": {
"description": "Policy Path referencing the enforcement point where the info is fetched.",
"readonly": true,
"title": "Enforcement point Path",
"type": "string"
},
"resource_type": {
"required": true,
"type": "string"
},
"site_path": {
"description": "The site where this enforcement point resides.",
"readonly": true,
"title": "Site Path",
"type": "string"
}
},
"title": "Consolidated Realized Status Per Enforcement Point",
"type": "object"
}
ConstantFieldValue (type)
{
"additionalProperties": false,
"description": "Constant Field Value.",
"extends": {
"$ref": "FieldSettingValue
},
"id": "ConstantFieldValue",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"type-identifier": "ConstantFieldValue"
},
"properties": {
"constant": {
"description": "Constant Value that the field must be set to.",
"title": "Constant Value",
"type": "object"
},
"resource_type": {
"description": "Field Setting Value resource type.",
"enum": [
"ConstantFieldValue"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Constant Field Value",
"type": "object"
}
Constraint (type)
{
"additionalProperties": false,
"description": "Constraint object to constraint any attribute on a resource based on specified expression. Example- Restrict the allowed services in Edge Communication Entry to list of services, if the destinationGroups contain vCenter. { \"target\":{ \"target_resource_type\":\"CommunicationEntry\", \"attribute\":\"services\", \"path_prefix\":\"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries\" } \"constraint_expression\":{ \"related_attribute\":{ \"attribute\":\"destinationGroups\" } \"condition\":{ \"operator\":\"INCLUDES\", \"rhs_value\":{\"vCenter\"} \"value_constraint\":{ \"operator\":\"ALLOW\", \"values\":{\"/ref/services/HTTPS\", \"/ref/services/HTTOP\", ...} } } } }",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Constraint",
"module_id": "PolicyConstraints",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"constraint_expression": {
"$ref": "ConstraintExpression,
"deprecated": true,
"description": "This property is deprecated. Please use the \"constraint_expressions\" property instead to specify one or more constraint expressions. If this property is populated, then the \"constraint_expressions\" value is ignored.",
"required": false,
"title": "Expression to constrain the target attribute value."
},
"constraint_expressions": {
"descripiton": "An array of expressions. Note that if the deprecated property\n\"constraint_expression\" has a value then this property is\nignored. Please empty out the value of \"constraint_expression\"\nbefore using this property.\n",
"items": {
"$ref": "ConstraintExpression
},
"required": false,
"title": "Expressions to constrain the target attribute value.",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"message": {
"required": false,
"title": "User friendly message to be shown to users upon violation.",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"target": {
"$ref": "ConstraintTarget,
"deprecated": true,
"description": "This property is deprecated. Please use the \"targets\" property instead to specify one or more targets. If this property is populated, then the \"targets\" value is ignored.",
"required": false,
"title": "Target resource attribute details."
},
"target_owner_type": {
"descripiton": "Every target resource in the policy tree is owned by either local LM or remote GM/LM.\nThis target_owner_type property helps to apply constraints exclusively to only targets which are managed\nby Gloal policy manager Or local policy manager.\nGM: Target's owner type GM indicates that apply constraints to targets that are owned by GM\n this is supported on both GM/NSX+ and LM.\n On LM , Setting this owner type is not support for EntityInstanceCount Expression.\nLM: Target's owner type LM indicates that apply constraints to targets that are owned by\n local policy manager. With owner_type as LM, Constraint will not be applied to targets owned by\n GM. This owner_type is not allowed on GM/NSX+. User can configure this type only on local SDDC/LM.\n On LM , Setting this owner type is not support for EntityInstanceCount Expression.\nALL: Default type. This indicates that constraints will be applied to all\n targets either local or remote. This is supported only on LM.\nDefault owner type is \"GM\" on NSX+/GM, whereas on LM, default is \"ALL\".\n",
"enum": [
"GM",
"LM",
"ALL"
],
"required": false,
"title": "Constraint target's owner type",
"type": "string"
},
"targets": {
"descripiton": "An array of targets to apply constraints. Note that if the\ndeprecated property \"target\" has a value then this property\nis ignored. Please empty out the value of \"target\" before using\nthis property.\n",
"items": {
"$ref": "ConstraintTarget
},
"required": false,
"title": "Collection of target resources attribute details.",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Constraint definition.",
"type": "object"
}
ConstraintExpression (type)
{
"abstract": true,
"description": "All the types of the expression extend from this abstract class. This is present for extensibility.",
"extends": {
"$ref": "ManagedResource
},
"id": "ConstraintExpression",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"resource_type": {
"enum": [
"ValueConstraintExpression",
"RelatedAttributeConditionalExpression",
"EntityInstanceCountConstraintExpression",
"FieldSanityConstraintExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Base class for constraint expression",
"type": "object"
}
ConstraintGlobalConfig (type)
{
"additionalProperties": false,
"description": "Global Constraint configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ConstraintGlobalConfig",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"include_system_resources": {
"default": false,
"description": "If true, resources that are created by the system (i.e create_user set to SYSTEM_USER) will be included as part of counting the created entity instances while evaulating the EntityInstanceCountConstraintExpression type constraint. By default, these resources are not included as part of evaluating the count expression",
"required": false,
"title": "Include policy resources that are created by system in EntityInstanceCountConstraintExpression constraint",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Global Constraint configuration",
"type": "object"
}
ConstraintListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ConstraintListResult",
"module_id": "PolicyConstraints",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Constraint
},
"required": true,
"title": "Constraint list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Constraints",
"type": "object"
}
ConstraintTarget (type)
{
"additionalProperties": false,
"description": "Resource attribute on which constraint should be applied. Example - sourceGroups attribute of Edge CommunicationEntry to be restricted, is given as: { \"target_resource_type\":\"CommunicationEntry\", \"attribute\":\"sourceGroups\", \"path_prefix\":\"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries\" }",
"id": "ConstraintTarget",
"module_id": "PolicyConstraints",
"properties": {
"attribute": {
"required": false,
"title": "Attribute name of the target entity.",
"type": "string"
},
"path_prefix": {
"description": "Path prefix of the entity to apply constraint. It should be a valid string prefix for policy path. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. For multi-tenancy path-prefixes (i.e. path starting with /orgs) following values are supported: 1. When constraint is created under '/infra/constraints/' OR under '/orgs/<org-id>/projects/<default-project>/infra/constraints/' then '/orgs/<org-id>/projects/<project-id>/' value is supported. 2. When constraint is created under custom project i.e. '/orgs/<org-id>/projects/<project-id>/infra/constraints/' then '/orgs/<org-id>/projects/<project-id>/vpcs/<vpc-id>/' value is supported.",
"required": false,
"title": "Path prefix of the entity to apply constraint.\n",
"type": "string"
},
"target_resource_type": {
"description": "Target resource type accepts input as DTO Type and or FQDN. It also supports dot format like SecurityPolicy.Rule in a scenario where same DTO type shared across across policy sub tree. For example DTO type Rule shared by both security policy and gateway policy rules. So to specify any constraint for Security policy rule, user can define the target resource type as SecurityPolicy.Rule.",
"required": false,
"title": "Resource type of the target entity. This is required in case the\nconstraint expressions do not specify target resource type.\n",
"type": "string"
}
},
"title": "Resource attribute on which constraint should be applied.",
"type": "object"
}
ConstraintValue (type)
{
"abstract": true,
"additionalProperties": false,
"description": "All the types of value extend from this abstract class. This is present for extensibility.",
"id": "ConstraintValue",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"enum": [
"StringArrayConstraintValue",
"CidrArrayConstraintValue",
"IntegerArrayConstraintValue"
],
"required": true,
"type": "string"
}
},
"title": "Base class for each value configuration",
"type": "object"
}
ContainerApplicationInstanceGroupAssociationRequestParams (type)
{
"description": "List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "ContainerApplicationInstanceGroupAssociationRequestParams",
"module_id": "PolicyGroupRealization",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"pod_id": {
"required": true,
"title": "ContainerApplicationInstance",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path",
"type": "object"
}
ContainerConfiguration (type)
{
"additionalProperties": false,
"description": "Represents a container to group widgets that belong to a common category or have a common purpose.",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "ContainerConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "ContainerConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"header": {
"$ref": "Header
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"labels": {
"description": "Labels for the container.",
"items": {
"$ref": "Label
},
"minItems": 0,
"title": "Labels",
"type": "array"
},
"layout": {
"$ref": "Layout,
"deprecated": true,
"description": "Layout of widgets can be either vertical or horizontal. If layout is not specified a default horizontal layout is applied. This property is deprecated. Now the layout inside the container can be taken care with the help of 'rowspan' and 'colspan' property.",
"title": "Layout of widgets inside container"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
},
"widgets": {
"description": "If not specified, creates an empty container.",
"items": {
"$ref": "WidgetItem
},
"minItems": 0,
"title": "Widgets held by the container",
"type": "array"
}
},
"title": "Container that holds widgets",
"type": "object"
}
ContainerListRequestParameters (type)
{
"additionalProperties": false,
"description": "List request params for the pass through type api that get data from the Antrea Cluster.",
"extends": {
"$ref": "RealizationListRequestParameters
},
"id": "ContainerListRequestParameters",
"module_id": "PolicyGroupRealization",
"properties": {
"cluster_id": {
"description": "ID of the cluster to query",
"required": false,
"title": "Cluster ID",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Realization list request params",
"type": "object"
}
ContentFilterValue (type)
{
"enum": [
"ALL",
"DEFAULT",
"REMOVE_CORE_FILES",
"EAL4_AUDIT"
],
"id": "ContentFilterValue",
"title": "Support bundle content filter allowed values",
"type": "string"
}
ContextProfileAttributesMetadata (type)
{
"additionalProperties": false,
"id": "ContextProfileAttributesMetadata",
"module_id": "PolicyContextProfile",
"properties": {
"key": {
"required": true,
"title": "Key for metadata",
"type": "string"
},
"value": {
"required": true,
"title": "Value for metadata key",
"type": "string"
}
},
"title": "Key value structure for holding metadata of context profile attributes",
"type": "object"
}
ContinueRequestParameters (type)
{
"additionalProperties": false,
"id": "ContinueRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"description": "Hints NSX to upgrade a specific component.",
"readonly": false,
"required": false,
"title": "Component to upgrade.",
"type": "string"
},
"skip": {
"default": false,
"readonly": false,
"required": false,
"title": "Skip to upgrade of next component.",
"type": "boolean"
}
},
"type": "object"
}
CookiePersistenceModeType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "If the persistence cookie is found in the incoming request, value of the cookie is used to identify the server that this request should be sent to. If the cookie is not found, then the server selection algorithm is used to select a new server to handle that request. Three different modes of cookie persistence are supported: insert, prefix and rewrite. In cookie insert mode, a cookie is inserted by load balancer in the HTTP response going from server to client. In cookie prefix and rewrite modes, server controls the cookie and load balancer only manipulates the value of the cookie. In prefix mode, server's cookie value is prepended with the server IP and port and then sent to the client. In rewrite mode, entire server's cookie value is replaced with the server IP and port in the response before sending it to the client.",
"enum": [
"INSERT",
"PREFIX",
"REWRITE"
],
"id": "CookiePersistenceModeType",
"module_id": "LoadBalancer",
"title": "cookie persistence mode",
"type": "string"
}
CopyFromRemoteFileProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CopyRemoteFileProperties
},
"id": "CopyFromRemoteFileProperties",
"properties": {
"port": {
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"preserve_file_properties": {
"default": true,
"required": false,
"title": "Preserve file properties flag",
"type": "boolean"
},
"protocol": {
"$ref": "Protocol,
"required": true,
"title": "Protocol to use to copy file"
},
"server": {
"pattern": "^.+$",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
},
"uri": {
"required": true,
"title": "URI of file to copy",
"type": "string"
}
},
"type": "object"
}
CopyRemoteFileProperties (type)
{
"additionalProperties": {},
"id": "CopyRemoteFileProperties",
"properties": {
"port": {
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"preserve_file_properties": {
"default": true,
"required": false,
"title": "Preserve file properties flag",
"type": "boolean"
},
"server": {
"pattern": "^.+$",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
},
"uri": {
"required": true,
"title": "URI of file to copy",
"type": "string"
}
},
"type": "object"
}
CopyToRemoteFileProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CopyRemoteFileProperties
},
"id": "CopyToRemoteFileProperties",
"properties": {
"port": {
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"preserve_file_properties": {
"default": true,
"required": false,
"title": "Preserve file properties flag",
"type": "boolean"
},
"protocol": {
"$ref": "Protocol,
"description": "Only scp and sftp may be used.",
"required": true,
"title": "Protocol to use to copy file"
},
"server": {
"pattern": "^.+$",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
},
"uri": {
"required": true,
"title": "URI of file to copy",
"type": "string"
}
},
"type": "object"
}
CoreDumpConfig (type)
{
"additionalProperties": false,
"description": "Node core dump config",
"id": "CoreDumpConfig",
"properties": {
"global_file_limit": {
"default": 2,
"minimum": 0,
"title": "Core dump file persistence config global limit",
"type": "integer"
},
"global_frequency_threshold": {
"default": 600,
"minimum": 0,
"title": "Core dump files frequency threshold config in seconds, set 0 to disable\n",
"type": "integer"
},
"process_config": {
"items": {
"$ref": "CoreDumpProcessConfig
},
"title": "Core dump config per process limit",
"type": "array"
}
},
"title": "Node core dump config",
"type": "object"
}
CoreDumpProcessConfig (type)
{
"id": "CoreDumpProcessConfig",
"properties": {
"limit": {
"required": true,
"title": "Core dump process limit",
"type": "integer"
},
"process_name": {
"required": true,
"title": "Core dump process name",
"type": "string"
}
},
"title": "Core dump process config",
"type": "object"
}
CorfuCertificateExpiryCheckProperties (type)
{
"additionalProperties": false,
"id": "CorfuCertificateExpiryCheckProperties",
"module_id": "ComplianceReporter",
"properties": {
"status": {
"required": true,
"title": "Current Status of Corfu Certificate Expiry Check (enabled/disabled)",
"type": "string"
}
},
"title": "Corfu Certificate Expiry Check Properties",
"type": "object"
}
CpuUsage (type)
{
"additionalProperties": false,
"id": "CpuUsage",
"module_id": "ApplianceStats",
"properties": {
"avg_cpu_core_usage_dpdk": {
"description": "Indicates the average usage of all DPDK cores in percentage.",
"readonly": true,
"title": "Average utilization of all DPDK cores",
"type": "number"
},
"avg_cpu_core_usage_non_dpdk": {
"description": "Indicates the average usage of all non-DPDK cores in percentage.",
"readonly": true,
"title": "Average usage of all non-DPDK cores",
"type": "number"
},
"highest_cpu_core_usage_dpdk": {
"description": "Indicates the highest CPU utilization value among DPDK cores in percentage.",
"readonly": true,
"title": "Highest CPU utilization value among DPDK cores",
"type": "number"
},
"highest_cpu_core_usage_non_dpdk": {
"description": "Indicates the highest cpu utilization value among non_dpdk cores in percentage.",
"readonly": true,
"title": "Highest CPU utilization value among non-DPDK cores",
"type": "number"
}
},
"title": "CPU usage of DPDK and non-DPDK cores",
"type": "object"
}
CreateRemoteDirectoryProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CopyRemoteFileProperties
},
"id": "CreateRemoteDirectoryProperties",
"properties": {
"port": {
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"preserve_file_properties": {
"default": true,
"required": false,
"title": "Preserve file properties flag",
"type": "boolean"
},
"protocol": {
"$ref": "SftpProtocol,
"required": true,
"title": "Protocol to use to copy file"
},
"server": {
"pattern": "^.+$",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
},
"uri": {
"required": true,
"title": "URI of file to copy",
"type": "string"
}
},
"type": "object"
}
Criterion (type)
{
"additionalProperties": false,
"description": "Event Criterion is the logical evaluations by which the event may be deemed fulfilled. All the evaluations must be met in order for the criterion to be met (implicit AND).",
"id": "Criterion",
"module_id": "PolicyReaction",
"properties": {
"evaluations": {
"description": "Criterion Evaluations.",
"items": {
"$ref": "Evaluation
},
"minItems": 1,
"required": true,
"title": "Criterion Evaluations",
"type": "array"
}
},
"title": "Event Criterion",
"type": "object"
}
Crl (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "Crl",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"crl_type": {
"default": "X509",
"description": "The type of the CRL. It can be \"OneCRL\" or \"X509\" (default).",
"enum": [
"OneCRL",
"X509"
],
"required": false,
"title": "Type of CRL",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"details": {
"$ref": "X509Crl,
"description": "Details of the X509Crl object.",
"readonly": true,
"required": false
},
"details_revoked_by_issuer_and_serial_number": {
"items": {
"$ref": "IssuerSerialNumber
},
"readonly": true,
"required": false,
"title": "Certificates revoked by issuer and serial number",
"type": "array"
},
"details_revoked_by_subject_and_public_key_hash": {
"items": {
"$ref": "SubjectPublicKeyHash
},
"readonly": true,
"required": false,
"title": "Certificates revoked by subject and public key hash",
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"one_crl": {
"readonly": false,
"required": false,
"title": "JSON-encoded OneCRL-like object",
"type": "string"
},
"pem_encoded": {
"description": "PEM encoded CRL data.",
"readonly": false,
"required": false,
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
CrlDistributionPoint (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "CrlDistributionPoint",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"cdp_uri": {
"description": "CRL Distribution Point URI where to fetch the CRL.",
"maxLength": 255,
"readonly": true,
"required": true,
"title": "CDP URI",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"issuer": {
"description": "Issuer of the CRL, referring to the CA.",
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Issuer",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Reference to a CRL Distribution Point where to fetch a CRL",
"type": "object"
}
CrlDistributionPointList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "CrlDistributionPointList",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "CrlDistributionPoint list.",
"items": {
"$ref": "CrlDistributionPoint
},
"readonly": false,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "CrlDistributionPoint query result",
"type": "object"
}
CrlDistributionPointStatus (type)
{
"additionalProperties": false,
"id": "CrlDistributionPointStatus",
"module_id": "CertificateManager",
"properties": {
"error_message": {
"description": "Error message when fetching the CRL failed.",
"readonly": true,
"required": false,
"title": "Error Message",
"type": "string"
},
"status": {
"$ref": "CdpStatusType,
"description": "Status of the fetched CRL for this CrlDistributionPoint",
"readonly": true,
"required": true,
"title": "Status"
}
},
"title": "Reference to a CRL Distribution Point where to fetch a CRL",
"type": "object"
}
CrlList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "CrlList",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "CRL list.",
"items": {
"$ref": "Crl
},
"readonly": true,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Crl queries result",
"type": "object"
}
CrlObjectData (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "CrlObjectData",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"crl_type": {
"default": "X509",
"description": "The type of the CRL. It can be \"OneCRL\" or \"X509\" (default).",
"enum": [
"OneCRL",
"X509"
],
"required": false,
"title": "Type of CRL",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"one_crl": {
"readonly": false,
"required": false,
"title": "JSON-encoded OneCRL-like object",
"type": "string"
},
"pem_encoded": {
"description": "PEM encoded CRL data.",
"readonly": false,
"required": false,
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
CrlPemRequestType (type)
{
"additionalProperties": false,
"id": "CrlPemRequestType",
"module_id": "CertificateManager",
"properties": {
"cdp_uri": {
"description": "CRL Distribution Point URI where to fetch the CRL.",
"maxLength": 255,
"readonly": true,
"required": true,
"title": "CDP URI",
"type": "string"
}
},
"title": "Request Type to get a CRL's PEM file.",
"type": "object"
}
CrossSiteFlowInfo (type)
{
"description": "Represents details of the config flow between sites. Federation has the following flows - Global Manager to Local Manager (GM -> LM) - Local Manager to Glocal Manager (LM -> GM) - Global Manager Active to Glocal Manager Standby (GM -> GM) - Local Manager to Local Manager (LM -> LM)",
"id": "CrossSiteFlowInfo",
"module_id": "FederationObservability",
"properties": {
"from_site_id": {
"read_only": true,
"title": "Site id of the source",
"type": "string"
},
"from_site_path": {
"read_only": true,
"title": "Source site policy path",
"type": "string"
},
"full_sync_info": {
"$ref": "FullSyncInfo,
"read_only": true,
"title": "Full sync information for the flow"
},
"latency_measured_ts": {
"read_only": true,
"title": "Timestamp of latency measurement",
"type": "integer"
},
"latency_millis": {
"read_only": true,
"title": "Latency from source to destination site in milli seconds",
"type": "integer"
},
"leader_node_id": {
"read_only": true,
"title": "Local leader node id sharded for this remote site.",
"type": "string"
},
"status": {
"enum": [
"GOOD",
"DISCONNECTED",
"RECOVERY",
"ERROR",
"UNKNOWN",
"NOT_READY"
],
"read_only": true,
"title": "Overall status of the flow",
"type": "string"
},
"to_site_id": {
"read_only": true,
"title": "Site id of the destination",
"type": "string"
},
"to_site_path": {
"read_only": true,
"title": "Destination site policy path",
"type": "string"
}
},
"title": "Information about config flow in federation",
"type": "object"
}
CryptoAlgorithm (type)
{
"additionalProperties": false,
"id": "CryptoAlgorithm",
"module_id": "CertificateManager",
"properties": {
"key_size": {
"description": "Supported key sizes for the algorithm.",
"items": {
"$ref": "KeySize
},
"readonly": true,
"required": true,
"type": "array"
},
"name": {
"description": "Crypto algorithm name.",
"readonly": true,
"required": true,
"type": "string"
}
},
"type": "object"
}
CryptoEnforcement (type)
{
"additionalProperties": false,
"description": "If enforced and if TLS protocol Client/Server Hello has none of the permitted TLS versions or ciphers then the connection is immediately terminated.",
"enum": [
"ENFORCE",
"TRANSPARENT"
],
"help_summary": "Use of 'ENFORCE' will terminate connection if TLS protocol Client/Server Hello has\nnone of the permitted TLS versions or ciphers.\nUse of 'TRANSPARENT' will let client's and server's own choices use for TLS\nversions and ciphers to successfully intercept the connection.\n",
"id": "CryptoEnforcement",
"module_id": "PolicyTlsActionProfile",
"readonly": true,
"required": false,
"title": "Action for crypto enforcement",
"type": "string"
}
CspConfig (type)
{
"description": "Extra OIDC configuration relevant only for CSP endpoints.",
"id": "CspConfig",
"module_id": "CertificateManager",
"properties": {
"additional_org_ids": {
"description": "A list of organization IDs. CSP tokens must be associated with one of these organizations, or the customer_org_id, in order to be considered valid.",
"items": {
"type": "string"
},
"title": "Additional orginzation IDs",
"type": "array"
},
"customer_org_id": {
"descrpition": "The ID of the customer organization.",
"title": "Customer organization ID",
"type": "string"
}
},
"title": "CSP authentication configuration",
"type": "object"
}
Csr (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "Csr",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"algorithm": {
"default": "RSA",
"description": "Cryptographic algorithm (asymmetric) used by the public key for data encryption.",
"enum": [
"RSA",
"EC"
],
"readonly": false,
"required": false,
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"extensions": {
"$ref": "CsrExtensions,
"description": "X509 v3 extensions to be added to a CSR.",
"readonly": true,
"required": false,
"title": "X509 extensions to add"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_ca": {
"default": false,
"description": "Whether the CSR is for a CA certificate.",
"required": false,
"type": "boolean"
},
"key_size": {
"default": 4096,
"description": "Size measured in bits of the public key used in a cryptographic algorithm.",
"readonly": false,
"required": false,
"type": "integer"
},
"pem_encoded": {
"description": "PEM encoded certificate data.",
"readonly": true,
"required": false,
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"subject": {
"$ref": "Principal,
"description": "The certificate owner's information. (CN, O, OU, C, ST, L)",
"readonly": false,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
CsrExtensions (type)
{
"additionalProperties": false,
"id": "CsrExtensions",
"module_id": "CertificateManager",
"properties": {
"subject_alt_names": {
"$ref": "SubjectAltNames,
"description": "Subject alternative names of the CSR",
"readonly": true,
"required": false,
"title": "Subject alternative names"
}
},
"title": "Collection of various x509 v3 extensions to be added to a CSR",
"type": "object"
}
CsrList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "CsrList",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "CSR list.",
"items": {
"$ref": "Csr
},
"readonly": false,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Csr queries result",
"type": "object"
}
CsrWithDaysValid (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Csr
},
"id": "CsrWithDaysValid",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"algorithm": {
"default": "RSA",
"description": "Cryptographic algorithm (asymmetric) used by the public key for data encryption.",
"enum": [
"RSA",
"EC"
],
"readonly": false,
"required": false,
"type": "string"
},
"days_valid": {
"default": 825,
"title": "Number of days the certificate will be valid, default 825 days",
"type": "integer"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"extensions": {
"$ref": "CsrExtensions,
"description": "X509 v3 extensions to be added to a CSR.",
"readonly": true,
"required": false,
"title": "X509 extensions to add"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_ca": {
"default": false,
"description": "Whether the CSR is for a CA certificate.",
"required": false,
"type": "boolean"
},
"key_size": {
"default": 4096,
"description": "Size measured in bits of the public key used in a cryptographic algorithm.",
"readonly": false,
"required": false,
"type": "integer"
},
"pem_encoded": {
"description": "PEM encoded certificate data.",
"readonly": true,
"required": false,
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"subject": {
"$ref": "Principal,
"description": "The certificate owner's information. (CN, O, OU, C, ST, L)",
"readonly": false,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "CSR data with days valid",
"type": "object"
}
CsvListResult (type)
{
"abstract": true,
"description": "Base type for CSV result.",
"id": "CsvListResult",
"module_id": "CsvTypes",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
}
},
"type": "object"
}
CsvRecord (type)
{
"abstract": true,
"description": "Base type for CSV records.",
"id": "CsvRecord",
"module_id": "CsvTypes",
"type": "object"
}
CurrentBackupOperationStatus (type)
{
"additionalProperties": false,
"id": "CurrentBackupOperationStatus",
"module_id": "BackupConfiguration",
"properties": {
"backup_id": {
"required": false,
"title": "Unique identifier of current backup",
"type": "string"
},
"current_step": {
"enum": [
"BACKUP_CREATING_CLUSTER_BACKUP",
"BACKUP_CREATING_NODE_BACKUP"
],
"required": false,
"title": "Current step of operation",
"type": "string"
},
"current_step_message": {
"required": false,
"title": "Additional human-readable status information about current step",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"required": false,
"title": "Time when operation is expected to end"
},
"operation_type": {
"enum": [
"NONE",
"BACKUP"
],
"required": false,
"title": "Type of operation that is in progress. Returns none if no operation is in progress, in which case\nnone of the other fields will be set.\n",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"required": false,
"title": "Time when operation was started"
}
},
"title": "Current backup operation status",
"type": "object"
}
CustomAttributeAction (type)
{
"additionalProperties": false,
"description": "Request Parameter which specify action to either add or remove the custom values.",
"id": "CustomAttributeAction",
"module_id": "PolicyContextProfile",
"properties": {
"action": {
"description": "Action parameter determines whether to add or remove Custom Context Profile Attribute values.",
"enum": [
"add",
"remove"
],
"required": true,
"title": "Add or Remove Custom Context Profile Attribute values.",
"type": "string"
}
},
"title": "Request Parameters for Custom Context Profile Attributes",
"type": "object"
}
CustomFilterWidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration for custom filter widget. For this widget the data source is not applicable. It defines ui identifer for filter UI component and render it on dashboard view. This configuration can only be used for system owned widgets.",
"extends": {
"$ref": "FilterWidgetConfiguration
},
"id": "CustomFilterWidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "CustomFilterWidgetConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alias": {
"description": "Alias to be used when emitting filter value.",
"title": "Alias to be used when emitting filter value",
"type": "string"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"ui_component_identifier": {
"description": "User defined filter component selector to be rendered inside view/container.",
"required": true,
"title": "UI identifier for filter component to be rendered inside view/container",
"type": "string"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Custom Filter widget Configuration",
"type": "object"
}
CustomWidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration for custom widget. For this widget the data source is not applicable. It defines ui identifer to identify UI component and render it on dashboard view. This configuration can only be used for system owned widgets.",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "CustomWidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "CustomWidgetConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"ui_component_identifier": {
"description": "User defined component selector to be rendered inside view/container.",
"title": "UI identifier for component to be rendered inside view/container",
"type": "string"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Custom widget Configuration",
"type": "object"
}
CvxConnectionInfo (type)
{
"additionalProperties": false,
"description": "Credential info to connect to a CVX type of enforcement point.",
"extends": {
"$ref": "EnforcementPointConnectionInfo
},
"id": "CvxConnectionInfo",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "CvxConnectionInfo"
},
"properties": {
"enforcement_point_address": {
"description": "Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be \"10.192.1.1\" - On an NSX-T MP running on custom port, the value could be \"192.168.1.1:32789\" - On an NSX-T MP in VMC deployments, the value could be \"192.168.1.1:5480/nsxapi\"",
"required": true,
"title": "Enforcement Point Address",
"type": "string"
},
"password": {
"description": "Password.",
"required": true,
"sensitive": true,
"title": "Password",
"type": "secure_string"
},
"resource_type": {
"description": "Resource Type of Enforcement Point Connection Info.",
"enum": [
"NSXTConnectionInfo",
"NSXVConnectionInfo",
"CvxConnectionInfo",
"AviConnectionInfo"
],
"required": true,
"title": "Connection Info Resource Type",
"type": "string"
},
"thumbprint": {
"description": "Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX.",
"required": false,
"title": "Thumbprint of Enforcement Point",
"type": "string"
},
"username": {
"description": "Username.",
"required": true,
"sensitive": true,
"title": "Username",
"type": "secure_string"
}
},
"title": "CVX Connection Info",
"type": "object"
}
DADMode (type)
{
"additionalProperties": false,
"description": "Duplicate address detection modes.",
"enum": [
"LOOSE",
"STRICT"
],
"id": "DADMode",
"module_id": "Routing",
"title": "DAD Mode",
"type": "string"
}
DADStatus (type)
{
"additionalProperties": false,
"description": "Duplicate address detection status for IP address on port.",
"enum": [
"DUPLICATED",
"TENTATIVE",
"ASSIGNED",
"NOT_APPLICABLE",
"UNKNOWN"
],
"id": "DADStatus",
"module_id": "LogicalRouterPorts",
"title": "DAD Status",
"type": "string"
}
DNSForwarderStatisticsPerEnforcementPoint (type)
{
"abstract": true,
"description": "DNS forwarder statistics per enforcement point.",
"id": "DNSForwarderStatisticsPerEnforcementPoint",
"module_id": "PolicyDNSStatistics",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"enforcement_point_path": {
"description": "Policy path referencing the enforcement point from where the statistics are fetched.",
"readonly": true,
"title": "Enforcement point path",
"type": "string"
},
"resource_type": {
"enum": [
"NsxTDNSForwarderStatistics"
],
"required": true,
"type": "string"
}
},
"title": "DNS forwarder statistics per enforcement point",
"type": "object"
}
DNSForwarderStatusPerEnforcementPoint (type)
{
"abstract": true,
"description": "DNS forwarder status per enforcement point.",
"id": "DNSForwarderStatusPerEnforcementPoint",
"module_id": "PolicyDNSStatistics",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"enforcement_point_path": {
"description": "Policy path referencing the enforcement point from where the status is fetched.",
"readonly": true,
"title": "Enforcement point path",
"type": "string"
},
"resource_type": {
"enum": [
"NsxTDNSForwarderStatus"
],
"required": true,
"type": "string"
}
},
"title": "DNS forwarder status per enforcement point",
"type": "object"
}
DataCounter (type)
{
"id": "DataCounter",
"module_id": "AggSvcL2Types",
"properties": {
"dropped": {
"required": false,
"title": "The dropped packets or bytes",
"type": "integer"
},
"multicast_broadcast": {
"required": false,
"title": "The multicast and broadcast packets or bytes",
"type": "integer"
},
"total": {
"required": true,
"title": "The total packets or bytes",
"type": "integer"
}
},
"type": "object"
}
DataSourceParameters (type)
{
"id": "DataSourceParameters",
"module_id": "Types",
"properties": {
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
}
},
"type": "object"
}
DataSourceType (type)
{
"enum": [
"realtime",
"cached"
],
"id": "DataSourceType",
"module_id": "Types",
"title": "Data source type.",
"type": "string"
}
Datasource (type)
{
"additionalProperties": false,
"description": "An instance of a datasource configuration.",
"id": "Datasource",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"display_name": {
"description": "Name of a datasource instance.",
"maxLength": 255,
"required": true,
"title": "Datasource instance's display name",
"type": "string"
},
"keystore_info": {
"$ref": "KeyStoreInfo,
"description": "Key Store information for all the url aliases defined in datasource. Use this property if key store information is same for each url aliases in the datasource.",
"title": "Key Store Info"
},
"urls": {
"description": "Array of urls relative to the datasource configuration. For example, api/v1/fabric/nodes is a relative url of nsx-manager instance.",
"items": {
"$ref": "UrlAlias
},
"required": true,
"title": "Array of relative urls and their aliases",
"type": "array"
}
},
"title": "Datasource Instance",
"type": "object"
}
DatetimeUTC (type)
{
"description": "Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ'",
"id": "DatetimeUTC",
"title": "Datetime string in UTC",
"type": "string"
}
DecryptionFailAction (type)
{
"additionalProperties": false,
"description": "Action to take when TLS handshake fails.",
"enum": [
"BLOCK",
"BYPASS"
],
"help_summary": "Use of 'BLOCK' will terminate subsequent connections.\nUse of 'BYPASS' will remember handshake failure and not intercept subsequent.\nconnections.\n",
"id": "DecryptionFailAction",
"module_id": "PolicyTlsActionProfile",
"readonly": true,
"required": false,
"title": "TLS handshake fail action",
"type": "string"
}
DedicatedResources (type)
{
"additionalProperties": false,
"description": "To assign dedicated resources from default project to custom project for logging. Resources dedicated to this project for logging cannot be dedicated to other projects.",
"id": "DedicatedResources",
"module_id": "PolicyProject",
"properties": {
"tier_0s": {
"description": "Logs for Tier0s mentioned will have this project's context. Tier0s or labels mentioned under dedicated_resources should also be part of tier_0s under project payload. Label should have reference of Tier0 path.",
"items": {
"type": "string"
},
"required": false,
"title": "Array of Tier0s paths or label path dedicated to this Project for logging.",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Project"
],
"relationshipType": "PROJECT_TIER0_DEDICATED_RESOURCES_RELATIONSHIP",
"rightType": [
"Tier0",
"Label"
]
}
]
}
},
"title": "Dedicated Resources to Project for Logging",
"type": "object"
}
DefaultFilterValue (type)
{
"additionalProperties": false,
"description": "An instance of a datasource configuration.",
"id": "DefaultFilterValue",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"alias": {
"description": "Filter alias.",
"required": true,
"title": "Filter alias",
"type": "string"
},
"value": {
"description": "Filter default value.",
"required": true,
"title": "Filter default value",
"type": "string"
}
},
"title": "Default filter values",
"type": "object"
}
DeleteRemoteDirectoryProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CopyRemoteFileProperties
},
"id": "DeleteRemoteDirectoryProperties",
"properties": {
"directory_path": {
"description": "Directory Path which needs to be retained",
"required": false,
"title": "Directory Path",
"type": "string"
},
"port": {
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"preserve_file_properties": {
"default": true,
"required": false,
"title": "Preserve file properties flag",
"type": "boolean"
},
"protocol": {
"$ref": "SftpProtocol,
"description": "Protocol to use to delete directory",
"required": true,
"title": "Protocol to use to delete directory"
},
"server": {
"pattern": "^.+$",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
},
"uri": {
"required": true,
"title": "URI of file to copy",
"type": "string"
}
},
"type": "object"
}
DeleteRequestParameters (type)
{
"additionalProperties": {},
"id": "DeleteRequestParameters",
"module_id": "Common",
"properties": {
"force": {
"default": false,
"description": "If true, deleting the resource succeeds even if it is being referred as a resource reference.",
"title": "Force delete the resource even if it is being used somewhere\n",
"type": "boolean"
}
},
"title": "Parameters that affect how delete operations are processed",
"type": "object"
}
DependentServices (type)
{
"additionalProperties": false,
"id": "DependentServices",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"dependent_services": {
"description": "List of firewall dependent services.",
"items": {
"type": "string"
},
"title": "List of firewall dependent services",
"type": "array"
}
},
"type": "object"
}
DeploymentZone (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Logical grouping of enforcement points. This is a deprecated type. DeploymentZone has been renamed to Site. Use Site.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "DeploymentZone",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enforcement_points": {
"items": {
"$ref": "EnforcementPoint
},
"required": false,
"title": "Logical grouping of enforcement points",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Deployment zone",
"type": "object"
}
DfwDropCounters (type)
{
"id": "DfwDropCounters",
"module_id": "AggSvcL2Types",
"properties": {
"rx_dropped": {
"description": "The number of received packets dropped by distributed firewall rules due to rule actions.",
"required": false,
"title": "Number of received packets dropped by firewall.",
"type": "integer"
},
"tx_dropped": {
"description": "The number of sent packets dropped by distributed firewall rules due to rule actions.",
"required": false,
"title": "Number of sent packets dropped by firewall.",
"type": "integer"
}
},
"type": "object"
}
DfwFirewallConfiguration (type)
{
"additionalProperties": false,
"extends": {
"$ref": "FirewallConfiguration
},
"id": "DfwFirewallConfiguration",
"module_id": "Policy",
"policy_hierarchical_children": [
"ChildPolicyExcludeList"
],
"polymorphic-type-descriptor": {
"type-identifier": "DfwFirewallConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"disable_auto_drafts": {
"default": false,
"description": "To deactivate auto drafts, set it to true. By default, auto drafts are enabled.",
"title": "Auto draft deactivate flag",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_firewall": {
"default": true,
"description": "If set to true, Firewall is enabled.",
"title": "Firewall enable flag",
"type": "boolean"
},
"global_addrset_mode_enabled": {
"default": true,
"description": "When this flag is set to true, global address set is enabled in Distributed Firewall.",
"title": "A flag to indicate if global address set is enabled in DFW",
"type": "boolean"
},
"global_macset_optimization_mode_enabled": {
"default": false,
"description": "MACSet optimization is turned on when this flag is set to true. By default it is set to false.",
"title": "Global MACSet Optimization Flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idfw_enabled": {
"default": false,
"description": "If set to true, identity firewall is enabled.",
"title": "Identity firewall enable flag",
"type": "boolean"
},
"idfw_event_log_scraper_enabled": {
"default": false,
"description": "Enables event log scraping for Identity firewall.",
"title": "Enable event log scraping",
"type": "boolean"
},
"idfw_loginsight_enabled": {
"default": false,
"description": "If set to true, collection of login/logout events from Loginsight server is enabled.",
"title": "Enable Loginsight server for Identity Firewall",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"DfwFirewallConfiguration"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "DFW Firewall related configurations",
"type": "object"
}
DfwHeapMemoryUsage (type)
{
"additionalProperties": false,
"description": "Distributed Firewall heap memory utilization.",
"id": "DfwHeapMemoryUsage",
"module_id": "ApplianceStats",
"properties": {
"description": {
"description": "Description of the DFW module.",
"readonly": true,
"title": "Description of the DFW module",
"type": "string"
},
"name": {
"description": "Name of the DFW heap on specified host.",
"readonly": true,
"title": "Name of the DFW module",
"type": "string"
},
"total_mb": {
"description": "Total size of heap for the specified heap in mb units.",
"readonly": true,
"title": "Total size of heap for the specified heap in mb units",
"type": "integer"
},
"usage_pct": {
"description": "Percentage of heap utilized for specific heap.",
"readonly": true,
"title": "Percentage of heap utilized for specific heap",
"type": "number"
},
"used_mb": {
"description": "Utilized size of heap for the specified heap in mb units.",
"readonly": true,
"title": "Utilized size of heap for the specified heap in mb units",
"type": "integer"
}
},
"title": "DFW heap memory usage",
"type": "object"
}
DhGroup (type)
{
"additionalProperties": false,
"description": "Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1048-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. GROUP19 uses 256-bit Random Elliptic Curve (ECP) group. GROUP20 uses 384-bit Random ECP group. GROUP21 uses 521-bit Random ECP group.",
"enum": [
"GROUP2",
"GROUP5",
"GROUP14",
"GROUP15",
"GROUP16",
"GROUP19",
"GROUP20",
"GROUP21"
],
"id": "DhGroup",
"module_id": "PolicyVpnIPSecVpn",
"title": "Diffie-Hellman groups",
"type": "string"
}
DhcpConfig (type)
{
"description": "DHCP config. This dhcp configuration can be overriden per subnet.",
"id": "DhcpConfig",
"module_id": "PolicyVpc",
"properties": {
"dhcp_relay_config_path": {
"description": "Policy path of DHCP-relay-config. If configured then all the subnets will be configured with the DHCP relay server. If not specified, then the local DHCP server will be configured for all connected subnets.",
"required": false,
"title": "DHCP relay config path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"dns_client_config": {
"$ref": "DnsClientConfig,
"description": "Dns configuration",
"required": false,
"title": "Dns client configuration"
},
"enable_dhcp": {
"description": "If activated, the DHCP server will be configured based on IP address type. If deactivated then neither DHCP server nor relay shall be configured.",
"required": false,
"title": "Activate or Deactivate DHCP",
"type": "boolean"
}
},
"title": "DHCP configuration",
"type": "object"
}
DhcpDeleteLeaseRequestParameters (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"id": "DhcpDeleteLeaseRequestParameters",
"module_id": "Dhcp",
"properties": {
"ip": {
"$ref": "IPAddress,
"required": true
},
"mac": {
"$ref": "MACAddress,
"required": true
}
},
"type": "object"
}
DhcpDeleteLeases (type)
{
"additionalProperties": false,
"id": "DhcpDeleteLeases",
"module_id": "PolicyConnectivity",
"properties": {
"leases": {
"items": {
"$ref": "DhcpDeleteLeaseRequestParameters
},
"maxItems": 100,
"minItems": 1,
"required": true,
"title": "List of DHCP leases",
"type": "array"
}
},
"title": "List of DHCP leases to be deleted",
"type": "object"
}
DhcpHeader (type)
{
"additionalProperties": false,
"id": "DhcpHeader",
"module_id": "Traceflow",
"properties": {
"op_code": {
"default": "BOOTREQUEST",
"description": "This is used to specify the general type of message. A client sending request to a server uses an op code of BOOTREQUEST, while a server replying uses an op code of BOOTREPLY.",
"enum": [
"BOOTREQUEST",
"BOOTREPLY"
],
"required": false,
"title": "Message op code / message type",
"type": "string"
}
},
"type": "object"
}
DhcpIpPoolUsage (type) (Deprecated)
{
"deprecated": true,
"id": "DhcpIpPoolUsage",
"module_id": "AggSvcDhcp",
"properties": {
"allocated_number": {
"required": true,
"title": "allocated number. COULD BE INACCURATE, REFERENCE ONLY.",
"type": "integer"
},
"allocated_percentage": {
"required": true,
"title": "allocated percentage. COULD BE INACCURATE, REFERENCE ONLY.",
"type": "integer"
},
"dhcp_ip_pool_id": {
"required": true,
"title": "uuid of dhcp ip pool",
"type": "string"
},
"pool_size": {
"required": true,
"title": "pool size",
"type": "integer"
}
},
"type": "object"
}
DhcpLeasePerIP (type)
{
"id": "DhcpLeasePerIP",
"module_id": "AggSvcDhcp",
"properties": {
"expire_time": {
"required": false,
"title": "expire time of the lease",
"type": "string"
},
"ip_address": {
"required": true,
"title": "ip address of client",
"type": "string"
},
"lease_time": {
"required": false,
"title": "lease time of the ip address, in seconds",
"type": "string"
},
"mac_address": {
"required": true,
"title": "mac address of client",
"type": "string"
},
"start_time": {
"required": true,
"title": "start time of lease",
"type": "string"
},
"subnet": {
"required": false,
"title": "subnet of client network",
"type": "string"
}
},
"type": "object"
}
DhcpLeases (type)
{
"extends": {
"$ref": "ListResult
},
"id": "DhcpLeases",
"module_id": "AggSvcDhcp",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"dhcp_server_id": {
"required": false,
"title": "dhcp server uuid",
"type": "string"
},
"ipv6_leases": {
"items": {
"$ref": "DhcpV6Lease
},
"maxItems": 65535,
"minItems": 0,
"required": false,
"title": "The ipv6 lease info list of the server",
"type": "array"
},
"leases": {
"items": {
"$ref": "DhcpLeasePerIP
},
"maxItems": 65535,
"minItems": 0,
"required": false,
"title": "The lease info list of the server",
"type": "array"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"required": false,
"title": "timestamp of the lease info"
}
},
"type": "object"
}
DhcpLeasesResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "DhcpLeases
},
"id": "DhcpLeasesResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"connectivity_path": {
"description": "Policy path to Segment, Tier0 or Tier1 gateway where DHCP server is attached.",
"required": false,
"title": "Policy path to Segment, Tier0 or Tier1 gateway",
"type": "string"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"dhcp_server_id": {
"required": false,
"title": "dhcp server uuid",
"type": "string"
},
"ipv6_leases": {
"items": {
"$ref": "DhcpV6Lease
},
"maxItems": 65535,
"minItems": 0,
"required": false,
"title": "The ipv6 lease info list of the server",
"type": "array"
},
"leases": {
"items": {
"$ref": "DhcpLeasePerIP
},
"maxItems": 65535,
"minItems": 0,
"required": false,
"title": "The lease info list of the server",
"type": "array"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"required": false,
"title": "timestamp of the lease info"
}
},
"type": "object"
}
DhcpOption121 (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "DHCP option 121 to define classless static route.",
"id": "DhcpOption121",
"module_id": "Dhcp",
"properties": {
"static_routes": {
"description": "Classless static route of DHCP option 121.",
"items": {
"$ref": "ClasslessStaticRoute
},
"maxItems": 27,
"minItems": 1,
"required": true,
"title": "DHCP classless static routes",
"type": "array"
}
},
"title": "DHCP option 121",
"type": "object"
}
DhcpRelayConfig (type)
{
"additionalProperties": false,
"description": "DHCP relay configuration. Please note, the realized-state of this entity returned by the \"GET /policy/api/v1/infra/realized-state/realized-entity\" with this entity policy-path is irrelevant with the application status of this entity. Please do not rely on this returned realized-state to determine how this dhcp-relay-config was applied. The dhcp realization information was reflected in the realization states of the referencing Segment or T0/T1 gateway.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "DhcpRelayConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"server_addresses": {
"description": "DHCP server IP addresses for DHCP relay configuration. Both IPv4 and IPv6 addresses are supported.",
"items": {
"$ref": "IPAddress
},
"maxItems": 8,
"required": true,
"title": "DHCP relay addresses",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "DHCP relay configuration",
"type": "object"
}
DhcpRelayConfigListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "DhcpRelayConfigListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "DhcpRelayConfig
},
"required": true,
"title": "DhcpRelayConfig results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of DhcpRelayConfigs",
"type": "object"
}
DhcpServerConfig (type)
{
"additionalProperties": false,
"description": "DHCP server configuration. Please note, the realized-state of this entity returned by the \"GET /policy/api/v1/infra/realized-state/realized-entity\" with this entity policy-path is irrelevant with the application status of this entity. Please do not rely on this returned realized-state to determine how this dhcp-server-config was applied. The dhcp realization information was reflected in the realization states of the referencing Segment or T0/T1 gateway.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "DhcpServerConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"edge_cluster_path": {
"description": "The reference to the edge cluster using the policy path of the edge cluster or label of type PolicyEdgeCluster. Auto assigned if only one edge cluster is configured on enforcement-point. Modifying edge cluster will reallocate DHCP server to the new edge cluster. Please note that re-allocating edge-cluster will result in losing of all exisitng DHCP lease information. Change edge cluster only when losing DHCP leases is not a real problem, e.g. cross-site migration or failover and all client hosts will be reboot and get new IP addresses.",
"required": false,
"title": "Edge cluster path or label of type PolicyEdgeCluster",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"DhcpServerConfig"
],
"relationshipType": "_UNOPTIMIZED_RELATIONSHIP_",
"rightType": [
"PolicyEdgeCluster"
]
},
{
"leftType": [
"DhcpServerConfig"
],
"relationshipType": "DHCP_SERVER_EDGE_CLUSTER_LABEL_RELATIONSHIP",
"rightType": [
"Label"
]
}
]
},
"enable_standby_relocation": {
"default": false,
"description": "If no \"preferred-edge-paths\" were defined, and the \"enable-standby-relocation\"=true, once a new edge-node was added to the edge-cluster, the stand-by node of the DHCP could possibly be moved to another edge-node. But there is no guarantee that the stand-by will be moved. Please note, if the dhcp-server-config was applied to a gateway, and this gateway has defined its own edge-cluster and preferred edge-nodes, then the edge-cluster and nodes defined in dhcp-server-config will be ignored.",
"required": false,
"title": "Stand-By Relocation",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"lease_time": {
"default": 86400,
"deprecated": true,
"description": "IP address lease time in seconds.",
"maximum": 4294967295,
"minimum": 60,
"required": false,
"title": "IP address lease time in seconds",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"preferred_edge_paths": {
"description": "Policy paths to edge nodes on which the DHCP servers run. The first edge node is assigned as active edge, and second one as stanby edge. If only one edge node is specified, the DHCP servers will run without HA support. When this property is not specified, edge nodes are auto-assigned during realization of the DHCP server.",
"items": {
"type": "string"
},
"maxItems": 2,
"required": false,
"title": "Edge node path",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"server_address": {
"deprecated": true,
"description": "DHCP server address in CIDR format. Prefix length should be less than or equal to 30. DHCP server is deployed as DHCP relay service. This property is deprecated, use server_addresses instead. Both properties cannot be specified together with different new values.",
"format": "ip-cidr-block",
"required": false,
"title": "DHCP server address in CIDR format",
"type": "string"
},
"server_addresses": {
"description": "DHCP server address in CIDR format. Both IPv4 and IPv6 address families are supported. Prefix length should be less than or equal to 30 for IPv4 address family and less than or equal to 126 for IPv6. When not specified, IPv4 value is auto-assigned to 100.96.0.1/30. Ignored when this object is configured at a Segment.",
"items": {
"format": "ip-cidr-block",
"type": "string"
},
"maxItems": 2,
"required": false,
"title": "DHCP server address in CIDR format",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "DHCP server configuration",
"type": "object"
}
DhcpServerConfigListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "DhcpServerConfigListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "DhcpServerConfig
},
"required": true,
"title": "DhcpServerConfig results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of DhcpServerConfigs",
"type": "object"
}
DhcpServerLeaseRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "DhcpServerRequestParameters
},
"id": "DhcpServerLeaseRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"address": {
"description": "IP address, IP range or MAC address to retrieve specific lease information. Either a \"address\" or a \"segment_path\" can be provided, but not both in the same call.",
"required": false,
"title": "IP or MAC address",
"type": "string"
},
"connectivity_path": {
"description": "String Path of Tier0, Tier1 or Segment where DHCP server is deployed. Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway. Segment path must be specified for local DHCP server configuration.",
"required": true,
"title": "String Path of Tier0, Tier1 or Segment",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "Enforcement point path. Required when multiple enforcement points are configured.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"segment_path": {
"description": "Segment path to retrieve lease information. Either a \"address\" or a \"segment_path\" can be provided, but not both in the same call.",
"required": false,
"title": "Segment path to retrieve lease information",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"description": "The data source, either realtime or cached. If not provided, cached data is returned.",
"required": false,
"title": "The data source"
}
},
"title": "DHCP server lease request parameters",
"type": "object"
}
DhcpServerRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "DhcpServerRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"connectivity_path": {
"description": "String Path of Tier0, Tier1 or Segment where DHCP server is deployed. Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway. Segment path must be specified for local DHCP server configuration.",
"required": true,
"title": "String Path of Tier0, Tier1 or Segment",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "Enforcement point path. Required when multiple enforcement points are configured.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "DHCP server list request parameters",
"type": "object"
}
DhcpServerState (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ConfigurationState
},
"id": "DhcpServerState",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"details": {
"items": {
"$ref": "ConfigurationStateElement
},
"readonly": true,
"required": false,
"title": "Array of configuration state of various sub systems",
"type": "array"
},
"failure_code": {
"readonly": true,
"required": false,
"title": "Error code",
"type": "integer"
},
"failure_message": {
"readonly": true,
"required": false,
"title": "Error message in case of failure",
"type": "string"
},
"state": {
"description": "Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. \"in_sync\" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to \"success\". Please note, failed state is deprecated.",
"enum": [
"pending",
"in_progress",
"success",
"failed",
"partial_success",
"orphaned",
"unknown",
"error",
"in_sync",
"NOT_AVAILABLE",
"VM_DEPLOYMENT_QUEUED",
"VM_DEPLOYMENT_IN_PROGRESS",
"VM_DEPLOYMENT_FAILED",
"VM_POWER_ON_IN_PROGRESS",
"VM_POWER_ON_FAILED",
"REGISTRATION_PENDING",
"NODE_NOT_READY",
"NODE_READY",
"VM_POWER_OFF_IN_PROGRESS",
"VM_POWER_OFF_FAILED",
"VM_UNDEPLOY_IN_PROGRESS",
"VM_UNDEPLOY_FAILED",
"VM_UNDEPLOY_SUCCESSFUL",
"EDGE_CONFIG_ERROR",
"VM_DEPLOYMENT_RESTARTED",
"REGISTRATION_FAILED",
"TRANSPORT_NODE_SYNC_PENDING",
"TRANSPORT_NODE_CONFIGURATION_MISSING",
"EDGE_HARDWARE_NOT_SUPPORTED",
"MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED",
"TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER",
"TZ_ENDPOINTS_NOT_SPECIFIED",
"NO_PNIC_PREPARED_IN_EDGE",
"APPLIANCE_INTERNAL_ERROR",
"VTEP_DHCP_NOT_SUPPORTED",
"UNSUPPORTED_HOST_SWITCH_PROFILE",
"UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED",
"HOSTSWITCH_PROFILE_NOT_FOUND",
"LLDP_SEND_ENABLED_NOT_SUPPORTED",
"UNSUPPORTED_NAMED_TEAMING_POLICY",
"LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM",
"LACP_NOT_SUPPORTED_FOR_EDGE_VM",
"STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM",
"MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE",
"UNSUPPORTED_LACP_LB_ALGO_FOR_NODE",
"EDGE_NODE_VERSION_NOT_SUPPORTED",
"NO_PNIC_SPECIFIED_IN_TN",
"INVALID_PNIC_DEVICE_NAME",
"TRANSPORT_NODE_READY",
"VM_NETWORK_EDIT_PENDING",
"UNSUPPORTED_DEFAULT_TEAMING_POLICY",
"MPA_DISCONNECTED",
"VM_RENAME_PENDING",
"VM_CONFIG_EDIT_PENDING",
"VM_NETWORK_EDIT_FAILED",
"VM_RENAME_FAILED",
"VM_CONFIG_EDIT_FAILED",
"VM_CONFIG_DISCREPANCY",
"VM_NODE_REFRESH_FAILED",
"VM_PLACEMENT_REFRESH_FAILED",
"REGISTRATION_TIMEDOUT",
"REPLACE_FAILED",
"UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED",
"LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING",
"DELETE_VM_IN_REDEPLOY_FAILED",
"DEPLOY_VM_IN_REDEPLOY_FAILED",
"INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE",
"VM_RESOURCE_RESERVATION_FAILED",
"DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER",
"DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"EDGE_NODE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE",
"EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE",
"COMPUTE_MANAGER_NOT_FOUND",
"DELETE_IN_PROGRESS",
"ADVANCED_CONFIG_EDIT_FAILED",
"UPT_MODE_REALIZATION_POLL_TIMED_OUT",
"DATAPATH_CONFIGURATION_EDIT_FAILED",
"MAINTENANCE_MODE_ENABLED",
"ERROR_IN_ENABLE_MAINTENANCE_MODE",
"ERROR_IN_DISABLE_MAINTENANCE_MODE",
"CONFIGURE_UPT_ON_VM_FAILED",
"VM_VERSION_IS_UPT_INCOMPATIBLE",
"DELETE_FAILED_FOR_DIFFERENT_MOREF_ID",
"DELETE_FAILED_ON_VM_NOT_FOUND",
"DELETE_FAILED_FOR_NON_LCM_EDGE",
"ADVANCED_CONFIG_EDIT_PENDING",
"DUPLICATE_VLANS_SHARING_SAME_PNIC",
"MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"REDEPLOY_ACTIVITY_FAILED",
"REDEPLOY_ACTIVITY_IN_PROGRESS",
"REDEPLOY_ACTIVITY_SCHEDULED",
"REDEPLOY_ACTIVITY_SUCCESSFUL",
"REPLACE_ACTIVITY_FAILED",
"REPLACE_ACTIVITY_IN_PROGRESS",
"REPLACE_ACTIVITY_SCHEDULED",
"REPLACE_ACTIVITY_SUCCESSFUL",
"REPLACED_RPC_CLIENT_OF_TN",
"RETRYING_REPLACE",
"UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR",
"VM_REDEPLOY_FAILED",
"VM_RESOURCE_RESERVATION_EDIT_PENDING",
"REDEPLOYED_VM_REGISTRATION_PENDING"
],
"readonly": true,
"required": true,
"title": "Overall state of desired configuration",
"type": "string"
}
},
"type": "object"
}
DhcpServerStatistics (type)
{
"additionalProperties": false,
"extends": {
"$ref": "DhcpStatistics
},
"id": "DhcpServerStatistics",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"acks": {
"required": true,
"title": "The total number of DHCP ACK packets",
"type": "integer"
},
"declines": {
"required": true,
"title": "The total number of DHCP DECLINE packets",
"type": "integer"
},
"dhcp_server_id": {
"required": true,
"title": "dhcp server uuid",
"type": "string"
},
"discovers": {
"required": true,
"title": "The total number of DHCP DISCOVER packets",
"type": "integer"
},
"errors": {
"required": true,
"title": "The total number of DHCP errors",
"type": "integer"
},
"informs": {
"required": true,
"title": "The total number of DHCP INFORM packets",
"type": "integer"
},
"ip_pool_stats": {
"items": {
"$ref": "DhcpIpPoolUsage
},
"required": false,
"title": "The DHCP ip pool usage statistics",
"type": "array"
},
"nacks": {
"required": true,
"title": "The total number of DHCP NACK packets",
"type": "integer"
},
"offers": {
"required": true,
"title": "The total number of DHCP OFFER packets",
"type": "integer"
},
"releases": {
"required": true,
"title": "The total number of DHCP RELEASE packets",
"type": "integer"
},
"requests": {
"required": true,
"title": "The total number of DHCP REQUEST packets",
"type": "integer"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"required": true,
"title": "timestamp of the statistics"
}
},
"type": "object"
}
DhcpServerStatus (type) (Deprecated)
{
"deprecated": true,
"id": "DhcpServerStatus",
"module_id": "AggSvcDhcp",
"properties": {
"active_node": {
"required": true,
"title": "uuid of active transport node",
"type": "string"
},
"error_message": {
"required": false,
"title": "Error message, if available",
"type": "string"
},
"service_status": {
"description": "UP means the dhcp service is working fine on both active transport-node and stand-by transport-node (if have), hence fail-over can work at this time if there is failure happens on one of the transport-node; DOWN means the dhcp service is down on both active transport-node and stand-by node (if have), hence the dhcp-service will not repsonse any dhcp request; Error means error happens on transport-node(s) or no status is reported from transport-node(s). The dhcp service may be working (or not working); NO_STANDBY means dhcp service is working in one of the transport node while not in the other transport-node (if have). Hence if the dhcp service in the working transport-node is down, fail-over will not happen and the dhcp service will go down.",
"enum": [
"UP",
"DOWN",
"ERROR",
"NO_STANDBY"
],
"required": true,
"type": "string"
},
"stand_by_node": {
"required": false,
"title": "uuid of stand_by transport node. null if non-HA mode",
"type": "string"
}
},
"type": "object"
}
DhcpStaticBindingConfig (type)
{
"abstract": true,
"additionalProperties": false,
"description": "DHCP IPv4 and IPv6 static bindings are extended from this abstract class.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "DhcpStaticBindingConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Resource type of the DhcpStaticBindingConfig",
"enum": [
"DhcpV4StaticBindingConfig",
"DhcpV6StaticBindingConfig"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base class for DHCP options",
"type": "object"
}
DhcpStaticBindingConfigListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "DhcpStaticBindingConfigListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "DhcpStaticBindingConfig
},
"required": true,
"title": "Paginated list of DhcpStaticBindingConfig",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
DhcpStaticBindingState (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ConfigurationState
},
"id": "DhcpStaticBindingState",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"details": {
"items": {
"$ref": "ConfigurationStateElement
},
"readonly": true,
"required": false,
"title": "Array of configuration state of various sub systems",
"type": "array"
},
"failure_code": {
"readonly": true,
"required": false,
"title": "Error code",
"type": "integer"
},
"failure_message": {
"readonly": true,
"required": false,
"title": "Error message in case of failure",
"type": "string"
},
"state": {
"description": "Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. \"in_sync\" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to \"success\". Please note, failed state is deprecated.",
"enum": [
"pending",
"in_progress",
"success",
"failed",
"partial_success",
"orphaned",
"unknown",
"error",
"in_sync",
"NOT_AVAILABLE",
"VM_DEPLOYMENT_QUEUED",
"VM_DEPLOYMENT_IN_PROGRESS",
"VM_DEPLOYMENT_FAILED",
"VM_POWER_ON_IN_PROGRESS",
"VM_POWER_ON_FAILED",
"REGISTRATION_PENDING",
"NODE_NOT_READY",
"NODE_READY",
"VM_POWER_OFF_IN_PROGRESS",
"VM_POWER_OFF_FAILED",
"VM_UNDEPLOY_IN_PROGRESS",
"VM_UNDEPLOY_FAILED",
"VM_UNDEPLOY_SUCCESSFUL",
"EDGE_CONFIG_ERROR",
"VM_DEPLOYMENT_RESTARTED",
"REGISTRATION_FAILED",
"TRANSPORT_NODE_SYNC_PENDING",
"TRANSPORT_NODE_CONFIGURATION_MISSING",
"EDGE_HARDWARE_NOT_SUPPORTED",
"MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED",
"TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER",
"TZ_ENDPOINTS_NOT_SPECIFIED",
"NO_PNIC_PREPARED_IN_EDGE",
"APPLIANCE_INTERNAL_ERROR",
"VTEP_DHCP_NOT_SUPPORTED",
"UNSUPPORTED_HOST_SWITCH_PROFILE",
"UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED",
"HOSTSWITCH_PROFILE_NOT_FOUND",
"LLDP_SEND_ENABLED_NOT_SUPPORTED",
"UNSUPPORTED_NAMED_TEAMING_POLICY",
"LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM",
"LACP_NOT_SUPPORTED_FOR_EDGE_VM",
"STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM",
"MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE",
"UNSUPPORTED_LACP_LB_ALGO_FOR_NODE",
"EDGE_NODE_VERSION_NOT_SUPPORTED",
"NO_PNIC_SPECIFIED_IN_TN",
"INVALID_PNIC_DEVICE_NAME",
"TRANSPORT_NODE_READY",
"VM_NETWORK_EDIT_PENDING",
"UNSUPPORTED_DEFAULT_TEAMING_POLICY",
"MPA_DISCONNECTED",
"VM_RENAME_PENDING",
"VM_CONFIG_EDIT_PENDING",
"VM_NETWORK_EDIT_FAILED",
"VM_RENAME_FAILED",
"VM_CONFIG_EDIT_FAILED",
"VM_CONFIG_DISCREPANCY",
"VM_NODE_REFRESH_FAILED",
"VM_PLACEMENT_REFRESH_FAILED",
"REGISTRATION_TIMEDOUT",
"REPLACE_FAILED",
"UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED",
"LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING",
"DELETE_VM_IN_REDEPLOY_FAILED",
"DEPLOY_VM_IN_REDEPLOY_FAILED",
"INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE",
"VM_RESOURCE_RESERVATION_FAILED",
"DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER",
"DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"EDGE_NODE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE",
"EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE",
"COMPUTE_MANAGER_NOT_FOUND",
"DELETE_IN_PROGRESS",
"ADVANCED_CONFIG_EDIT_FAILED",
"UPT_MODE_REALIZATION_POLL_TIMED_OUT",
"DATAPATH_CONFIGURATION_EDIT_FAILED",
"MAINTENANCE_MODE_ENABLED",
"ERROR_IN_ENABLE_MAINTENANCE_MODE",
"ERROR_IN_DISABLE_MAINTENANCE_MODE",
"CONFIGURE_UPT_ON_VM_FAILED",
"VM_VERSION_IS_UPT_INCOMPATIBLE",
"DELETE_FAILED_FOR_DIFFERENT_MOREF_ID",
"DELETE_FAILED_ON_VM_NOT_FOUND",
"DELETE_FAILED_FOR_NON_LCM_EDGE",
"ADVANCED_CONFIG_EDIT_PENDING",
"DUPLICATE_VLANS_SHARING_SAME_PNIC",
"MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"REDEPLOY_ACTIVITY_FAILED",
"REDEPLOY_ACTIVITY_IN_PROGRESS",
"REDEPLOY_ACTIVITY_SCHEDULED",
"REDEPLOY_ACTIVITY_SUCCESSFUL",
"REPLACE_ACTIVITY_FAILED",
"REPLACE_ACTIVITY_IN_PROGRESS",
"REPLACE_ACTIVITY_SCHEDULED",
"REPLACE_ACTIVITY_SUCCESSFUL",
"REPLACED_RPC_CLIENT_OF_TN",
"RETRYING_REPLACE",
"UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR",
"VM_REDEPLOY_FAILED",
"VM_RESOURCE_RESERVATION_EDIT_PENDING",
"REDEPLOYED_VM_REGISTRATION_PENDING"
],
"readonly": true,
"required": true,
"title": "Overall state of desired configuration",
"type": "string"
}
},
"type": "object"
}
DhcpStatistics (type) (Deprecated)
{
"deprecated": true,
"id": "DhcpStatistics",
"module_id": "AggSvcDhcp",
"properties": {
"acks": {
"required": true,
"title": "The total number of DHCP ACK packets",
"type": "integer"
},
"declines": {
"required": true,
"title": "The total number of DHCP DECLINE packets",
"type": "integer"
},
"dhcp_server_id": {
"required": true,
"title": "dhcp server uuid",
"type": "string"
},
"discovers": {
"required": true,
"title": "The total number of DHCP DISCOVER packets",
"type": "integer"
},
"errors": {
"required": true,
"title": "The total number of DHCP errors",
"type": "integer"
},
"informs": {
"required": true,
"title": "The total number of DHCP INFORM packets",
"type": "integer"
},
"ip_pool_stats": {
"items": {
"$ref": "DhcpIpPoolUsage
},
"required": false,
"title": "The DHCP ip pool usage statistics",
"type": "array"
},
"nacks": {
"required": true,
"title": "The total number of DHCP NACK packets",
"type": "integer"
},
"offers": {
"required": true,
"title": "The total number of DHCP OFFER packets",
"type": "integer"
},
"releases": {
"required": true,
"title": "The total number of DHCP RELEASE packets",
"type": "integer"
},
"requests": {
"required": true,
"title": "The total number of DHCP REQUEST packets",
"type": "integer"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"required": true,
"title": "timestamp of the statistics"
}
},
"type": "object"
}
DhcpV4Options (type)
{
"additionalProperties": false,
"description": "DHCP options for IPv4 server.",
"id": "DhcpV4Options",
"module_id": "PolicyConnectivity",
"properties": {
"option121": {
"$ref": "DhcpOption121,
"description": "DHCP option 121 to define classless static routes.",
"required": false,
"title": "DHCP option 121"
},
"others": {
"description": "To define DHCP options other than option 121 in generic format. Please note, only the following options can be defined in generic format. Those other options will be accepted without validation but will not take effect. -------------------------- Code Name -------------------------- 2 Time Offset 6 Domain Name Server 13 Boot File Size 19 Forward On/Off 26 MTU Interface 28 Broadcast Address 35 ARP Timeout 40 NIS Domain 41 NIS Servers 42 NTP Servers 44 NETBIOS Name Srv 45 NETBIOS Dist Srv 46 NETBIOS Node Type 47 NETBIOS Scope 58 Renewal Time 59 Rebinding Time 64 NIS+-Domain-Name 65 NIS+-Server-Addr 66 TFTP Server-Name (used by PXE) 67 Bootfile-Name (used by PXE) 117 Name Service Search 119 Domain Search 150 TFTP server address (used by PXE) 209 PXE Configuration File 210 PXE Path Prefix 211 PXE Reboot Time",
"items": {
"$ref": "GenericDhcpOption
},
"maxItems": 255,
"minItems": 0,
"required": false,
"title": "Other DHCP options",
"type": "array"
}
},
"title": "DHCP options for IPv4 address family",
"type": "object"
}
DhcpV4StaticBindingConfig (type)
{
"additionalProperties": false,
"description": "DHCP IPv4 static bindings are configured for each segment.",
"extends": {
"$ref": "DhcpStaticBindingConfig
},
"id": "DhcpV4StaticBindingConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "DhcpV4StaticBindingConfig"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"gateway_address": {
"$ref": "IPv4Address,
"description": "When not specified, gateway address is auto-assigned from segment configuration.",
"title": "Gateway IP address"
},
"host_name": {
"description": "Hostname to assign to the host.",
"maxLength": 63,
"title": "Host name",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_address": {
"$ref": "IPv4Address,
"description": "IP assigned to host. The IP address must belong to the subnet, if any, configured on Segment.",
"required": true,
"title": "IP assigned to host"
},
"lease_time": {
"default": 86400,
"description": "DHCP lease time in seconds.",
"maximum": 4294967295,
"minimum": 60,
"title": "Lease time",
"type": "integer"
},
"mac_address": {
"$ref": "MACAddress,
"description": "MAC address of the host.",
"required": true,
"title": "MAC address of host"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"options": {
"$ref": "DhcpV4Options,
"description": "IPv4 DHCP options.",
"required": false,
"title": "DHCP options"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Resource type of the DhcpStaticBindingConfig",
"enum": [
"DhcpV4StaticBindingConfig",
"DhcpV6StaticBindingConfig"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "DHCP static binding",
"type": "object"
}
DhcpV6Lease (type)
{
"id": "DhcpV6Lease",
"module_id": "AggSvcDhcp",
"properties": {
"duid": {
"required": true,
"title": "DHCP unique identifier",
"type": "string"
},
"expire_time": {
"required": false,
"title": "expire time of the lease",
"type": "string"
},
"ia_type": {
"enum": [
"IA_INVALID",
"IA_NA",
"IA_TA",
"IA_PD"
],
"required": true,
"title": "identity association type",
"type": "string"
},
"iaid": {
"required": true,
"title": "An identifier for an IA",
"type": "integer"
},
"ip_addresses": {
"items": {
"type": "string"
},
"maxItems": 65535,
"minItems": 0,
"required": false,
"title": "ip addresses of client",
"type": "array"
},
"lease_time": {
"required": false,
"title": "lease time of the ip address, in seconds",
"type": "string"
},
"start_time": {
"required": true,
"title": "start time of lease",
"type": "string"
}
},
"type": "object"
}
DhcpV6StaticBindingConfig (type)
{
"additionalProperties": false,
"description": "DHCP IPv6 static bindings are configured for each segment.",
"extends": {
"$ref": "DhcpStaticBindingConfig
},
"id": "DhcpV6StaticBindingConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "DhcpV6StaticBindingConfig"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dns_nameservers": {
"description": "When not specified, no DNS nameserver will be set to client host.",
"items": {
"type": "string"
},
"maxItems": 2,
"minItems": 0,
"required": false,
"title": "DNS nameservers to be set to client host",
"type": "array"
},
"domain_names": {
"description": "When not specified, no domain name will be assigned to client host.",
"items": {
"type": "string"
},
"required": false,
"title": "Domain names to be assigned to client host",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_addresses": {
"description": "When not specified, no ip address will be assigned to client host.",
"items": {
"$ref": "IPv6Address
},
"maxItems": 1,
"minItems": 0,
"required": false,
"title": "IP addresses to be assigned to client host",
"type": "array"
},
"lease_time": {
"default": 86400,
"description": "Lease time, in seconds.",
"maximum": 4294967295,
"minimum": 60,
"required": false,
"title": "Lease time",
"type": "integer"
},
"mac_address": {
"$ref": "MACAddress,
"description": "The MAC address of the client host. Either client-duid or mac-address, but not both.",
"required": true,
"title": "MAC address"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"preferred_time": {
"description": "Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used.",
"maximum": 4294967295,
"minimum": 48,
"required": false,
"title": "Preferred time",
"type": "integer"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Resource type of the DhcpStaticBindingConfig",
"enum": [
"DhcpV4StaticBindingConfig",
"DhcpV6StaticBindingConfig"
],
"required": true,
"type": "string"
},
"sntp_servers": {
"description": "SNTP server IP addresses.",
"items": {
"$ref": "IPv6Address
},
"maxItems": 2,
"minItems": 0,
"required": false,
"title": "SNTP server ips",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "DHCP static binding",
"type": "object"
}
Dhcpv6Header (type)
{
"additionalProperties": false,
"id": "Dhcpv6Header",
"module_id": "Traceflow",
"properties": {
"msg_type": {
"default": "SOLICIT",
"description": "This is used to specify the DHCP v6 message. To request the assignment of one or more IPv6 addresses, a client first locates a DHCP server and then requests the assignment of addresses and other configuration information from the server. The client sends a Solicit message to the All_DHCP_Relay_Agents_and_Servers address to find available DHCP servers. Any server that can meet the client's requirements responds with an Advertise message. The client then chooses one of the servers and sends a Request message to the server asking for confirmed assignment of addresses and other configuration information. The server responds with a Reply message that contains the confirmed addresses and configuration. SOLICIT - A client sends a Solicit message to locate servers. ADVERTISE - A server sends and Advertise message to indicate that it is available. REQUEST - A client sends a Request message to request configuration parameters. REPLY - A server sends a Reply message containing assigned addresses and configuration parameters.",
"enum": [
"SOLICIT",
"ADVERTISE",
"REQUEST",
"REPLY"
],
"required": false,
"title": "DHCP message type",
"type": "string"
}
},
"type": "object"
}
DirectoryDomainSyncSettings (type)
{
"additionalProperties": false,
"id": "DirectoryDomainSyncSettings",
"module_id": "DirectoryService",
"properties": {
"delta_sync_interval": {
"default": 180,
"description": "Directory domain delta synchronization interval time between two delta sync in minutes.",
"maximum": 720,
"minimum": 5,
"required": false,
"title": "Delta synchronization inverval in minutes",
"type": "integer"
},
"full_sync_cron_expr": {
"description": "Directory domain full synchronization schedule using cron expression. For example, cron expression \"0 0 12 ? * SUN *\" means full sync is scheduled every Sunday midnight. If this object is null, it means there is no background cron job running for full sync.",
"required": false,
"title": "Full synchronization cron expression",
"type": "string"
},
"sync_delay_in_sec": {
"default": 30,
"description": "Sync delay after Directory domain has been successfully created. if delay is -1, initial full sync will not be triggered.",
"maximum": 600,
"minimum": -1,
"required": false,
"title": "Sync delay (in second).",
"type": "int"
}
},
"title": "Domain synchronization settings",
"type": "object"
}
DirectoryEventLogServerStatus (type)
{
"id": "DirectoryEventLogServerStatus",
"module_id": "DirectoryService",
"properties": {
"error_message": {
"readonly": true,
"required": false,
"title": "Additional optional detail error message",
"type": "string"
},
"last_event_record_id": {
"description": "Last event record ID is an opaque integer value that shows the last successfully received event from event log server.",
"readonly": true,
"required": false,
"title": "Last event record ID",
"type": "integer"
},
"last_event_time_created": {
"$ref": "EpochMsTimestamp,
"description": "Time of last successfully received and record event from event log server.",
"readonly": true,
"required": false,
"title": "Time when last event record ID was received"
},
"last_polling_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"required": false,
"title": "Last polling time"
},
"status": {
"description": "Connection status: OK: All OK ERROR: Generic error",
"enum": [
"OK",
"ERROR"
],
"readonly": true,
"required": true,
"title": "Current connection status of event log server",
"type": "string"
}
},
"title": "Event log server connection status",
"type": "object"
}
DiscoveredResource (type)
{
"abstract": true,
"extends": {
"$ref": "Resource
},
"id": "DiscoveredResource",
"module_id": "Common",
"polymorphic-type-descriptor": {
"mode": "force",
"property-name": "resource_type"
},
"properties": {
"_last_sync_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"required": true,
"type": "string"
},
"scope": {
"description": "Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC.",
"items": {
"$ref": "DiscoveredResourceScope
},
"readonly": false,
"required": false,
"title": "List of scopes for discovered resource",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Base class for resources that are discovered and automatically updated",
"type": "object"
}
DiscoveredResourceScope (type)
{
"id": "DiscoveredResourceScope",
"module_id": "Common",
"properties": {
"scope_id": {
"description": "Specifies the scope id of discovered resource.",
"required": false,
"title": "Scope Id of scope for discovered resource",
"type": "string"
},
"scope_type": {
"description": "Type of the scope for the discovered resource.",
"enum": [
"CONTAINER_CLUSTER",
"VPC"
],
"required": false,
"title": "Type of scope",
"type": "string"
}
},
"title": "Scope of discovered resource",
"type": "object"
}
DiscoveryProfileBindingMap (type)
{
"abstract": true,
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "DiscoveryProfileBindingMap",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base Discovery Profile Binding Map",
"type": "object"
}
DiskProvisioning (type)
{
"additionalProperties": false,
"description": "Disk provisioning type for deploying VM.",
"enum": [
"THIN",
"LAZY_ZEROED_THICK",
"EAGER_ZEROED_THICK"
],
"id": "DiskProvisioning",
"module_id": "HostPrepServiceFabric",
"required": true,
"title": "Disk provisioning type",
"type": "string"
}
DistributedFloodProtectionProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "FloodProtectionProfile
},
"id": "DistributedFloodProtectionProfile",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "DistributedFloodProtectionProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_rst_spoofing": {
"default": false,
"description": "If set to true, rst spoofing will be enabled. Flag is used only for distributed firewall profiles.",
"readonly": false,
"title": "Flag to indicate rst spoofing is enabled",
"type": "boolean"
},
"enable_syncache": {
"default": false,
"description": "If set to true, sync cache will be enabled. Flag is used only for distributed firewall profiles.",
"readonly": false,
"title": "Flag to indicate syncache is enabled",
"type": "boolean"
},
"icmp_active_flow_limit": {
"description": "If this field is empty, firewall will not set a limit to active ICMP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active ICMP connections limit",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"other_active_conn_limit": {
"description": "If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Timeout after first TN",
"type": "integer"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "FloodProtectionProfileResourceType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_half_open_conn_limit": {
"description": "If this field is empty, firewall will not set a limit to half open TCP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active half open TCP connections limit",
"type": "integer"
},
"udp_active_flow_limit": {
"description": "If this field is empty, firewall will not set a limit to active UDP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active UDP connections limit",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
DnsClientConfig (type)
{
"description": "Dns config",
"id": "DnsClientConfig",
"module_id": "PolicyVpc",
"properties": {
"dns_server_ips": {
"description": "IPs of the DNS servers which need to be configured on the workload VMs",
"items": {
"type": "string"
},
"required": false,
"type": "array"
}
},
"title": "Dns configuration",
"type": "object"
}
DnsFailedQuery (type)
{
"description": "The summary of the failed DNS query. The query result represents a full query chain from client VM to dns forwarder, and upstream server if no forwarder cache was hit.",
"id": "DnsFailedQuery",
"module_id": "DnsForwarder",
"properties": {
"address": {
"description": "The address be queried, can be a FQDN or an ip address.",
"required": false,
"title": "The adddress be queried",
"type": "string"
},
"client_ip": {
"description": "The client host ip address from which the query was issued.",
"required": false,
"title": "The client host ip address from which the query was issued",
"type": "string"
},
"error_message": {
"description": "The detailed error message of the failed query, if any.",
"required": false,
"title": "The error message of the failed query",
"type": "string"
},
"error_type": {
"description": "The type of the query failure, e.g. NXDOMAIN, etc.",
"required": false,
"title": "The type of the failure",
"type": "string"
},
"forwarder_ip": {
"description": "The DNS forwarder ip address to which the query was first received.",
"required": false,
"title": "The DNS forwarder ip address to which the query was first received",
"type": "string"
},
"record_type": {
"description": "The record type be queried, e.g. A, CNAME, SOA, etc.",
"required": false,
"title": "The record type be queried",
"type": "string"
},
"source_ip": {
"description": "The source ip address that is used to forward a query to an upstream server.",
"required": false,
"title": "The source ip address for forwarding query",
"type": "string"
},
"time_spent": {
"description": "The time the query took before it got a failed answer, in ms.",
"required": false,
"title": "Time spent in the query, if applicable",
"type": "integer"
},
"timestamp": {
"description": "Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.",
"required": true,
"title": "Timestamp of the request",
"type": "string"
},
"upstream_server_ip": {
"description": "The upstream server ip address to which the query was forwarded. If the query could not be serviced from the DNS forwarder cache, this property will contain the IP address of the DNS server that serviced the request. If the request was serviced from the cache, this property will be absent.",
"required": false,
"title": "The ip address to which the query was forwarded",
"type": "string"
}
},
"title": "The failed DNS query",
"type": "object"
}
DnsHeader (type)
{
"additionalProperties": false,
"id": "DnsHeader",
"module_id": "Traceflow",
"properties": {
"address": {
"description": "This is used to define what is being asked or responded.",
"format": "hostname-or-ip",
"required": false,
"title": "Domain name/IP to query/response",
"type": "string"
},
"address_type": {
"default": "V4",
"description": "This is used to specify the type of the address. V4 - The address provided is an IPv4 domain name/IP address, the Type in query or response will be A V6 - The address provided is an IPv6 domain name/IP address, the Type in query or response will be AAAA",
"enum": [
"V4",
"V6"
],
"required": false,
"title": null,
"type": "string"
},
"message_type": {
"default": "QUERY",
"enum": [
"QUERY",
"RESPONSE"
],
"required": false,
"title": "Specifies the message type whether it is a query or a response.",
"type": "string"
}
},
"type": "object"
}
DnsNameString (type)
{
"description": "DNS name string in the \"preferred name syntax\", as specified by Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123].",
"id": "DnsNameString",
"maxLength": 200,
"module_id": "CertificateManager",
"title": "An IA5String instance for DNS Name",
"type": "string"
}
DnsSecurityProfile (type)
{
"additionalProperties": false,
"description": "Used to configure DNS security profile",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "DnsSecurityProfile",
"module_id": "PolicyProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"ttl": {
"default": 86400,
"description": "Time to live for DNS cache entry in seconds. Valid TTL values are between 3600 to 864000. However, this field accepts values between 0 through 864000. We define TTL type based on the value of TTL as follows: TTL 0 - cached entry never expires. TTL 1 to 3599 - invalid input and error is thrown TTL 3600 to 864000 - ttl is set to user input TTL field not set by user - TTL type is 'AUTO' and ttl value is set from DNS response packet. User defined TTL value is used only when it is betweeen 3600 to 864000.",
"maximum": 864000,
"minimum": 0,
"required": false,
"title": "Time to live for DNS cache entry",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "DNS security profile",
"type": "object"
}
DnsSecurityProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between DNS security profile and Group. With this entity, user can specify intent for applying DNS security profile profile to particular Group.",
"extends": {
"$ref": "ProfileBindingMap
},
"id": "DnsSecurityProfileBindingMap",
"module_id": "PolicyFirewallDnsSecurityProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profile_path": {
"description": "PolicyPath of associated Profile",
"required": true,
"title": "Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupDiscoveryProfileBindingMap"
],
"relationshipType": "GROUP_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
},
{
"leftType": [
"PolicyFirewallFloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"FloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"PolicyFirewallCPUMemThresholdsProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FirewallCPUMemoryThresholdsProfile"
]
},
{
"leftType": [
"SessionTimerProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
},
{
"leftType": [
"DnsSecurityProfileBindingMap"
],
"relationshipType": "DNS_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"DnsSecurityProfile"
]
},
{
"leftType": [
"GeneralSecurityProfileBindingMap"
],
"relationshipType": "GATEWAY_GENERAL_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"GeneralSecurityProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"description": "Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000.",
"maximum": 100000,
"minimum": 1,
"requried": true,
"title": "Sequence number DNS Security Profile Binding Map",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Binding Map for DNS Security Profile",
"type": "object"
}
DnsSecurityProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "DnsSecurityProfileBindingMapListRequestParameters",
"module_id": "PolicyFirewallDnsSecurityProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "DNS Security Profile Binding Map List Request Parameters",
"type": "object"
}
DnsSecurityProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "DnsSecurityProfileBindingMapListResult",
"module_id": "PolicyFirewallDnsSecurityProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "DnsSecurityProfileBindingMap
},
"requried": true,
"title": "DNS Security Profile Binding Map List Results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of DNS Security Profile Binding Map",
"type": "object"
}
DnsSecurityProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "DnsSecurityProfileListResult",
"module_id": "PolicyProfile",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "DnsSecurityProfile
},
"required": true,
"title": "DnsSecurityProfile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of DnsSecurityProfile",
"type": "object"
}
Domain (type)
{
"additionalProperties": false,
"description": "Domain.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Domain",
"module_id": "Policy",
"policy_hierarchical_children": [
"ChildDomainDeploymentMap",
"ChildForwardingPolicy",
"ChildGatewayPolicy",
"ChildGroup",
"ChildSecurityPolicy"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Domain",
"type": "object"
}
DomainDeploymentMap (type)
{
"additionalProperties": false,
"description": "Binding of domain to the enforcement point.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "DomainDeploymentMap",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enforcement_point_path": {
"description": "Path of enforcement point on which domain shall be enforced.",
"required": true,
"title": "Absolute path of enforcement point",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"DomainDeploymentMap"
],
"relationshipType": "DEPLOYMENT_MAP_ENFORCEMENT_POINT_RELATIONSHIP",
"rightType": [
"EnforcementPoint"
]
}
]
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Domain Deployment Map",
"type": "object"
}
DomainDeploymentMapListRequestParameters (type)
{
"additionalProperties": false,
"description": "Domain Deployment Map list request parameters.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "DomainDeploymentMapListRequestParameters",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Domain Deployment Map List Request Parameters",
"type": "object"
}
DomainDeploymentMapListResult (type)
{
"additionalProperties": false,
"description": "Paged collection of Domain Deployment Map.",
"extends": {
"$ref": "ListResult
},
"id": "DomainDeploymentMapListResult",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Domain Deployment Map list result.",
"items": {
"$ref": "DomainDeploymentMap
},
"required": true,
"title": "Domain Deployment Map List Result",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Domain Deployment Map",
"type": "object"
}
DomainListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "DomainListRequestParameters",
"module_id": "Policy",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Domain list request parameters",
"type": "object"
}
DomainListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "DomainListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Domain
},
"required": true,
"title": "Domain list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Domains",
"type": "object"
}
DonutConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration of a Donut",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "DonutConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "DonutConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"count": {
"description": "Expression to retrieve count to be shown on Donut.",
"title": "Expression to retrieve count to be shown on Donut",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_count": {
"default": true,
"description": "If true, displays the count of entities in the donut",
"title": "Show or hide the count of entities",
"type": "boolean"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"label": {
"$ref": "Label,
"description": "Displayed at the middle of the donut, by default. It labels the entities of donut.",
"title": "Label of the Donut Configuration"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"sections": {
"decription": "High level logical grouping of portions or segments of donut.",
"items": {
"$ref": "DonutSection
},
"minItems": 1,
"required": true,
"title": "Sections",
"type": "array"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Donut Configuration",
"type": "object"
}
DonutPart (type)
{
"additionalProperties": false,
"description": "Represents an entity or portion to be plotted on a donut or stats chart.",
"id": "DonutPart",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"condition": {
"description": "If the condition is met then the part will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.",
"title": "Expression for evaluating condition",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"title": "Id of drilldown widget",
"type": "string"
},
"field": {
"description": "A numerical value that represents the portion or entity of the donut or stats chart.",
"maxLength": 1024,
"required": true,
"title": "Value of the portion or entity of donut or stats chart",
"type": "string"
},
"hide_empty_legend": {
"default": false,
"description": "If true, legend will be shown only if the data for the part is available. This is applicable only if legends are specified in widget configuration.",
"title": "Hide the legend if the data for the part is not available",
"type": "boolean"
},
"label": {
"$ref": "Label,
"description": "If a section 'template' holds this donut or stats part, then the label is auto-generated from the fetched field values after applying the template.",
"title": "Label of the portion or entity of donut or stats chart"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used.",
"title": "Navigation to a specified UI page",
"type": "string"
},
"render_configuration": {
"description": "Additional rendering or conditional evaluation of the field values to be performed, if any.",
"items": {
"$ref": "RenderConfiguration
},
"minItems": 0,
"title": "Render Configuration",
"type": "array"
},
"tooltip": {
"description": "Multi-line text to be shown on tooltip while hovering over the portion.",
"items": {
"$ref": "Tooltip
},
"minItems": 0,
"title": "Multi-line tooltip",
"type": "array"
}
},
"title": "Portion of a donut or stats chart",
"type": "object"
}
DonutSection (type)
{
"additionalProperties": false,
"description": "Represents high level logical grouping of portions or segments of a donut / stats chart.",
"id": "DonutSection",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"parts": {
"description": "Array of portions or parts of the donut or stats chart.",
"items": {
"$ref": "DonutPart
},
"minItems": 1,
"required": true,
"title": "Parts of a donut / stats chart",
"type": "array"
},
"row_list_field": {
"description": "Field of the root of the api result set for forming parts.",
"maxLength": 1024,
"title": "Field from which parts of the donut or stats chart are formed",
"type": "string"
},
"template": {
"default": false,
"description": "If true, the section will be appled as template for forming parts. Only one part will be formed from each element of 'row_list_field'.",
"title": "Template, if any, for automatically forming the donut or stats parts",
"type": "boolean"
}
},
"title": "Section of a donut or stats chart",
"type": "object"
}
DpuStatusProperties (type)
{
"id": "DpuStatusProperties",
"module_id": "ApplianceStats",
"properties": {
"cpu_cores": {
"description": "The number of CPU cores on the system.",
"readonly": true,
"title": "CPU core count",
"type": "integer"
},
"dpu_alias": {
"description": "DPU alias",
"readonly": true,
"title": "Data processing unit alias",
"type": "string"
},
"dpu_id": {
"readonly": true,
"title": "Data processing unit ID",
"type": "string"
},
"load_average": {
"description": "One, five, and fifteen minute load averages for the system.",
"items": {
"type": "number"
},
"readonly": true,
"title": "System load average",
"type": "array"
},
"mem_cache": {
"description": "Amount of RAM on the system that can be flushed out to disk, in kilobytes.",
"readonly": true,
"title": "Cached RAM size in kilobytes",
"type": "integer"
},
"mem_total": {
"description": "System Amount of RAM allocated to the system, in kilobytes.",
"readonly": true,
"title": "Total RAM size in kilobytes",
"type": "integer"
},
"mem_used": {
"description": "Amount of RAM in use on the system, in kilobytes.",
"readonly": true,
"title": "Used RAM size in kilobytes",
"type": "integer"
}
},
"title": "Data processing unit status properties",
"type": "object"
}
DropdownFilterPlotConfiguration (type)
{
"additionalProperties": false,
"description": "Dropdown Filter plotting configuration.",
"extends": {
"$ref": "WidgetPlotConfiguration
},
"id": "DropdownFilterPlotConfiguration",
"module_id": "NsxDashboard",
"properties": {
"allow_maximize": {
"description": "Allow maximize capability for this widget",
"title": "Allow maximize capability for this widget",
"type": "boolean"
},
"allow_search": {
"default": false,
"description": "Allow search on drop down filter.",
"title": "Allow search on drop down filter",
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the given chart config is applied to the widget configuration.",
"maxLength": 1024,
"title": "Expression for evaluating condition for this chart config",
"type": "string"
}
},
"title": "Dropdown Filtert plotting configuration",
"type": "object"
}
DropdownFilterWidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration for dropdown filter widget.",
"extends": {
"$ref": "FilterWidgetConfiguration
},
"id": "DropdownFilterWidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "DropdownFilterWidgetConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alias": {
"description": "Alias to be used when emitting filter value.",
"title": "Alias to be used when emitting filter value",
"type": "string"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"default_value": {
"description": "Expression to specify default value of filter.",
"title": "Expression to specify default value",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"dropdown_filter_plot_config": {
"$ref": "DropdownFilterPlotConfiguration,
"description": "Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only.",
"required": false,
"title": "Dropdown filter plotting configuration"
},
"dropdown_item": {
"$ref": "DropdownItem,
"description": "Defines the item of a dropdown.",
"required": false,
"title": "Definition for item of a dropdown"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"placeholder_msg": {
"description": "Placeholder message to be displayed in dropdown filter.",
"title": "Placeholder message to be shown in filter",
"type": "string"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"static_filter_condition": {
"description": "If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally.",
"title": "Expression for evaluating condition",
"type": "string"
},
"static_filters": {
"description": "Additional static items to be added in dropdown filter. Example can be 'ALL'.",
"items": {
"$ref": "StaticFilter
},
"title": "Additional static items to be added in dropdown filter",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Dropdown Filter widget Configuration",
"type": "object"
}
DropdownItem (type)
{
"additionalProperties": false,
"id": "DropdownItem",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"additional_value": {
"description": "An additional key-value pair for item to be display in dropdown.",
"required": false,
"title": "An additional value for item to be display in dropdown.",
"type": "object"
},
"display_name": {
"description": "expression to extract display name to be shown in the drop down.",
"maxLength": 1024,
"title": "Display name for item to be displayed in dropdown",
"type": "string"
},
"field": {
"description": "An expression that represents the items of the dropdown filter.",
"required": true,
"title": "Expression for dropdown items of filter",
"type": "string"
},
"short_display_name": {
"description": "Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used.",
"maxLength": 1024,
"title": "A property value to be shown once value is selected for a filter.",
"type": "string"
},
"value": {
"description": "Value of filter inside dropdown filter.",
"required": true,
"title": "Value for item to be displayed in dropdown",
"type": "string"
}
},
"title": "Dropdown item definition",
"type": "object"
}
DscpBit (type)
{
"additionalProperties": false,
"description": "To define the Dscp bit in Global In-band network telemetry configuration.",
"extends": {
"$ref": "DscpIndicator
},
"id": "DscpBit",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "DSCP_BIT"
},
"properties": {
"dscp_bit": {
"description": "A DSCP bit is allocated to indicate the existence of INT header. It takes effect only when the INT indicator mode is DSCP_BIT. The user should guarantee that the given DSCP bit is specifically allocated for INT.",
"maximum": 5,
"minimum": 0,
"required": true,
"title": "DSCP bit for indicating the existence of INT header.",
"type": "int"
},
"indicator_type": {
"enum": [
"DSCP_BIT",
"DSCP_VALUE"
],
"required": true,
"title": "The method for indicating the existence of INT header.",
"type": "string"
}
},
"title": "Dscp bit config",
"type": "object"
}
DscpIndicator (type)
{
"abstract": true,
"additionalProperties": false,
"description": "The DscpIndicator is the base class for global In-band network telemetry configurations for different types in a NSX domain.",
"id": "DscpIndicator",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "indicator_type"
},
"properties": {
"indicator_type": {
"enum": [
"DSCP_BIT",
"DSCP_VALUE"
],
"required": true,
"title": "The method for indicating the existence of INT header.",
"type": "string"
}
},
"title": "Abstract base type for Global In-band network telemetry configuration",
"type": "object"
}
DscpTrustMode (type)
{
"default": "TRUSTED",
"description": "When you select the Trusted mode the inner header DSCP value is applied to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic, the outer IP header takes the default value.Untrusted mode is supported on overlay-based and VLAN-based logical port.",
"enum": [
"TRUSTED",
"UNTRUSTED"
],
"id": "DscpTrustMode",
"module_id": "PolicyQoS",
"title": "Trust settings",
"type": "string"
}
DscpValue (type)
{
"additionalProperties": false,
"description": "To define the Dscp value in Global In-band network telemetry configuration.",
"extends": {
"$ref": "DscpIndicator
},
"id": "DscpValue",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "DSCP_VALUE"
},
"properties": {
"dscp_value": {
"description": "A DSCP value is allocated to indicate the existence of INT header. It takes effects only when the INT indicator mode is DSCP_VALUE. The user should guarantee that the given DSCP value is specifically allocated for INT.",
"maximum": 63,
"minimum": 1,
"required": true,
"title": "DSCP value for indicating the existence of INT header.",
"type": "int"
},
"indicator_type": {
"enum": [
"DSCP_BIT",
"DSCP_VALUE"
],
"required": true,
"title": "The method for indicating the existence of INT header.",
"type": "string"
}
},
"title": "Dscp bit config",
"type": "object"
}
DuplicateAddressBindingEntry (type) (Deprecated)
{
"deprecated": true,
"extends": {
"$ref": "AddressBindingEntry
},
"id": "DuplicateAddressBindingEntry",
"module_id": "LogicalPort",
"properties": {
"binding": {
"$ref": "PacketAddressClassifier,
"title": "Combination of IP-MAC-VLAN binding"
},
"binding_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp at which the binding was discovered via snooping or manually specified by the user",
"title": "Timestamp of binding"
},
"conflicting_port": {
"description": "Provides the ID of the port on which the same address bidning exists",
"required": false,
"title": "ID of logical port with the same address binding",
"type": "string"
},
"source": {
"$ref": "AddressBindingSource,
"default": "UNKNOWN",
"description": "Source from which the address binding entry was obtained",
"title": "Address binding source"
}
},
"title": "Duplicate address binding information",
"type": "object"
}
DuplicateIPDetectionOptions (type)
{
"additionalProperties": false,
"description": "Contains dupliacte IP detection related discovery options.",
"id": "DuplicateIPDetectionOptions",
"module_id": "PolicyIpDiscovery",
"properties": {
"duplicate_ip_detection_enabled": {
"default": false,
"description": "Indicates whether duplicate IP detection should be enabled",
"required": false,
"title": "Duplicate IP detection",
"type": "boolean"
}
},
"title": "Controls duplicate IP detection options",
"type": "object"
}
DynamicContentFilterQueryParameter (type)
{
"additionalProperties": false,
"id": "DynamicContentFilterQueryParameter",
"properties": {
"scope": {
"enum": [
"NAPP"
],
"title": "Restrict scope of dynamic content filters to report",
"type": "string"
}
},
"type": "object"
}
DynamicContentFilterValue (type)
{
"id": "DynamicContentFilterValue",
"title": "Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES",
"type": "string"
}
DynamicContentFilters (type)
{
"additionalProperties": false,
"id": "DynamicContentFilters",
"properties": {
"dynamic_content_filters": {
"description": "These filter values will be set by the remote node like the NSX Intelligence Platform for instance. We would not need to know or act on these dynamic content filters, except for passing them on as request parameters along with the support bundle collection API.",
"items": {
"$ref": "DynamicContentFilterValue
},
"title": "Support bundle content filter allowed values",
"type": "array"
}
},
"type": "object"
}
EPActionForDnsForwarderRequestParameters (type)
{
"id": "EPActionForDnsForwarderRequestParameters",
"module_id": "PolicyDnsForwarder",
"properties": {
"action": {
"description": "The valid DNS forwarder actions to be performed on EP are, - clear_cache: Clear the current cache of the dns forwarder from specified enforcement point.",
"enum": [
"clear_cache"
],
"required": true,
"title": "An action to be performed for DNS forwarder on EP",
"type": "string"
},
"enforcement_point_path": {
"default": "/infra/sites/default/enforcement-points/default",
"description": "An enforcement point path, on which the action is to be performed. If not specified, default enforcement point path, /infra/sites/default/enforcement-points/default will be considered.",
"required": false,
"title": "An enforcement point path, on which the action is to be performed",
"type": "string"
}
},
"type": "object"
}
EULAAcceptance (type)
{
"additionalProperties": false,
"description": "Indicate the status of End User License Agreement acceptance",
"extends": {
"$ref": "ManagedResource
},
"id": "EULAAcceptance",
"module_id": "EULA",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"acceptance": {
"description": "Acceptance status of End User License Agreement",
"required": true,
"title": "End User License Agreement acceptance status",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "EULA acceptance status",
"type": "object"
}
EULAContent (type)
{
"additionalProperties": false,
"description": "End User License Agreement content",
"extends": {
"$ref": "ManagedResource
},
"id": "EULAContent",
"module_id": "EULA",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"content": {
"description": "Content of End User License Agreement",
"required": true,
"sensitive": true,
"title": "End User License Agreement content",
"type": "secure_string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "EULA content",
"type": "object"
}
EULAOutputFormatRequestParameters (type)
{
"additionalProperties": false,
"description": "Indicate output format of End User License Agreement content",
"extends": {
"$ref": "ListRequestParameters
},
"id": "EULAOutputFormatRequestParameters",
"module_id": "EULA",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"value_format": {
"title": "End User License Agreement content output format",
"type": "string"
}
},
"type": "object"
}
EdgeClusterNodeType (type)
{
"enum": [
"EDGE_NODE",
"PUBLIC_CLOUD_GATEWAY_NODE",
"UNKNOWN"
],
"id": "EdgeClusterNodeType",
"module_id": "EdgeCommonTypes",
"title": "Supported edge cluster node type.",
"type": "string"
}
EdgeConfigurationState (type)
{
"additionalProperties": false,
"description": "This contains fields that captures state of Trackable entities. Edge and VPN state entities extend this object.",
"extends": {
"$ref": "ConfigurationState
},
"id": "EdgeConfigurationState",
"module_id": "LogicalRouter",
"properties": {
"details": {
"items": {
"$ref": "ConfigurationStateElement
},
"readonly": true,
"required": false,
"title": "Array of configuration state of various sub systems",
"type": "array"
},
"failure_code": {
"readonly": true,
"required": false,
"title": "Error code",
"type": "integer"
},
"failure_message": {
"readonly": true,
"required": false,
"title": "Error message in case of failure",
"type": "string"
},
"pending_change_list": {
"description": "Request identifier of the API which modified the entity.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of pending changes",
"type": "array"
},
"state": {
"description": "Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. \"in_sync\" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to \"success\". Please note, failed state is deprecated.",
"enum": [
"pending",
"in_progress",
"success",
"failed",
"partial_success",
"orphaned",
"unknown",
"error",
"in_sync",
"NOT_AVAILABLE",
"VM_DEPLOYMENT_QUEUED",
"VM_DEPLOYMENT_IN_PROGRESS",
"VM_DEPLOYMENT_FAILED",
"VM_POWER_ON_IN_PROGRESS",
"VM_POWER_ON_FAILED",
"REGISTRATION_PENDING",
"NODE_NOT_READY",
"NODE_READY",
"VM_POWER_OFF_IN_PROGRESS",
"VM_POWER_OFF_FAILED",
"VM_UNDEPLOY_IN_PROGRESS",
"VM_UNDEPLOY_FAILED",
"VM_UNDEPLOY_SUCCESSFUL",
"EDGE_CONFIG_ERROR",
"VM_DEPLOYMENT_RESTARTED",
"REGISTRATION_FAILED",
"TRANSPORT_NODE_SYNC_PENDING",
"TRANSPORT_NODE_CONFIGURATION_MISSING",
"EDGE_HARDWARE_NOT_SUPPORTED",
"MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED",
"TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER",
"TZ_ENDPOINTS_NOT_SPECIFIED",
"NO_PNIC_PREPARED_IN_EDGE",
"APPLIANCE_INTERNAL_ERROR",
"VTEP_DHCP_NOT_SUPPORTED",
"UNSUPPORTED_HOST_SWITCH_PROFILE",
"UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED",
"HOSTSWITCH_PROFILE_NOT_FOUND",
"LLDP_SEND_ENABLED_NOT_SUPPORTED",
"UNSUPPORTED_NAMED_TEAMING_POLICY",
"LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM",
"LACP_NOT_SUPPORTED_FOR_EDGE_VM",
"STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM",
"MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE",
"UNSUPPORTED_LACP_LB_ALGO_FOR_NODE",
"EDGE_NODE_VERSION_NOT_SUPPORTED",
"NO_PNIC_SPECIFIED_IN_TN",
"INVALID_PNIC_DEVICE_NAME",
"TRANSPORT_NODE_READY",
"VM_NETWORK_EDIT_PENDING",
"UNSUPPORTED_DEFAULT_TEAMING_POLICY",
"MPA_DISCONNECTED",
"VM_RENAME_PENDING",
"VM_CONFIG_EDIT_PENDING",
"VM_NETWORK_EDIT_FAILED",
"VM_RENAME_FAILED",
"VM_CONFIG_EDIT_FAILED",
"VM_CONFIG_DISCREPANCY",
"VM_NODE_REFRESH_FAILED",
"VM_PLACEMENT_REFRESH_FAILED",
"REGISTRATION_TIMEDOUT",
"REPLACE_FAILED",
"UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED",
"LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING",
"DELETE_VM_IN_REDEPLOY_FAILED",
"DEPLOY_VM_IN_REDEPLOY_FAILED",
"INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE",
"VM_RESOURCE_RESERVATION_FAILED",
"DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER",
"DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"EDGE_NODE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE",
"EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE",
"COMPUTE_MANAGER_NOT_FOUND",
"DELETE_IN_PROGRESS",
"ADVANCED_CONFIG_EDIT_FAILED",
"UPT_MODE_REALIZATION_POLL_TIMED_OUT",
"DATAPATH_CONFIGURATION_EDIT_FAILED",
"MAINTENANCE_MODE_ENABLED",
"ERROR_IN_ENABLE_MAINTENANCE_MODE",
"ERROR_IN_DISABLE_MAINTENANCE_MODE",
"CONFIGURE_UPT_ON_VM_FAILED",
"VM_VERSION_IS_UPT_INCOMPATIBLE",
"DELETE_FAILED_FOR_DIFFERENT_MOREF_ID",
"DELETE_FAILED_ON_VM_NOT_FOUND",
"DELETE_FAILED_FOR_NON_LCM_EDGE",
"ADVANCED_CONFIG_EDIT_PENDING",
"DUPLICATE_VLANS_SHARING_SAME_PNIC",
"MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"REDEPLOY_ACTIVITY_FAILED",
"REDEPLOY_ACTIVITY_IN_PROGRESS",
"REDEPLOY_ACTIVITY_SCHEDULED",
"REDEPLOY_ACTIVITY_SUCCESSFUL",
"REPLACE_ACTIVITY_FAILED",
"REPLACE_ACTIVITY_IN_PROGRESS",
"REPLACE_ACTIVITY_SCHEDULED",
"REPLACE_ACTIVITY_SUCCESSFUL",
"REPLACED_RPC_CLIENT_OF_TN",
"RETRYING_REPLACE",
"UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR",
"VM_REDEPLOY_FAILED",
"VM_RESOURCE_RESERVATION_EDIT_PENDING",
"REDEPLOYED_VM_REGISTRATION_PENDING"
],
"readonly": true,
"required": true,
"title": "Overall state of desired configuration",
"type": "string"
}
},
"title": "Configuration State for Edge and VPN entities.",
"type": "object"
}
EdgeTransportNodeDatapathMemoryPoolUsage (type)
{
"additionalProperties": false,
"description": "Datapath memory pool usage value.",
"id": "EdgeTransportNodeDatapathMemoryPoolUsage",
"module_id": "ApplianceStats",
"properties": {
"description": {
"description": "Description of the memory pool.",
"readonly": true,
"title": "Description of the memory pool",
"type": "string"
},
"name": {
"description": "Name of the datapath memory pool as available on edge node CLI.",
"readonly": true,
"title": "Name of the datapath memory pool",
"type": "string"
},
"usage": {
"description": "Percentage of memory pool in use.",
"readonly": true,
"title": "Percentage of memory pool in use",
"type": "number"
}
},
"title": "Usage of datapath memory pool",
"type": "object"
}
EdgeTransportNodeDatapathMemoryUsage (type)
{
"additionalProperties": false,
"description": "Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage.",
"id": "EdgeTransportNodeDatapathMemoryUsage",
"module_id": "ApplianceStats",
"properties": {
"datapath_heap_usage": {
"description": "Percentage of heap memory in use.",
"readonly": true,
"title": "Percentage of heap memory in use",
"type": "number"
},
"datapath_mem_pools_usage": {
"items": {
"$ref": "EdgeTransportNodeDatapathMemoryPoolUsage,
"description": "Per memory pool percentage in use.",
"readonly": true,
"title": "Per memory pool percentage in use"
},
"type": "array"
},
"highest_datapath_mem_pool_usage": {
"description": "Highest percentage usage value among datapath memory pools.",
"readonly": true,
"title": "Highest percentage usage value among datapath memory pools",
"type": "number"
},
"highest_datapath_mem_pool_usage_names": {
"items": {
"description": "List of datapath memory pool(s) with highest usage.",
"readonly": true,
"title": "Datapath memory pool(s) with highest usage",
"type": "string"
},
"type": "array"
}
},
"title": "Detailed view of the datapath memory usage. Details out the heap and per memory pool usage",
"type": "object"
}
EdgeTransportNodeMemoryUsage (type)
{
"additionalProperties": false,
"description": "Point in time usage of system, datapath, swap and cache memory in edge node.",
"id": "EdgeTransportNodeMemoryUsage",
"module_id": "ApplianceStats",
"properties": {
"cache_usage": {
"description": "Percentage of RAM on the system that can be flushed out to disk.",
"readonly": true,
"title": "Percentage of RAM on the system that can be flushed out to disk",
"type": "number"
},
"datapath_mem_usage_details": {
"$ref": "EdgeTransportNodeDatapathMemoryUsage,
"description": "Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage.",
"readonly": true,
"title": "Detailed view of the datapath memory usage. Details out the heap and per memory pool usage"
},
"datapath_total_usage": {
"description": "Percentage of memory in use by datapath processes which includes RES and hugepage memory.",
"readonly": true,
"title": "Percentage of memory in use by datapath processes",
"type": "number"
},
"swap_usage": {
"description": "Percentage of swap disk in use.",
"readonly": true,
"title": "Percentage of swap disk in use",
"type": "number"
},
"system_mem_usage": {
"description": "Percentage of RAM in use on edge node.",
"readonly": true,
"title": "Percentage of RAM in use on edge node",
"type": "number"
}
},
"title": "Memory usage details of edge node",
"type": "object"
}
EdgeUpgradeStatus (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ComponentUpgradeStatus
},
"id": "EdgeUpgradeStatus",
"module_id": "Upgrade",
"properties": {
"can_rollback": {
"description": "This field indicates whether we can perform upgrade rollback.",
"readonly": true,
"required": false,
"title": "Can perform rollback",
"type": "boolean"
},
"can_skip": {
"readonly": true,
"required": false,
"title": "Can the upgrade of the remaining units in this component be skipped",
"type": "boolean"
},
"component_type": {
"readonly": true,
"required": false,
"title": "Component type for the upgrade status",
"type": "string"
},
"current_version_node_summary": {
"$ref": "NodeSummaryList,
"readonly": true,
"required": false,
"title": "Mapping of current versions of nodes and counts of nodes at the respective versions."
},
"details": {
"readonly": true,
"required": false,
"title": "Details about the upgrade status",
"type": "string"
},
"node_count_at_target_version": {
"description": "Number of nodes of the type and at the component version",
"readonly": true,
"required": false,
"title": "Count of nodes at target component version",
"type": "int"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"pre_upgrade_status": {
"$ref": "UpgradeChecksExecutionStatus,
"readonly": true,
"required": false,
"title": "Pre-upgrade status of the component-type"
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Upgrade status of component",
"type": "string"
},
"target_component_version": {
"readonly": true,
"required": false,
"title": "Target component version",
"type": "string"
}
},
"title": "Status of edge upgrade",
"type": "object"
}
EffectiveProfilesResponse (type)
{
"additionalProperties": false,
"id": "EffectiveProfilesResponse",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"profiles_list": {
"items": {
"$ref": "SwitchingProfileTypeIdEntry
},
"required": false,
"type": "array"
}
},
"title": "Enforcement point request entity",
"type": "object"
}
EgressRateLimiter (type)
{
"extends": {
"$ref": "QoSBaseRateLimiter
},
"id": "EgressRateLimiter",
"module_id": "PolicyQoS",
"polymorphic-type-descriptor": {
"type-identifier": "EgressRateLimiter"
},
"properties": {
"average_bandwidth": {
"default": 0,
"descrption": "Set custom average_bandwidth for the inbound network traffic\nfrom the VM to the logical network based on broadcast.\n",
"minimum": 0,
"title": "Average bandwidth in Mb/s",
"type": "int"
},
"burst_size": {
"default": 0,
"descrption": "Set custom burst_size for the inbound network traffic\nfrom the VM to the logical network based on broadcast.\n",
"minimum": 0,
"title": "Burst size in bytes",
"type": "int"
},
"enabled": {
"required": true,
"type": "boolean"
},
"peak_bandwidth": {
"default": 0,
"descrption": "Set custom peak_bandwidth for the inbound network traffic\nfrom the VM to the logical network based on broadcast.\n",
"minimum": 0,
"title": "Peak bandwidth in Mb/s",
"type": "int"
},
"resource_type": {
"default": "IngressRateLimiter",
"description": "Type rate limiter",
"enum": [
"IngressRateLimiter",
"IngressBroadcastRateLimiter",
"EgressRateLimiter"
],
"required": true,
"type": "string"
}
},
"title": "A shaper that specifies egress rate properties in Mb/s",
"type": "object"
}
EndpointPolicy (type)
{
"additionalProperties": false,
"description": "Ordered list of Endpoint Rules ordered by sequence number of the entries. The maximum number of policies is 25.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "EndpointPolicy",
"module_id": "PolicyGuestIntrospection",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"endpoint_rules": {
"items": {
"$ref": "EndpointRule
},
"required": false,
"title": "Endpoint Rules that are a part of this EndpointPolicy",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"default": 0,
"description": "This field is used to resolve conflicts between maps across domains.",
"maximum": 499,
"minimum": 0,
"required": false,
"title": "Precedence to resolve conflicts across Domains",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of Endpoint Rules\n",
"type": "object"
}
EndpointRule (type)
{
"additionalProperties": false,
"description": "Endpoint Rule comes from user configuration. User configures Endpoint Rule to specify what services are applied on the groups.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "EndpointRule",
"module_id": "PolicyGuestIntrospection",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 50,
"required": true,
"title": "group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"EndpointRule"
],
"relationshipType": "GI_ENTRY_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"default": 0,
"description": "This field is used to resolve conflicts between multiple entries under EndpointPolicy. It will be system default value when not specified by user.",
"maximum": 499,
"minimum": 0,
"required": false,
"title": "Sequence number of this Entry",
"type": "int"
},
"service_profiles": {
"description": "The policy paths of service profiles are listed here. It pecifies what services are applied on the group. Currently only one is allowed.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": true,
"title": "Names of service profiles",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"EndpointRule"
],
"relationshipType": "GI_ENTRY_SERVICE_RELATIONSHIP",
"rightType": [
"PolicyServiceProfile"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Endpoint Rule for guest introspection.",
"type": "object"
}
EnforcedStatusDetailsNsxT (type)
{
"additionalProperties": false,
"description": "Detailed Realized Status of an intent object on an NSX-T type of enforcement point. This is a detailed view of the Realized Status of an intent object from an NSX-T enforcement point perspective.",
"id": "EnforcedStatusDetailsNsxT",
"module_id": "PolicyRealizationStatus",
"properties": {
"enforced_status_info": {
"$ref": "EnforcedStatusInfoNsxT,
"description": "Information about the realized status of the intent on this enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info.",
"readonly": true,
"title": "Enforced Realized Status Info"
},
"pending_changes_info": {
"$ref": "PendingChangesInfoNsxT,
"description": "Information about pending changes, if any, that aren't reflected in the Enforced Realized Status.",
"readonly": true,
"title": "Pending Changes Info"
}
},
"title": "NSX-T Enforced Realized Status Details",
"type": "object"
}
EnforcedStatusInfoNsxT (type)
{
"additionalProperties": false,
"description": "Information about the realized status of the intent object on an NSX-T type of enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info. In addition to the realized status across all scopes, this information holds details about enforced realized status per scope.",
"id": "EnforcedStatusInfoNsxT",
"module_id": "PolicyRealizationStatus",
"properties": {
"enforced_status": {
"$ref": "EnforcedStatusNsxT,
"description": "Consolidated Realized Status of an Intent object across all scopes of an NSX-T type of enforcement point.",
"readonly": true,
"title": "Enforced Realized Status"
},
"enforced_status_per_scope": {
"description": "List of Enforced Realized Status per Scope.",
"items": {
"$ref": "EnforcedStatusPerScopeNsxT
},
"readonly": true,
"title": "List of Enforced Realized Status per Scope",
"type": "array"
}
},
"title": "NSX-T Enforced Realized Status Information",
"type": "object"
}
EnforcedStatusNsxT (type)
{
"additionalProperties": false,
"description": "NSX-T Enforced Status.",
"id": "EnforcedStatusNsxT",
"module_id": "PolicyRealizationStatus",
"properties": {
"status": {
"$ref": "RuntimeState,
"description": "Enforced Realized Status.",
"readonly": true,
"title": "Enforced Realized Status"
},
"status_message": {
"description": "Status Message conveying hints depending on the status value.",
"readonly": true,
"title": "Status Message",
"type": "string"
}
},
"title": "NSX-T Enforced Status",
"type": "object"
}
EnforcedStatusPerScopeNsxT (type)
{
"abstract": true,
"additionalProperties": false,
"description": "NSX-T Detailed Realized Status Per Scope.",
"id": "EnforcedStatusPerScopeNsxT",
"module_id": "PolicyRealizationStatus",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"description": "Enforced Realized Status Per Scope Resource Type.",
"enum": [
"TransportNodeSpanEnforcedStatus"
],
"readonly": true,
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "NSX-T Enforced Realized Status Per Scope",
"type": "object"
}
EnforcedStatusPerTransportNode (type)
{
"additionalProperties": false,
"description": "Detailed Realized Status Per Transport Node.",
"id": "EnforcedStatusPerTransportNode",
"module_id": "PolicyRealizationStatus",
"properties": {
"display_name": {
"description": "Display name of the transport node.",
"readonly": true,
"title": "Transport Node Display Name",
"type": "string"
},
"enforced_status": {
"$ref": "EnforcedStatusNsxT,
"description": "Realized Status of an Intent object on this Transport Node.",
"readonly": true,
"title": "Enforced Realized Status"
},
"nsx_id": {
"description": "UUID identifying uniquely the Transport Node.",
"readonly": true,
"title": "Transport Node Identifier",
"type": "string"
},
"path": {
"description": "Policy Path referencing the transport node.",
"readonly": true,
"title": "Transport Node Path",
"type": "string"
}
},
"title": "Enforced Realized Status Per Transport Node",
"type": "object"
}
EnforcementPoint (type)
{
"additionalProperties": false,
"description": "Enforcement point is the endpoint where policy configurations are applied.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "EnforcementPoint",
"module_id": "PolicyEnforcementPointManagement",
"policy_hierarchical_children": [
"ChildPolicyEdgeCluster",
"ChildPolicyTransportZone"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"auto_enforce": {
"default": true,
"description": "Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.",
"title": "Auto Enforce Flag",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"connection_info": {
"$ref": "EnforcementPointConnectionInfo,
"description": "Connection Info of the Enforcement Point.",
"required": true,
"title": "Enforcement Point Connection Info"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"version": {
"description": "Version of the Enforcement point.",
"readonly": true,
"title": "Enforcement point Version",
"type": "string"
}
},
"title": "Enforcement Point",
"type": "object"
}
EnforcementPointConnectionInfo (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Contains information required to connect to enforcement point.",
"id": "EnforcementPointConnectionInfo",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"enforcement_point_address": {
"description": "Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be \"10.192.1.1\" - On an NSX-T MP running on custom port, the value could be \"192.168.1.1:32789\" - On an NSX-T MP in VMC deployments, the value could be \"192.168.1.1:5480/nsxapi\"",
"required": true,
"title": "Enforcement Point Address",
"type": "string"
},
"resource_type": {
"description": "Resource Type of Enforcement Point Connection Info.",
"enum": [
"NSXTConnectionInfo",
"NSXVConnectionInfo",
"CvxConnectionInfo",
"AviConnectionInfo"
],
"required": true,
"title": "Connection Info Resource Type",
"type": "string"
}
},
"title": "Enforcement Point Connection Info",
"type": "object"
}
EnforcementPointListRequestParameters (type)
{
"additionalProperties": false,
"description": "Enforcement point list request parameters.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "EnforcementPointListRequestParameters",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Enforcement Point List Request Parameters",
"type": "object"
}
EnforcementPointListResult (type)
{
"additionalProperties": false,
"description": "Paged collection of enforcement points.",
"extends": {
"$ref": "ListResult
},
"id": "EnforcementPointListResult",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Enforcement Point list Results.",
"items": {
"$ref": "EnforcementPoint
},
"required": true,
"title": "Enforcement Point List Results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of EnforcementPoints",
"type": "object"
}
EnforcementPointRequest (type)
{
"additionalProperties": false,
"id": "EnforcementPointRequest",
"module_id": "PolicyConnectivity",
"properties": {
"enforcement_point_path": {
"description": "Policy path of enforcement point on request is to be made.",
"title": "Enforcement point path",
"type": "string"
}
},
"title": "Enforcement point request entity",
"type": "object"
}
EntityInstanceCountConstraintExpression (type)
{
"additionalProperties": false,
"description": "Represents the leaf level constraint to restrict the number of instances of an entity type that can be created. Lowering the limit on the number of instances of a given type is allowed even in cases where there are instances more than the specified limit already in the system. In this case, creation of new instances of that type will be disallowed unless the number of instances goes below the limit. One of the main usage of this expression is to implement Quotas in the multi-tenancy context. It allows to limit the number of resources which can be created inside a Project or Vpc. It also forbids consumption of specific resource by putting its entity count to 0. Note that, update/delete operations will continue to be allowed on already created instances.",
"extends": {
"$ref": "ConstraintExpression
},
"id": "EntityInstanceCountConstraintExpression",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"type-identifier": "EntityInstanceCountConstraintExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"count": {
"description": "Instance count.",
"required": true,
"title": "Instance count.",
"type": "integer"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"operator": {
"required": true,
"title": "Operations supported '<' and '<='.",
"type": "string"
},
"resource_type": {
"enum": [
"ValueConstraintExpression",
"RelatedAttributeConditionalExpression",
"EntityInstanceCountConstraintExpression",
"FieldSanityConstraintExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"target_resource_type": {
"description": "Target resource type accepts input as DTO Type or FQDN. It also supports dot format like SecurityPolicy.Rule in a scenario where same DTO type shared across across policy sub tree. For example DTO type Rule shared by both security policy and gateway policy rules. So to specify any constraint for Security policy rule, user can define the target resource type SecurityPolicy.Rule.",
"required": false,
"title": "Resource type of the target entity. This needs to be set for all\ncases where the target does not specify the type.\n",
"type": "string"
}
},
"title": "Represents the leaf level constraint to restrict the number instances of type.",
"type": "object"
}
EpochMsTimestamp (type)
{
"id": "EpochMsTimestamp",
"module_id": "Common",
"title": "Timestamp in milliseconds since epoch",
"type": "integer"
}
ErrorClass (type)
{
"additionalProperties": false,
"id": "ErrorClass",
"module_id": "Upgrade",
"properties": {
"error_code": {
"description": "Error code for the error/warning",
"readonly": true,
"required": true,
"title": "Error code",
"type": "integer"
},
"error_message": {
"description": "Error/warning message",
"readonly": true,
"required": true,
"title": "Error/warning message",
"type": "string"
}
},
"type": "object"
}
ErrorInfo (type)
{
"additionalProperties": false,
"id": "ErrorInfo",
"module_id": "InventoryCmObj",
"properties": {
"error_code": {
"description": "Error code of the error.",
"readonly": false,
"required": false,
"title": "Error code",
"type": "int"
},
"error_message": {
"readonly": true,
"required": true,
"title": "Error message",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"required": true,
"title": "Timestamp when the error occurred"
}
},
"title": "Error information",
"type": "object"
}
ErrorResolverInfo (type)
{
"additionalProperties": false,
"description": "Metadata related to a given error_id",
"id": "ErrorResolverInfo",
"module_id": "ErrorResolver",
"properties": {
"error_id": {
"required": true,
"title": "The error id for which metadata information is needed",
"type": "integer"
},
"resolver_present": {
"required": true,
"title": "Indicates whether there is a resolver associated with the error or not",
"type": "boolean"
},
"user_metadata": {
"$ref": "ErrorResolverUserMetadata,
"required": false,
"title": "User supplied metadata that might be required by the resolver"
}
},
"type": "object"
}
ErrorResolverInfoList (type)
{
"additionalProperties": false,
"id": "ErrorResolverInfoList",
"module_id": "ErrorResolver",
"properties": {
"results": {
"items": {
"$ref": "ErrorResolverInfo
},
"required": true,
"title": "ErrorResolverInfo list",
"type": "array"
}
},
"title": "Collection of all registered ErrorResolverInfo",
"type": "object"
}
ErrorResolverMetadata (type)
{
"additionalProperties": false,
"description": "Error along with its metadata",
"id": "ErrorResolverMetadata",
"module_id": "ErrorResolver",
"properties": {
"entity_id": {
"required": true,
"title": "The entity/node UUID where the error has occurred.",
"type": "string"
},
"error_id": {
"required": true,
"title": "The error id as reported by the entity where the error occurred.",
"type": "integer"
},
"system_metadata": {
"$ref": "ErrorResolverSystemMetadata,
"required": false,
"title": "This can come from some external system like syslog collector"
},
"user_metadata": {
"$ref": "ErrorResolverUserMetadata,
"required": false,
"title": "User supplied metadata that might be required by the resolver"
}
},
"type": "object"
}
ErrorResolverMetadataList (type)
{
"additionalProperties": false,
"description": "List of errors with their metadata",
"id": "ErrorResolverMetadataList",
"module_id": "ErrorResolver",
"properties": {
"errors": {
"items": {
"$ref": "ErrorResolverMetadata
},
"required": true,
"title": "List of errors with their corresponding metadata.",
"type": "array"
}
},
"type": "object"
}
ErrorResolverSystemMetadata (type)
{
"additionalProperties": false,
"description": "Metadata fetched from an external system like Syslog or LogInsight.",
"id": "ErrorResolverSystemMetadata",
"module_id": "ErrorResolver",
"properties": {
"value": {
"required": false,
"title": "The value fetched from another system",
"type": "string"
}
},
"type": "object"
}
ErrorResolverUserInputData (type)
{
"additionalProperties": false,
"description": "Corresponds to one property entered by the user",
"id": "ErrorResolverUserInputData",
"module_id": "ErrorResolver",
"properties": {
"data_type": {
"enum": [
"TEXT",
"NUMBER",
"PASSWORD"
],
"required": true,
"title": "The datatype of the given property. Useful for data validation",
"type": "string"
},
"property_name": {
"required": true,
"title": "Name of the property supplied by the user",
"type": "string"
},
"property_value": {
"required": false,
"title": "The value associated with the above property",
"type": "string"
}
},
"type": "object"
}
ErrorResolverUserMetadata (type)
{
"additionalProperties": false,
"description": "User supplied metadata needed for resolving errors",
"id": "ErrorResolverUserMetadata",
"module_id": "ErrorResolver",
"properties": {
"user_input_list": {
"items": {
"$ref": "ErrorResolverUserInputData
},
"required": false,
"title": "List of user supplied input data.",
"type": "array"
}
},
"type": "object"
}
EtherTypeServiceEntry (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ServiceEntry
},
"id": "EtherTypeServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "EtherTypeServiceEntry"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"ether_type": {
"required": true,
"title": "Type of the encapsulated protocol",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"IPProtocolServiceEntry",
"IGMPTypeServiceEntry",
"ICMPTypeServiceEntry",
"ALGTypeServiceEntry",
"L4PortSetServiceEntry",
"EtherTypeServiceEntry",
"NestedServiceServiceEntry"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A ServiceEntry that represents an ethertype protocol",
"type": "object"
}
EthernetHeader (type)
{
"additionalProperties": false,
"id": "EthernetHeader",
"module_id": "Traceflow",
"properties": {
"dst_mac": {
"description": "The destination MAC address of form: \"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$\". For example: 00:00:00:00:00:00.",
"required": false,
"title": "Destination MAC address of the Ethernet header",
"type": "string"
},
"eth_type": {
"default": 2048,
"description": "This field defaults to IPv4.",
"maximum": 65535,
"minimum": 1,
"required": false,
"title": "The value of the type field to be put into the Ethernet header",
"type": "integer"
},
"src_mac": {
"description": "The source MAC address of form: \"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$\". For example: 00:00:00:00:00:00.",
"required": false,
"title": "Source MAC address of the Ethernet header",
"type": "string"
}
},
"type": "object"
}
Evaluation (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Criterion Evaluation is the basic logical condition to evaluate whether the event could be potentially met.",
"id": "Evaluation",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"description": "Criterion Evaluation resource type.",
"enum": [
"SourceFieldEvaluation"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Criterion Evaluation",
"type": "object"
}
Event (type)
{
"additionalProperties": false,
"description": "The Event is the criterion or criteria applied to the source and, when met, prompt Policy to run the action. All Reaction Events are constructed with reference to the object, the \"source\", that is logically deemed to be the object upon which the Event in question initially occurred upon. Some example events include: - New object was created. - Change in realization state. - Specific API is called.",
"id": "Event",
"module_id": "PolicyReaction",
"properties": {
"criteria": {
"description": "Criteria applied to the source and, if satisfied, would trigger the action. Criteria is composed of criterions. In order for the Criteria to be met, only one of the criterion must be fulfilled (implicit OR).",
"items": {
"$ref": "Criterion
},
"title": "Event Criteria",
"type": "array"
},
"source": {
"$ref": "Source,
"description": "Source that is logically deemed to be the \"object\" upon which the Event in question initially occurred upon.",
"required": true,
"title": "Event Source"
}
},
"title": "Reaction Event",
"type": "object"
}
EvpnConfig (type)
{
"additionalProperties": false,
"description": "Evpn Configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "EvpnConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"advanced_config": {
"$ref": "EvpnConfigAdvancedConfig,
"description": "Advanced configuration for evpn config.",
"required": false,
"title": "Advanced configuration for evpn config"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"encapsulation_method": {
"$ref": "EvpnEncapConfig,
"description": "Encapsulation method for EVPN service that is used by the transport layer.",
"required": false,
"title": "Encapsulation method for EVPN."
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mode": {
"default": "DISABLE",
"description": "In INLINE mode, edge nodes participate both in the BGP EVPN control plane route exchange and in data path tunneling between edge nodes and data center gateways. In ROUTE_SERVER mode, edge nodes participate in the BGP EVPN control plane route exchanges only and do not participate in the data forwarding, i.e., the data path tunnels are directly established between the hypervisors and the data center gateways. DISABLE mode disables EVPN service capability.",
"enum": [
"INLINE",
"ROUTE_SERVER",
"DISABLE"
],
"required": false,
"title": "EVPN service mode",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Evpn Configuration",
"type": "object"
}
EvpnConfigAdvancedConfig (type)
{
"additionalProperties": false,
"description": "NSX specific configuration for evpn config",
"id": "EvpnConfigAdvancedConfig",
"module_id": "PolicyConnectivity",
"properties": {},
"title": "Advanced configuration for evpn config",
"type": "object"
}
EvpnEncapConfig (type)
{
"additionalProperties": false,
"description": "Encapsulation method for EVPN.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "EvpnEncapConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"evpn_tenant_config_path": {
"required": false,
"title": "EVPN tenant config path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"EvpnConfig"
],
"relationshipType": "EVPN_CONFIG_TENANT_CONFIG_RELATIONSHIP",
"rightType": [
"EvpnTenantConfig"
]
}
]
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"vni_pool_path": {
"required": false,
"title": "vni pool path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"EvpnConfig"
],
"relationshipType": "EVPN_CONFIG_VNIPOOL_CONFIG_RELATIONSHIP",
"rightType": [
"VniPoolConfig"
]
}
]
}
},
"title": "Encapsulation method for EVPN",
"type": "object"
}
EvpnTenantConfig (type)
{
"additionalProperties": false,
"description": "This resource is relevant only when Evpn Service is configured in ROUTE-SERVER mode. The resource defines Vlans to VNIs mappings used by Evpn tenant VMs for overlay VXLAN transmission when attached to vRouter. The resource contains overlay transport_zone_path and vni_pool_path to orchestrate creation of child Logical-Switches.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "EvpnTenantConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mappings": {
"description": "This property specifies a mapping spec of incoming Evpn tenant vlan-ids to VXLAN VNIs used for overlay transmission to Physical-Gateways used by vRouters.",
"items": {
"$ref": "VlanVniRangePair
},
"maxItems": 2000,
"minItems": 1,
"required": true,
"title": "VLANs to VNIs mapping spec",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_zone_path": {
"description": "Policy path to transport zone. Only overlay transport zone is supported.",
"required": true,
"title": "Policy path to the transport zone",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"EvpnTenantConfig"
],
"relationshipType": "EVPN_TENANT_CONFIG_TZ_CONFIG_RELATIONSHIP",
"rightType": []
}
]
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"vni_pool_path": {
"description": "Policy path to the vni pool used for Evpn in ROUTE-SERVER mode.",
"required": true,
"title": "Policy path to the vni pool",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"EvpnTenantConfig"
],
"relationshipType": "EVPN_TENANT_CONFIG_VNIPOOL_CONFIG_RELATIONSHIP",
"rightType": []
}
]
}
},
"title": "Evpn Tenant Configuration for Evpn in ROUTE-SERVER mode.",
"type": "object"
}
EvpnTunnelEndpointConfig (type)
{
"additionalProperties": false,
"description": "Evpn Tunnel Endpoint Configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "EvpnTunnelEndpointConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"edge_path": {
"required": true,
"title": "edge path",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"local_addresses": {
"items": {
"$ref": "IPv4Address
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "local addresses",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mtu": {
"maximum": 9100,
"minimum": 64,
"required": false,
"title": "MTU",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Evpn Tunnel Endpoint Configuration",
"type": "object"
}
ExcludedMembersList (type)
{
"additionalProperties": false,
"description": "Represents the list of members that need to be excluded",
"id": "ExcludedMembersList",
"module_id": "Policy",
"properties": {
"ip_address_expression": {
"$ref": "IPAddressExpression,
"required": false,
"title": "IP addresses which need to be excluded"
},
"path_expression": {
"$ref": "PathExpression,
"description": "Paths can be only IP address based groups. Upto 50 paths are allowed.",
"required": false,
"title": "Paths which need to be excluded."
}
},
"title": "Represents the list of members that need to be excluded",
"type": "object"
}
ExportRequestParameter (type)
{
"additionalProperties": false,
"description": "This holds the request parameters required to invoke export task.",
"id": "ExportRequestParameter",
"module_id": "PolicyTask",
"properties": {
"draft_path": {
"description": "Policy path of a draft which is to be exported. If not provided, current firewall configuration will then be exported.",
"required": false,
"title": "Policy path of draft",
"type": "string"
},
"passphrase": {
"description": "Passphrase to sign exported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character.",
"required": true,
"sensitive": true,
"title": "Passphrase to sign exported files",
"type": "secure_string",
"validation_msg_key": "com.vmware.nsx.validation.constraints.BackupRestore.weak_passprase.message"
}
},
"title": "Export task request parameters",
"type": "object"
}
ExportTask (type)
{
"additionalProperties": false,
"description": "This object holds the information of the export task.",
"extends": {
"$ref": "PolicyTask
},
"id": "ExportTask",
"module_id": "PolicyTask",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"async_response_available": {
"display": {
"order": 13
},
"readonly": true,
"title": "True if response for asynchronous request is available",
"type": "boolean"
},
"cancelable": {
"display": {
"order": 8
},
"readonly": true,
"title": "True if this task can be canceled",
"type": "boolean"
},
"description": {
"display": {
"order": 2
},
"readonly": true,
"title": "Description of the task",
"type": "string"
},
"draft_path": {
"description": "Policy path of a draft if this is an export task to export draft configuration.",
"readonly": true,
"title": "Policy path of a draft",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"display": {
"order": 6
},
"readonly": true,
"title": "The end time of the task in epoch milliseconds"
},
"exported_file": {
"description": "Name of the exported file generated after completion of export task.",
"readonly": true,
"title": "Name of the exported file",
"type": "string"
},
"failure_msg": {
"description": "This property holds the reason of the task failure, if any.",
"readonly": true,
"title": "Reason of the task failure",
"type": "string"
},
"id": {
"display": {
"order": 1
},
"readonly": true,
"title": "Identifier for this task",
"type": "string"
},
"message": {
"display": {
"order": 4
},
"readonly": true,
"title": "A message describing the disposition of the task",
"type": "string"
},
"progress": {
"display": {
"order": 7
},
"maximum": 100,
"minimum": 0,
"readonly": true,
"title": "Task progress if known, from 0 to 100",
"type": "integer"
},
"request_method": {
"display": {
"order": 12
},
"readonly": true,
"title": "HTTP request method",
"type": "string"
},
"request_uri": {
"display": {
"order": 11
},
"readonly": true,
"title": "URI of the method invocation that spawned this task",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"display": {
"order": 5
},
"readonly": true,
"title": "The start time of the task in epoch milliseconds"
},
"status": {
"$ref": "TaskStatus,
"display": {
"order": 3
},
"readonly": true,
"title": "Current status of the task"
},
"user": {
"display": {
"order": 10
},
"readonly": true,
"title": "Name of the user who created this task",
"type": "string"
}
},
"title": "Export task information",
"type": "object"
}
Expression (type)
{
"abstract": true,
"additionalProperties": false,
"description": "All the nodes of the expression extend from this abstract class. This is present for extensibility.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Expression",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base class for each node of the expression",
"type": "object"
}
ExternalGatewayBfdConfig (type)
{
"additionalProperties": false,
"description": "Configuration for BFD session between host nodes and external gateways. If this configuration is not provided, system defaults are applied.",
"id": "ExternalGatewayBfdConfig",
"module_id": "Policy",
"properties": {
"bfd_profile_path": {
"title": "Policy path to Bfd Profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GlobalConfig"
],
"relationshipType": "BFD_CONFIG_GLOBAL_CONFIG_RELATIONSHIP",
"rightType": [
"BfdProfile"
]
}
]
},
"enable": {
"default": true,
"description": "Flag to enable BFD session.",
"title": "Enable BFD session",
"type": "boolean"
}
},
"title": "External Bidirectional Flow Detection configuration",
"type": "object"
}
ExternalIDExpression (type)
{
"additionalProperties": false,
"description": "Represents external ID expressions in the form of an array, to support addition of objects like virtual interfaces, virtual machines, CloudNativeServiceInstance PhysicalServer to a group.",
"extends": {
"$ref": "Expression
},
"id": "ExternalIDExpression",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ExternalIDExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"external_ids": {
"description": "This array can consist of one or more external IDs for the specified member type.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Array of external IDs for the specified member type",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"member_type": {
"enum": [
"VirtualMachine",
"VirtualNetworkInterface",
"CloudNativeServiceInstance",
"PhysicalServer"
],
"required": true,
"title": "External ID member type",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "External ID expression node",
"type": "object"
}
FIPSGlobalConfig (type)
{
"additionalProperties": false,
"description": "Global configuration",
"id": "FIPSGlobalConfig",
"module_id": "Policy",
"properties": {
"lb_fips_enabled": {
"default": true,
"deprecated": true,
"description": "This is a deprecated property which is always set as true. When this flag is set to true FIPS mode will be set on ssl encryptions of load balancer feature.",
"readonly": true,
"required": false,
"title": "A flag to turn on or turn off the FIPS compliance of load balancer feature.",
"type": "boolean"
},
"tls_fips_enabled": {
"default": false,
"description": "When this flag is set to true FIPS mode will be set on ssl encryptions of TLS inspection feature.",
"readonly": true,
"required": false,
"title": "A flag to turn on or turn off the FIPS compliance of TLS inspection feature.",
"type": "boolean"
}
},
"title": "Global configuration",
"type": "object"
}
FailedNodeSupportBundleResult (type)
{
"additionalProperties": false,
"id": "FailedNodeSupportBundleResult",
"properties": {
"error_code": {
"readonly": true,
"required": true,
"title": "Error code",
"type": "string"
},
"error_message": {
"readonly": true,
"required": true,
"title": "Error message",
"type": "string"
},
"node_display_name": {
"readonly": true,
"required": true,
"title": "Display name of node",
"type": "string"
},
"node_id": {
"readonly": true,
"required": true,
"title": "UUID of node",
"type": "string"
},
"node_ip": {
"readonly": true,
"required": true,
"title": "IPv4 address of node",
"type": "string"
},
"node_ipv6": {
"readonly": true,
"required": true,
"title": "IPv6 address of node",
"type": "string"
}
},
"type": "object"
}
FeatureCompatibilityInfo (type)
{
"description": "Feature status information indicating site configuration compatibility with global manager configuration.",
"id": "FeatureCompatibilityInfo",
"module_id": "GmConfigOnboarding",
"properties": {
"details": {
"items": {
"$ref": "CompatibilityDetail
},
"maxItems": 10,
"readonly": true,
"required": false,
"type": "array"
},
"feature": {
"$ref": "OnboardingFeatureInfo,
"readonly": true,
"required": true
},
"status": {
"$ref": "OnboardingCompatibilityStatus,
"readonly": true,
"required": true,
"title": "Compatibility Status"
}
},
"title": "Feature Compatibility Info",
"type": "object"
}
FeatureConflictInfo (type)
{
"description": "Feature status information with number of conflicting entities and its total count associated with the feature.",
"id": "FeatureConflictInfo",
"module_id": "GmConfigOnboarding",
"properties": {
"conflict_count": {
"description": "Number of conflicting entities with global entities in the feature during an onboarding stage.",
"readonly": true,
"required": false,
"title": "Conflict Count",
"type": "integer"
},
"feature": {
"$ref": "OnboardingFeatureInfo,
"readonly": true,
"required": false
},
"total_count": {
"description": "Total number of entities in the feature during an onboarding stage.",
"readonly": true,
"required": false,
"title": "Total Count",
"type": "integer"
}
},
"title": "Feature Conflict Info",
"type": "object"
}
FeaturePermission (type)
{
"id": "FeaturePermission",
"module_id": "AAA",
"properties": {
"feature": {
"required": true,
"title": "Feature Id",
"type": "string"
},
"feature_description": {
"title": "Feature Description",
"type": "string"
},
"feature_name": {
"title": "Feature Name",
"type": "string"
},
"is_execute_recommended": {
"readonly": true,
"title": "Is execute recommended",
"type": "boolean"
},
"is_internal": {
"readonly": true,
"title": "Is internal",
"type": "boolean"
},
"permission": {
"enum": [
"crud",
"read",
"execute",
"none"
],
"required": true,
"title": "Permission",
"type": "string"
}
},
"title": "Feature Permission",
"type": "object"
}
FeaturePermissionArray (type)
{
"additionalProperties": false,
"id": "FeaturePermissionArray",
"module_id": "AAA",
"properties": {
"feature_permissions": {
"items": {
"$ref": "FeaturePermission
},
"required": true,
"title": "Array of FeaturePermission",
"type": "array"
}
},
"type": "object"
}
FeaturePermissionListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "FeaturePermissionListResult",
"module_id": "AAA",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "FeaturePermission
},
"required": true,
"title": "List results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
FeatureSet (type)
{
"additionalProperties": false,
"description": "Represents list of features required to view the widget.",
"id": "FeatureSet",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"feature_list": {
"description": "List of features required for to view widget.",
"items": {
"type": "string"
},
"title": "List of features required for to view wdiget",
"type": "array"
},
"require_all_permissions": {
"description": "Flag for specifying if permission to all features is required If set to false, then if there is permission for any of the feature from feature list, widget will be available.",
"title": "Flag for specifying if permission to all features is required",
"type": "boolean"
}
},
"title": "List of features required to view the widget",
"type": "object"
}
FeatureSummary (type)
{
"description": "Feature summary defining overall conflicting count against total number of entities.",
"id": "FeatureSummary",
"module_id": "GmConfigOnboarding",
"properties": {
"total_conflict_count": {
"description": "Total number of conflicting entities with global entities accross all features during an onboarding stage.",
"readonly": true,
"required": false,
"title": "Total Conflict Count",
"type": "integer"
},
"total_count": {
"description": "Total number of entities across all features during an onboarding stage.",
"readonly": true,
"required": false,
"title": "Total Count",
"type": "integer"
}
},
"title": "Feature Summary",
"type": "object"
}
FeatureSummaryRequestParameters (type)
{
"additionalProperties": false,
"description": "Feature summary request parameters for a site.",
"id": "FeatureSummaryRequestParameters",
"module_id": "GmConfigOnboarding",
"properties": {
"feature": {
"$ref": "UnsupportedFeature,
"readonly": true,
"required": true
}
},
"title": "Onboarding Feature Summary Request Parameters",
"type": "object"
}
FederationComponentUpgradeStatus (type)
{
"additionalProperties": false,
"id": "FederationComponentUpgradeStatus",
"module_id": "FederationUpgrade",
"properties": {
"component_type": {
"readonly": true,
"required": false,
"title": "Component type for the upgrade status",
"type": "string"
},
"current_version_node_summary": {
"items": {
"$ref": "FederationNodeSummary
},
"readonly": true,
"required": false,
"title": "Mapping of current versions of nodes and counts of nodes at the respective versions.",
"type": "array"
},
"details": {
"readonly": true,
"required": false,
"title": "Details about the upgrade status",
"type": "string"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Upgrade status of component",
"type": "string"
},
"target_version": {
"readonly": true,
"required": false,
"title": "Target component version",
"type": "string"
}
},
"type": "object"
}
FederationConfig (type)
{
"additionalProperties": false,
"description": "Global Manager federation configuration. This configuration is distributed to all Sites participating in federation.",
"id": "FederationConfig",
"module_id": "PolicySiteGM",
"properties": {
"site_config": {
"items": {
"$ref": "SiteFederationConfig
},
"readonly": true,
"title": "Federation configurations of all Sites",
"type": "array"
}
},
"title": "Global Manager federation configuration",
"type": "object"
}
FederationConfiguration (type)
{
"additionalProperties": false,
"description": "Federation configuration.",
"id": "FederationConfiguration",
"module_id": "SiteManagerModule",
"properties": {
"epoch": {
"required": true,
"title": "Epoch",
"type": "integer"
},
"id": {
"required": true,
"title": "Federation id",
"type": "string"
},
"sites": {
"items": {
"$ref": "FederationSite
},
"required": true,
"title": "Sites",
"type": "array"
}
},
"title": "Federation configuration",
"type": "object"
}
FederationConnectivityConfig (type)
{
"additionalProperties": false,
"description": "Additional configuration required for federation.",
"id": "FederationConnectivityConfig",
"module_id": "PolicyConnectivity",
"properties": {
"global_overlay_id": {
"description": "Global id for by Layer3 services for federation usecases.",
"readonly": true,
"title": "Auto generated federation global 24-bit id",
"type": "integer"
}
},
"title": "Federation connectivity configuration",
"type": "object"
}
FederationGatewayConfig (type)
{
"additionalProperties": false,
"description": "Additional gateway configuration required for federation",
"extends": {
"$ref": "FederationConnectivityConfig
},
"id": "FederationGatewayConfig",
"module_id": "PolicyConnectivity",
"properties": {
"global_overlay_id": {
"description": "Global id for by Layer3 services for federation usecases.",
"readonly": true,
"title": "Auto generated federation global 24-bit id",
"type": "integer"
},
"inter_site_transit_vlan_id": {
"nsx_feature": "FedVrf",
"readonly": true,
"required": false,
"title": "inter site transit vlan id\n",
"type": "int"
},
"site_allocation_indices": {
"description": "Indicies for cross site allocation for edge cluster and its members referred by gateway.",
"items": {
"$ref": "SiteAllocationIndexForEdge
},
"readonly": true,
"title": "Indicies for cross site allocation\n",
"type": "array"
},
"transit_segment_id": {
"description": "Global UUID for transit segment id to be used by Layer2 services for federation usecases.",
"readonly": true,
"title": "Auto generated federation global id for transit segment",
"type": "string"
}
},
"title": "Federation gateway configuration",
"type": "object"
}
FederationInvalidConfigurationDetailsResponse (type)
{
"additionalProperties": false,
"id": "FederationInvalidConfigurationDetailsResponse",
"module_id": "GmConfigOnboarding",
"properties": {
"feature": {
"$ref": "OnboardingFeatureInfo,
"description": "Federation feature with invalid configuration for onboarding a site.",
"readonly": true,
"required": false,
"title": "Feature information"
},
"invalid_config_summary": {
"items": {
"$ref": "InvalidConfigSummary
},
"maxItems": 8,
"readonly": true,
"required": false,
"type": "array"
},
"total_count": {
"description": "Total resource count in invalid configuration.",
"readonly": true,
"required": true,
"title": "Total Resource Count",
"type": "integer"
}
},
"title": "Federation Invalid Configuration Details Response",
"type": "object"
}
FederationNodeSummary (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "FederationNodeSummary",
"module_id": "FederationUpgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"node_count": {
"description": "Number of nodes of the type and at the component version.",
"readonly": true,
"required": true,
"title": "Count of nodes",
"type": "int"
},
"version": {
"readonly": true,
"required": true,
"title": "Component version",
"type": "string"
}
},
"type": "object"
}
FederationQueueInfo (type)
{
"description": "Provides insights into details of a specific queue in the flows. For example Global Manager to Local Manager flow, there is a queue on the Global Manager for sending and a queue on Local Manager for receiving.",
"id": "FederationQueueInfo",
"module_id": "FederationObservability",
"properties": {
"current_size": {
"read_only": true,
"title": "Number of messages in the queue",
"type": "integer"
},
"max_size": {
"read_only": true,
"title": "Maixmum capacity of the queue",
"type": "integer"
},
"name": {
"read_only": true,
"title": "Queue name",
"type": "string"
},
"namespace": {
"description": "Every persistent queue has name and namespace. For more debugging like dumping queue, namespace is needed.",
"read_only": true,
"title": "Queue namespace",
"type": "string"
},
"type": {
"enum": [
"TRANSMITTER",
"RECEIVER"
],
"read_only": true,
"title": "Queue type - sender or receiver side",
"type": "string"
}
},
"title": "Details about a specific queue in the flow",
"type": "object"
}
FederationSite (type)
{
"additionalProperties": false,
"description": "Site information.",
"id": "FederationSite",
"module_id": "SiteManagerModule",
"properties": {
"active_gm": {
"enum": [
"ACTIVE",
"STANDBY",
"NONE",
"INVALID"
],
"required": true,
"title": "Does site have active GM",
"type": "string"
},
"aph_list": {
"items": {
"$ref": "AphInfo
},
"required": true,
"title": "Aph services in the site",
"type": "array"
},
"cert_hash": {
"required": false,
"title": "Hash of the trustManagerCert",
"type": "string"
},
"cluster_id": {
"required": false,
"title": "Cluster id",
"type": "string"
},
"config_version": {
"required": false,
"title": "Site config version",
"type": "integer"
},
"id": {
"required": true,
"title": "Id of the site",
"type": "string"
},
"is_federated": {
"required": true,
"title": "Is site federated",
"type": "boolean"
},
"is_local": {
"required": true,
"title": "Is site local",
"type": "boolean"
},
"name": {
"required": true,
"title": "Name of the site",
"type": "string"
},
"node_type": {
"enum": [
"GM",
"LM",
"GM_AND_LM"
],
"required": true,
"title": "Type of node",
"type": "string"
},
"site_version": {
"required": true,
"title": "Version of the site",
"type": "string"
},
"split_brain": {
"required": false,
"title": "Split brain",
"type": "boolean"
},
"system_id": {
"required": true,
"title": "System id",
"type": "integer"
},
"trust_manager_cert": {
"required": false,
"title": "Cert string from trust manager",
"type": "string"
},
"vip_ip": {
"required": false,
"title": "Vip ip",
"type": "string"
}
},
"title": "Site information",
"type": "object"
}
FederationStatus (type)
{
"id": "FederationStatus",
"module_id": "SiteManagerModule",
"properties": {
"active_standby_sync_statuses": {
"items": {
"$ref": "ActiveStandbySyncStatus
},
"required": true,
"title": "Status of synchronization between active and standby sites.",
"type": "array"
},
"remote_connections": {
"items": {
"$ref": "SiteStatus
},
"title": "Site connection status",
"type": "array"
}
},
"type": "object"
}
FederationUpgradeSummary (type)
{
"additionalProperties": false,
"description": "Provides upgrade summary for a specific site.",
"id": "FederationUpgradeSummary",
"module_id": "FederationUpgrade",
"properties": {
"component_status": {
"items": {
"$ref": "FederationComponentUpgradeStatus
},
"readonly": true,
"required": true,
"title": "List of component statuses",
"type": "array"
},
"current_version": {
"description": "This is NSX version for the site.",
"readonly": true,
"required": true,
"title": "Current version of the site",
"type": "string"
},
"gpm_name": {
"description": "Name of the global manager if present.",
"readonly": true,
"required": false,
"title": "Name of the global manager",
"type": "string"
},
"id": {
"description": "Unique identifier of this resource.",
"readonly": true,
"required": true,
"title": "UUID of this resource",
"type": "string"
},
"last_upgrade_timestamp": {
"description": "Indicates the time when the site was upgraded.",
"readonly": true,
"required": false,
"title": "Last upgrade timestamp",
"type": "string"
},
"name": {
"description": "Name of the site.",
"readonly": true,
"required": false,
"title": "Name of the site",
"type": "string"
},
"overall_upgrade_status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Status of upgrade",
"type": "string"
},
"site_id": {
"description": "This is the Site Manager generated UUID for every NSX deployment.",
"readonly": true,
"required": true,
"title": "UUID of the site",
"type": "string"
},
"site_ip": {
"description": "IP address of the site.",
"readonly": true,
"required": true,
"title": "Site IP",
"type": "string"
},
"site_type": {
"description": "Type of this site.",
"enum": [
"ACTIVE_GM_SITE",
"STANDBY_GM_SITE",
"NON_GM_SITE"
],
"readonly": true,
"required": true,
"title": "Site type",
"type": "string"
},
"target_version": {
"description": "This is NSX target version for the site, if it is undergoing upgrade.",
"readonly": true,
"required": false,
"title": "Target version for the site",
"type": "string"
}
},
"title": "Upgrade Summary",
"type": "object"
}
FederationUpgradeSummaryListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "FederationUpgradeSummaryListRequestParameters",
"module_id": "FederationUpgrade",
"properties": {
"current_version": {
"description": "Get upgrade information from sites are at a given version.",
"readonly": false,
"required": false,
"title": "Filter on site current_version",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
FederationUpgradeSummaryListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "FederationUpgradeSummaryListResult",
"module_id": "FederationUpgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "FederationUpgradeSummary
},
"readonly": true,
"title": "Paged collection of site upgrade information",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of site upgrade information",
"type": "object"
}
FieldSanityConstraintExpression (type)
{
"additionalProperties": false,
"description": "Represents the field value constraint to constrain specified field value based on defined sanity checks. Example - For DNS.upstream_servers, all the IP addresses must either be public or private. { \"target\": { \"target_resource_type\": \"DnsForwarderZone\", \"attribute\": \"upstreamServers\", \"path_prefix\": \"/infra/dns-forwarder-zones/\" }, \"constraint_expression\": { \"resource_type\": \"FieldSanityConstraintExpression\", \"operator\": \"OR\", \"checks\": [\"ALL_PUBLIC_IPS\", \"ALL_PRIVATE_IPS\"] } }",
"extends": {
"$ref": "ConstraintExpression
},
"id": "FieldSanityConstraintExpression",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"type-identifier": "FieldSanityConstraintExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"checks": {
"description": "List of sanity checks.",
"items": {
"enum": [
"ALL_PUBLIC_IPS",
"ALL_PRIVATE_IPS",
"ALL_IPV6_CIDRS",
"ALL_IPV6_IPS",
"ALL_IPV4_CIDRS",
"ALL_IPV4_IPS"
],
"type": "string"
},
"required": true,
"title": "Array of sanity checks to be performed on field value",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"operator": {
"enum": [
"OR",
"AND"
],
"required": true,
"title": "A conditional operator",
"type": "string"
},
"resource_type": {
"enum": [
"ValueConstraintExpression",
"RelatedAttributeConditionalExpression",
"EntityInstanceCountConstraintExpression",
"FieldSanityConstraintExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Represents the field value sanity constraint",
"type": "object"
}
FieldSetting (type)
{
"additionalProperties": false,
"description": "Field Setting.",
"id": "FieldSetting",
"module_id": "PolicyReaction",
"properties": {
"field_pointer": {
"description": "Field Pointer.",
"required": true,
"title": "Field Pointer",
"type": "string"
},
"value": {
"$ref": "FieldSettingValue,
"description": "Value that the field must be set to.",
"required": true,
"title": "Value"
}
},
"title": "FieldSetting",
"type": "object"
}
FieldSettingValue (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Field Setting Value.",
"id": "FieldSettingValue",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"description": "Field Setting Value resource type.",
"enum": [
"ConstantFieldValue"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Field Setting Value",
"type": "object"
}
FieldsFilterData (type)
{
"additionalProperties": false,
"extends": {
"$ref": "LiveTraceFilterData
},
"id": "FieldsFilterData",
"module_id": "LiveTrace",
"polymorphic-type-descriptor": {
"type-identifier": "FieldsFilterData"
},
"properties": {
"ip_info": {
"$ref": "IpInfo,
"deprecated": true,
"description": "This property is deprecated. Please use the property network_info instead.",
"required": false,
"title": "IP address information"
},
"network_info": {
"$ref": "NetworkInfo,
"description": "Network layer information.",
"required": false,
"title": "Network layer information"
},
"resource_type": {
"default": "FieldsFilterData",
"enum": [
"FieldsFilterData",
"PlainFilterData"
],
"required": true,
"title": "Filter type",
"type": "string"
},
"transport_info": {
"$ref": "TransportInfo,
"description": "Transport layer information.",
"required": false,
"title": "Transport layer information"
}
},
"type": "object"
}
FieldsPacketData (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PacketData
},
"id": "FieldsPacketData",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "FieldsPacketData"
},
"properties": {
"arp_header": {
"$ref": "ArpHeader,
"required": false,
"title": "The ARP header"
},
"eth_header": {
"$ref": "EthernetHeader,
"required": false,
"title": "The ethernet header"
},
"frame_size": {
"default": 128,
"description": "If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.",
"maximum": 1000,
"minimum": 60,
"required": false,
"title": "Requested total size of the (logical) packet in bytes",
"type": "integer"
},
"ip_header": {
"$ref": "Ipv4Header,
"required": false,
"title": "The IPv4 header"
},
"ipv6_header": {
"$ref": "Ipv6Header,
"required": false,
"title": "The IPv6 header"
},
"payload": {
"description": "Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload contains any data the user wants to put after the transport header.",
"maxLength": 1336,
"required": false,
"title": "RFC3548 compatible base64-encoded payload",
"type": "string"
},
"resource_type": {
"default": "FieldsPacketData",
"enum": [
"BinaryPacketData",
"FieldsPacketData"
],
"required": true,
"title": "Packet configuration",
"type": "string"
},
"routed": {
"description": "When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. However, this flag will not be effective when injecting the traceflow packet to a VLAN backed port. This is because the gateway in this case is a physical gateway that is outside the scope of NSX. Therefore, users need to manually populate the gateway MAC address. If the user still sets this flag in this case, a validation error will be thrown. The scenario where a user injects a packet with a VLAN tag into a parent port is referred to as the traceflow container case. Please note that the value of `routed` depends on the connected network of the child segment rather than the connected network of segment of the parent port in this case. Here is the explanation: The parent port in this context is the port on a segment which is referred to by a SegmentConnectionBindingMap. The bound segment of the SegmentConnectionBindingMap is the child segment. The user-crafted traceflow packet will be directly forwarded to the corresponding child segment of the parent port without interacting with any layer 2 forwarding/layer 3 routing in this scenario. The crafted packet will follow the forwarding/routing polices of the child segment's connected network. For example, if a user injects a crafted packet to port_p, and the segment (seg_p) of port_p is referred to by the binding map m1, where m1 is bound to segment seg_c, and the destination port (port_d) of the packet is the VM vNIC connected to seg_p. Although port_p and port_d are on the same segment, the 'routed' value should be set to true if the user expects the crafted packet to be correctly delivered to the destination. This is because the child segments seg_c and seg_d are on different segments and require router interaction to communicate.",
"required": false,
"title": "Awareness of logical routing",
"type": "boolean"
},
"transport_header": {
"$ref": "TransportProtocolHeader,
"description": "This field contains a protocol that is above IP. It is not restricted to the 'transport' defined by the OSI model (e.g., ICMP is supported).",
"required": false,
"title": "The transport header"
},
"transport_type": {
"default": "UNICAST",
"description": "This type takes effect only for IP packet.",
"enum": [
"BROADCAST",
"UNICAST",
"MULTICAST",
"UNKNOWN"
],
"required": false,
"title": "Transport type of the traceflow packet",
"type": "string"
}
},
"type": "object"
}
FileProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "FileProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"created_epoch_ms": {
"required": true,
"title": "File creation time in epoch milliseconds",
"type": "integer"
},
"modified_epoch_ms": {
"required": true,
"title": "File modification time in epoch milliseconds",
"type": "integer"
},
"name": {
"pattern": "^[^/]+$",
"required": true,
"title": "File name",
"type": "string"
},
"path": {
"readonly": true,
"title": "File path",
"type": "string"
},
"size": {
"required": true,
"title": "Size of the file in bytes",
"type": "integer"
}
},
"title": "File properties",
"type": "object"
}
FilePropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "FilePropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "FileProperties
},
"required": true,
"title": "File property results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "File properties query results",
"type": "object"
}
FileThumbprint (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "FileThumbprint",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"name": {
"pattern": "^[^/]+$",
"required": true,
"title": "File name",
"type": "string"
},
"sha1": {
"deprecated": true,
"deprecation_advice": "Deprecated by EAL4. Please use the sha256 thumbprint instead.",
"required": true,
"title": "File's SHA1 thumbprint",
"type": "string"
},
"sha256": {
"required": true,
"title": "File's SHA256 thumbprint",
"type": "string"
}
},
"title": "File thumbprint",
"type": "object"
}
FileTransferAuthenticationScheme (type)
{
"additionalProperties": false,
"id": "FileTransferAuthenticationScheme",
"module_id": "BackupConfiguration",
"properties": {
"identity_file": {
"sensitive": true,
"title": "SSH private key data",
"type": "secure_string"
},
"password": {
"sensitive": true,
"title": "Password to authenticate with",
"type": "secure_string"
},
"scheme_name": {
"enum": [
"PASSWORD",
"KEY"
],
"required": true,
"title": "Authentication scheme name",
"type": "string"
},
"username": {
"pattern": "^([a-zA-Z][a-zA-Z0-9-.]*[a-zA-Z]\\\\\\){0,1}\\w[\\w.-]+$",
"required": true,
"title": "User name to authenticate with",
"type": "string"
}
},
"title": "Remote server authentication details",
"type": "object"
}
FileTransferProtocol (type)
{
"additionalProperties": false,
"id": "FileTransferProtocol",
"module_id": "BackupConfiguration",
"properties": {
"authentication_scheme": {
"$ref": "FileTransferAuthenticationScheme,
"required": true,
"title": "Scheme to authenticate if required"
},
"protocol_name": {
"default": "sftp",
"enum": [
"sftp"
],
"required": true,
"title": "Protocol name",
"type": "string"
},
"ssh_fingerprint": {
"description": "The expected SSH fingerprint of the server. If the server's fingerprint does not match this fingerprint, the connection will be terminated. Only ECDSA fingerprints hashed with SHA256 are supported. To obtain the host's ssh fingerprint, you should connect via some method other than SSH to obtain this information. You can use one of these commands to view the key's fingerprint: 1. ssh-keygen -l -E sha256 -f ssh_host_ecdsa_key.pub 2. awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64 | sed 's/.//44g' | awk '{print \"SHA256:\"$1}'",
"pattern": "^SHA256:.*$",
"required": true,
"title": "SSH fingerprint of server",
"type": "string",
"validation_msg_key": "com.vmware.nsx.validation.constraints.BackupRestore.fingerprint_pattern.message"
}
},
"title": "Protocol to transfer backup file to remote server",
"type": "object"
}
FileType (type)
{
"enum": [
"DOCUMENT",
"EXECUTABLE",
"MEDIA",
"ARCHIVE",
"DATA",
"SCRIPT",
"OTHER"
],
"id": "FileType",
"module_id": "PolicyAntiMalware",
"title": "MalwarePrevention File type",
"type": "string"
}
FilterWidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration for filter widget. This is abstract representation of filter widget.",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "FilterWidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "FilterWidgetConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alias": {
"description": "Alias to be used when emitting filter value.",
"title": "Alias to be used when emitting filter value",
"type": "string"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Filter widget Configuration",
"type": "object"
}
FirewallConfiguration (type)
{
"additionalProperties": false,
"description": "For Multi-tenancy, only disable_auto_draft field applies, the other fields have no effect.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "FirewallConfiguration",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"disable_auto_drafts": {
"default": false,
"description": "To deactivate auto drafts, set it to true. By default, auto drafts are enabled.",
"title": "Auto draft deactivate flag",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_firewall": {
"default": true,
"description": "If set to true, Firewall is enabled.",
"title": "Firewall enable flag",
"type": "boolean"
},
"global_addrset_mode_enabled": {
"default": true,
"description": "When this flag is set to true, global address set is enabled in Distributed Firewall.",
"title": "A flag to indicate if global address set is enabled in DFW",
"type": "boolean"
},
"global_macset_optimization_mode_enabled": {
"default": false,
"description": "MACSet optimization is turned on when this flag is set to true. By default it is set to false.",
"title": "Global MACSet Optimization Flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"DfwFirewallConfiguration"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Firewall related configurations",
"type": "object"
}
FirewallFilterByRequestParameters (type)
{
"additionalProperties": false,
"id": "FirewallFilterByRequestParameters",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"enforcement_point_path": {
"description": "Path of the enforcement point from where the result need to be fetched. If not provided, default enforcement point will be considered. It is mandatory parameter on global manager.",
"required": false,
"title": "Path of the enforcement point",
"type": "string"
},
"parent_path": {
"description": "The path of the parent object of entities that are need to be filtered based in the given criteria. Parent path is required for filtering rules of particular policy.",
"required": false,
"title": "Path of the parent object of the entities",
"type": "string"
},
"scope": {
"description": "All those firewall entities, policies/rules, will be returned whose scope value satisfies the given criteria. The value for scope can be, - virtual machine id or - logical router id. Based on the given scope value, the entities will be filtered.",
"required": true,
"title": "Scope filter criteria",
"type": "string"
}
},
"title": "Request parameters for filtering entities based on the given criteria",
"type": "object"
}
FloodProtectionProfile (type)
{
"abstract": true,
"additionalProperties": false,
"description": "A profile holding TCP, UDP and ICMP and other protcol connection limits.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "FloodProtectionProfile",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"icmp_active_flow_limit": {
"description": "If this field is empty, firewall will not set a limit to active ICMP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active ICMP connections limit",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"other_active_conn_limit": {
"description": "If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Timeout after first TN",
"type": "integer"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "FloodProtectionProfileResourceType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_half_open_conn_limit": {
"description": "If this field is empty, firewall will not set a limit to half open TCP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active half open TCP connections limit",
"type": "integer"
},
"udp_active_flow_limit": {
"description": "If this field is empty, firewall will not set a limit to active UDP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active UDP connections limit",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Flood Protection profile",
"type": "object"
}
FloodProtectionProfileBindingListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "FloodProtectionProfileBindingListResult",
"module_id": "PolicyProfile",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "FloodProtectionProfileBindingMap
},
"required": true,
"title": "Flood protection profile binding maps list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of flood protection profile binding maps",
"type": "object"
}
FloodProtectionProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between Flood Protection profile and Logical Routers.",
"extends": {
"$ref": "ProfileBindingMap
},
"id": "FloodProtectionProfileBindingMap",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "FloodProtectionProfileBindingMap"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profile_path": {
"description": "PolicyPath of associated Profile",
"required": true,
"title": "Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupDiscoveryProfileBindingMap"
],
"relationshipType": "GROUP_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
},
{
"leftType": [
"PolicyFirewallFloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"FloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"PolicyFirewallCPUMemThresholdsProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FirewallCPUMemoryThresholdsProfile"
]
},
{
"leftType": [
"SessionTimerProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
},
{
"leftType": [
"DnsSecurityProfileBindingMap"
],
"relationshipType": "DNS_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"DnsSecurityProfile"
]
},
{
"leftType": [
"GeneralSecurityProfileBindingMap"
],
"relationshipType": "GATEWAY_GENERAL_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"GeneralSecurityProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy Flood Protection Profile binding map",
"type": "object"
}
FloodProtectionProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "FloodProtectionProfileListRequestParameters",
"module_id": "PolicyProfile",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Flood Protection profile list request parameters",
"type": "object"
}
FloodProtectionProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "FloodProtectionProfileListResult",
"module_id": "PolicyProfile",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "FloodProtectionProfile
},
"required": true,
"title": "Flood protection profile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of flood protection profiles",
"type": "object"
}
FloodProtectionProfileResourceType (type)
{
"additionalProperties": false,
"description": "GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways. DistributedFloodProtectionProfile is used for all Transport Nodes.",
"enum": [
"GatewayFloodProtectionProfile",
"DistributedFloodProtectionProfile"
],
"id": "FloodProtectionProfileResourceType",
"module_id": "PolicyProfile",
"title": "Resource types of flood protection profiles",
"type": "string"
}
FlowInfo (type)
{
"description": "Provides details of config flow in federation Federation has the following flows - Global Manager to Local Manager (GM -> LM) - Local Manager to Glocal Manager (LM -> GM) - Global Manager Active to Glocal Manager Standby (GM -> GM) - Local Manager to Local Manager (LM -> LM)",
"id": "FlowInfo",
"module_id": "FederationObservability",
"properties": {
"cross_site_flow_info": {
"$ref": "CrossSiteFlowInfo,
"read_only": true,
"title": "Corss site flow information for the flow"
},
"flow_type": {
"enum": [
"GM_TO_LM",
"LM_TO_GM",
"GM_TO_GM",
"LM_TO_LM",
"GM_WORK_QUEUE",
"GM_DELETE_QUEUE"
],
"read_only": true,
"title": "Flow identifier",
"type": "string"
},
"id": {
"read_only": true,
"title": "System identifier for the flow",
"type": "string"
},
"queue_infos": {
"description": "Every flow will have transmitter and receiver queues.",
"items": {
"$ref": "FederationQueueInfo
},
"read_only": true,
"title": "Queue information for the flow",
"type": "array"
}
},
"title": "Details of config flow",
"type": "object"
}
Footer (type)
{
"additionalProperties": false,
"description": "Footer of a widget that provides additional information or allows an action such as clickable url for navigation. An example usage of footer is provided under 'example_request' section of 'CreateWidgetConfiguration' API.",
"id": "Footer",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"actions": {
"description": "Action to be performed at the footer of a widget. An action at the footer can be simple text description or a hyperlink to a UI page. Action allows a clickable url for navigation. An example usage of footer action is provided under 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "FooterAction
},
"minItems": 0,
"title": "Footer Actions",
"type": "array"
},
"condition": {
"description": "If the condition is met then the footer will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
}
},
"title": "Widget Footer",
"type": "object"
}
FooterAction (type)
{
"additionalProperties": false,
"description": "Action specified at the footer of a widget to provide additional information or to provide a clickable url for navigation. An example usage of footer action is provided under the 'example_request' section of 'CreateWidgetConfiguration' API.",
"id": "FooterAction",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"dock_to_container_footer": {
"default": true,
"description": "If true, the footer will appear in the underlying container that holds the widget.",
"title": "Dock the footer at container",
"type": "boolean"
},
"label": {
"$ref": "Label,
"description": "Label to be displayed against the footer action.",
"required": true,
"title": "Label for action"
},
"url": {
"description": "Hyperlink to the UI page that provides details of action.",
"maxLength": 1024,
"title": "Clickable hyperlink, if any",
"type": "string"
}
},
"title": "Widget Footer Action",
"type": "object"
}
ForceRevisionCheckRequestParameter (type)
{
"description": "Forces revision check before updating",
"id": "ForceRevisionCheckRequestParameter",
"module_id": "Policy",
"properties": {
"enforce_revision_check": {
"default": false,
"description": "If this is set to true, each child object in the request needs to have _revision property set correctly. System will honor the revision numbers while updating the resources.",
"readonly": false,
"required": false,
"title": "Force revision check",
"type": "boolean"
}
},
"title": "Parameter to enforce revision check before updating objects",
"type": "object"
}
ForwardingPolicy (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Contains ordered list of forwarding rules that determine when to forward traffic to / from the underlay for accessing cloud native services.",
"extends": {
"$ref": "Policy
},
"id": "ForwardingPolicy",
"module_id": "PolicyForwarding",
"policy_hierarchical_children": [
"ChildForwardingRule"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"rules": {
"items": {
"$ref": "ForwardingRule
},
"required": false,
"title": "Rules that are a part of this ForwardingPolicy",
"type": "array"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Forwarding Policy\n",
"type": "object"
}
ForwardingPolicyListResult (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"extends": {
"$ref": "PolicyListResult
},
"id": "ForwardingPolicyListResult",
"module_id": "PolicyForwarding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ForwardingPolicy
},
"required": true,
"title": "ForwardingPolicy list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of ForwardingPolicy objects",
"type": "object"
}
ForwardingRule (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Forwarding rule that determine how to forward traffic from a VM. Traffic from VM can either be routed via Overlay or Underlay when VM is on hybrid port. Additionally NAT can be performed for VM or container on overlay to route traffic to/from underlay ROUTE_TO_UNDERLAY - Access a service on underlay space from a VM connected to hybrid port. Eg access to AWS S3 on AWS underlay ROUTE_TO_OVERLAY - Access a service on overlay space from a VM connected to hybrid port. ROUTE_FROM_UNDERLAY - Access a service hosted on a VM (that is connected to hybrid port) from underlay space. Eg access from AWS ELB to VM ROUTE_FROM_OVERLAY - Access a service hosted on a VM (that is connected to hybrid port) from overlay space NAT_FROM_UNDERLAY - Access a service on overlay VM/container from underlay space using DNAT from underlay IP to overlay IP NAT_TO_UNDERLAY - Access an underlay service from a VM/container on overlay space using SNAT from overlay IP to underlay IP",
"extends": {
"$ref": "BaseRule
},
"id": "ForwardingRule",
"module_id": "PolicyForwarding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "The action to be applied to all the services",
"enum": [
"ROUTE_TO_UNDERLAY",
"ROUTE_TO_OVERLAY",
"ROUTE_FROM_UNDERLAY",
"ROUTE_FROM_OVERLAY",
"NAT_FROM_UNDERLAY",
"NAT_TO_UNDERLAY"
],
"required": false,
"title": "Action",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Destination group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"destinations_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups",
"readonly": false,
"required": false,
"title": "Negation of destination groups",
"type": "boolean"
},
"direction": {
"default": "IN_OUT",
"description": "Define direction of traffic.",
"enum": [
"IN",
"OUT",
"IN_OUT"
],
"required": false,
"title": "Direction",
"type": "string"
},
"disabled": {
"default": false,
"description": "Flag to deactivate the rule. Default is activated.",
"readonly": false,
"required": false,
"title": "Flag to deactivate the rule",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_protocol": {
"description": "Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.",
"enum": [
"IPV4",
"IPV6",
"IPV4_IPV6"
],
"readonly": false,
"required": false,
"title": "IPv4 vs IPv6 packet type",
"type": "string"
},
"is_default": {
"description": "A flag to indicate whether rule is a default rule.",
"readonly": true,
"required": false,
"title": "Default rule flag",
"type": "boolean"
},
"logged": {
"default": false,
"description": "Flag to enable packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"notes": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.",
"maxLength": 2048,
"readonly": false,
"required": false,
"title": "Text for additional notes on changes",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profiles": {
"description": "Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Layer 7 service profiles or TLS action profile",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"Rule"
],
"relationshipType": "COMMUNICATION_ENTRY_L7_ACCESS_PROFILE_RELATIONSHIP",
"rightType": [
"L7AccessProfile"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_id": {
"description": "This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.",
"readonly": true,
"required": false,
"title": "Unique rule ID",
"type": "integer"
},
"scope": {
"description": "The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier0Interface",
"Tier1Interface",
"Tier0",
"Tier1",
"IPSecVpnSession",
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number",
"minimum": 0,
"required": false,
"title": "Sequence number of the this Rule",
"type": "int"
},
"service_entries": {
"description": "In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.",
"items": {
"$ref": "ServiceEntry
},
"maxItems": 128,
"required": false,
"title": "Raw services",
"type": "array"
},
"services": {
"description": "In order to specify all services, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Names of services",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"source_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Source group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sources_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups",
"readonly": false,
"required": false,
"title": "Negation of source groups",
"type": "boolean"
},
"tag": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.",
"required": false,
"title": "Tag applied on the rule",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Forwarding rule",
"type": "object"
}
ForwardingRuleListRequestParameters (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"extends": {
"$ref": "RuleListRequestParameters
},
"id": "ForwardingRuleListRequestParameters",
"module_id": "PolicyForwarding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "ForwardingRule list request parameters",
"type": "object"
}
ForwardingRuleListResult (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"extends": {
"$ref": "BaseRuleListResult
},
"id": "ForwardingRuleListResult",
"module_id": "PolicyForwarding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ForwardingRule
},
"required": true,
"title": "Rule list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of ForwardingRules",
"type": "object"
}
FpCounters (type)
{
"id": "FpCounters",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"rx_bytes": {
"description": "Count of rx bytes of ENS-Fastpath/FC-lookup.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_drops": {
"description": "Count of rx packet drops of ENS Fastpath / Not applicable for FC Module.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_drops_sp": {
"description": "Count of rx pkts drops of slowpath / Not applicable for FC Module.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_drops_uplink": {
"description": "Count of rx packet drops of ENS Uplink / Not applicable for FC Module.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_pkts": {
"description": "Count of rx packets of ENS Fastpath / Count of rx packets at FC lookup of vnic.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_pkts_sp": {
"description": "Count of rx pkt of slowpath / Not applicable for FC Module.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_pkts_uplink": {
"description": "Count of rx packets of ENS Uplink / Count of rx packets at FC lookup of Uplink.",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_bytes": {
"description": "Count of tx bytes of ENS/FC Fastpath",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_drops": {
"description": "Count of tx packet drops of ENS Fastpath / Count of packets dropped at FC lookup of vnic",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_drops_sp": {
"description": "Count of tx pkts drops by slowpath / Not applicable for FC Module.",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_drops_uplink": {
"description": "Count of tx packet drops of ENS Uplink / Count of packets dropped at FC lookup of Uplink.",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_pkts": {
"description": "Count of tx packets of ENS Fastpath / Count of packets going through FC fastpath at vnic.",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_pkts_sp": {
"description": "Count of tx pkts of ENS/FC slowpath",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_pkts_uplink": {
"description": "Count of tx packets of ENS Uplink / Count of packets going through FC fastpath at Uplink.",
"readonly": true,
"required": false,
"type": "integer"
}
},
"type": "object"
}
FqdnAnalysisConfig (type)
{
"additionalProperties": false,
"description": "The type contains information about the configuration of the FqdnAnalysis feature for a specific node.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "FqdnAnalysisConfig",
"module_id": "PolicyUrlCategorization",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": false,
"description": "Property which specifies the enabling/disabling of the feature.",
"required": false,
"title": "Enabled",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "FQDN Analysis feature configuration entity",
"type": "object"
}
FullSyncInfo (type)
{
"description": "Represents details of the last full sync if full sync is not running, otherwise returns the status of current full sync.",
"id": "FullSyncInfo",
"module_id": "FederationObservability",
"properties": {
"data_streaming_from_source_end_time": {
"read_only": true,
"title": "End time of streaming full state from source",
"type": "integer"
},
"data_streaming_from_source_progress": {
"read_only": true,
"title": "Details about full sync on sender side",
"type": "string"
},
"data_streaming_from_source_start_time": {
"read_only": true,
"title": "Start time of streaming full state from source",
"type": "integer"
},
"end_time": {
"read_only": true,
"title": "Full sync end time",
"type": "integer"
},
"errors": {
"items": {
"type": "string"
},
"read_only": true,
"title": "Errors if any",
"type": "array"
},
"fullSyncId": {
"read_only": true,
"title": "Full sync id",
"type": "string"
},
"reason": {
"read_only": true,
"title": "Description of full sync reason",
"type": "string"
},
"reason_code": {
"description": "Full sync can happen for various internal reasons, as well user can request for one. The code provides the classification of possible reasons to start a full sync.",
"enum": [
"QUEUE_OVERFLOW_ON_TRANSMITTER",
"QUEUE_OVERFLOW_ON_RECEIVER",
"CONNECTION_RESTORED",
"LM_ONBOARDED",
"GM_SWITCHOVER",
"RESTORED_GM_FROM_BACKUP",
"RESTORED_LM_FROM_BACKUP",
"BROWNFIELD_CONFIG_MIGRATION_FROM_LM_TO_GM",
"GM_REQUESTED_OVERSIZED_PAYLOAD",
"GM_REQUESTED_SITE_ONBOARDING",
"GM_REQUESTED_OTHER",
"LM_REQUSTED_OVERSIZED_PAYLOAD",
"LM_REQUESTED_OTHER",
"USER_REQUSTED",
"OTHER_AR_INTERNAL",
"POST_UPGRADE_GM",
"POST_UPGRADE_LM",
"UNKNOWN"
],
"read_only": true,
"title": "Reason code for full sync",
"type": "string"
},
"receiver_end_time": {
"read_only": true,
"title": "End time of completing applying full state on receiver side",
"type": "integer"
},
"receiver_start_time": {
"read_only": true,
"title": "Start time of applying full state on receiver side",
"type": "integer"
},
"receiver_state": {
"description": "This is optional information, provides useful insights on receiver side once async channel hands over full state data to receiver.",
"read_only": true,
"title": "Internal receiver state",
"type": "string"
},
"receiver_time_to_apply_in_millis": {
"read_only": true,
"title": "Time taken by application receiver to apply the full state received",
"type": "integer"
},
"stage": {
"description": "This provides the insights into current full sync stage if in progress.",
"enum": [
"NOT_STARTED",
"REQUESTED_FULL_STATE_FROM_SOURCE",
"TRANSFERRING_FULL_STATE",
"COMPLETED_TRANSFERRING_FULL_STATE",
"DESTINATION_APPLYING_FULL_STATE",
"COMPLETED_SUCCESSFUL",
"TIMEOUT_ON_SOURCE_RECEIVE_FULL_STATE",
"TIMEOUT_ON_DESTINATION_APPLY",
"COMPLETED_FAILED"
],
"read_only": true,
"title": "Current stage details if full sync in progress",
"type": "string"
},
"start_time": {
"read_only": true,
"title": "Full sync start time",
"type": "integer"
},
"status": {
"enum": [
"NOT_STARTED",
"IN_PROGRESS",
"COMPLETED"
],
"read_only": true,
"title": "Full sync status",
"type": "string"
},
"warnings": {
"items": {
"type": "string"
},
"read_only": true,
"title": "Errors if any",
"type": "array"
}
},
"title": "Full sync details for the flow",
"type": "object"
}
FullSyncState (type)
{
"additionalProperties": false,
"description": "Provides FullSync state for Local Manager from Global Manager.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "FullSyncState",
"module_id": "PolicyFullSync",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"errors": {
"description": "Errors occurred during full sync.",
"items": {
"type": "string"
},
"readonly": true,
"title": "Errors occurred during full sync",
"type": "array"
},
"full_sync_id": {
"description": "Full sync id generated by Async Replicator (AR) service.",
"readonly": true,
"title": "Full sync id",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"last_completed_stage": {
"description": "The current stage of full sync completion for ongoing sync. When Local Manager (LM) receives full sync data from AR, LM starts with workflow to prserve the state and restore the full sync from where it has left off in case of change of leadership of the service to different NSX node or LM is restarted. LM starts the full sync workflow with state INITIAL capturing the AR full sync id and data location details. The stage/state transition follows the order given below INITIAL - Full sync started PROCESSED_FULLSYNC_DATA - Compelted processing the full state data provided by AR PRCESSED_DELTAS - Completed processing pending delta changes provided by AR. DELETED_STALE_ENTITIES - Completed deletion of all global entities on LM that are not in GM anymore COMPLETED - Full sync handling is completed on LM ERROR - Full sync failed with errors on LM, in which case AR will re-attempt full sync later point in time for the LM ABORTED - Indicates that the full sync cancelled as per user request",
"enum": [
"INITIAL",
"PAUSE_DCNS",
"DELETED_STALE_ENTITIES",
"PROCESSED_FULLSYNC_DATA",
"PROCESSED_DELTAS",
"UNPAUSE_DCNS",
"COMPLETED",
"ERROR",
"ABORTED"
],
"readonly": true,
"title": "Full sync stage that is last completed for this request.",
"type": "string"
},
"last_upate_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"deprecated": true,
"description": "Deprecated, refer to last_update_time for the last update time stamp.",
"readonly": true
},
"last_update_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last update, could be progress or success or error.",
"readonly": true
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of Full Sync start.",
"readonly": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Full sync state",
"type": "object"
}
FullSyncStateListResult (type)
{
"additionalProperties": false,
"description": "Paged Collection of FullSync states.",
"extends": {
"$ref": "ListResult
},
"id": "FullSyncStateListResult",
"module_id": "PolicyFullSync",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "FullSync states list.",
"items": {
"$ref": "FullSyncState
},
"required": true,
"title": "FullSync states list",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of FullSync states.",
"type": "object"
}
FullSyncStatus (type)
{
"id": "FullSyncStatus",
"module_id": "SiteManagerModule",
"properties": {
"completed_at": {
"required": true,
"title": "Time at which the full sync was completed.",
"type": "string"
},
"snapshot_version": {
"required": true,
"title": "Snapshot version targeted by full sync.",
"type": "string"
},
"status": {
"enum": [
"UNAVAILABLE",
"ERROR",
"ONGOING",
"COMPLETE",
"NOT_STARTED"
],
"required": true,
"title": "Status of full sync.",
"type": "string"
},
"sync_id": {
"required": true,
"title": "Identifier for the full sync.",
"type": "string"
},
"sync_type": {
"enum": [
"UNAVAILABLE",
"STANDARD",
"FORCED"
],
"required": true,
"title": "Type of full sync.",
"type": "string"
}
},
"type": "object"
}
GatewayFloodProtectionProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "FloodProtectionProfile
},
"id": "GatewayFloodProtectionProfile",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "GatewayFloodProtectionProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"icmp_active_flow_limit": {
"description": "If this field is empty, firewall will not set a limit to active ICMP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active ICMP connections limit",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"nat_active_conn_limit": {
"default": 4294967295,
"description": "The maximum limit of active NAT connections. This limit only apply to EDGE components (such as, gateway). If this property is omitted, or set to null, then there is no limit on the specific component. Meanwhile there is an implicit limit which depends on the underlying hardware resource.",
"maximum": 4294967295,
"minimum": 1,
"readonly": false,
"title": "Maximum limit of active NAT connections",
"type": "integer"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"other_active_conn_limit": {
"description": "If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Timeout after first TN",
"type": "integer"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "FloodProtectionProfileResourceType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_half_open_conn_limit": {
"description": "If this field is empty, firewall will not set a limit to half open TCP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active half open TCP connections limit",
"type": "integer"
},
"udp_active_flow_limit": {
"description": "If this field is empty, firewall will not set a limit to active UDP connections.",
"maximum": 1000000,
"minimum": 1,
"title": "Active UDP connections limit",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
GatewayGeneralSecurityProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "GeneralSecurityProfile
},
"id": "GatewayGeneralSecurityProfile",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "GatewayGeneralSecurityProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_double_flow": {
"default": false,
"description": "The flag to indicate double flow check is enabled or not. This option applies only to EDGE components.",
"readonly": false,
"title": "Flag to indicate double flow check is enabled or not",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "GeneralSecurityProfileResourceType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
GatewayInterfaceReference (type)
{
"additionalProperties": false,
"description": "Contains gateway interface details.",
"id": "GatewayInterfaceReference",
"module_id": "PolicyConnectivity",
"properties": {
"interface_path": {
"description": "Absolute policy path of member interface.",
"required": true,
"title": "interface path",
"type": "string"
}
},
"title": "Gateway interface reference",
"type": "object"
}
GatewayL2ForwarderSiteSpanInfo (type)
{
"additionalProperties": false,
"experimental": true,
"id": "GatewayL2ForwarderSiteSpanInfo",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"gateway_path": {
"description": "Policy path of a gateway.",
"readonly": true,
"required": true,
"title": "Gateway path",
"type": "string"
},
"inter_site_forwarder_status": {
"description": "Inter-site forwarder status per node.",
"items": {
"$ref": "L2ForwarderStatusPerNode
},
"readonly": true,
"title": "Inter-site forwarder status per node",
"type": "array"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the L2 forwarder remote mac addresses was last updated.",
"readonly": true,
"required": true,
"title": "Last updated timestamp"
},
"remote_macs_per_site": {
"description": "L2 forwarder remote mac addresses per site for logical switch.",
"items": {
"$ref": "L2ForwarderRemoteMacsPerSite
},
"readonly": true,
"title": "L2 forwarder remote mac addresses per site",
"type": "array"
}
},
"type": "object"
}
GatewayPolicy (type)
{
"extends": {
"$ref": "Policy
},
"id": "GatewayPolicy",
"module_id": "Policy",
"policy_hierarchical_children": [
"ChildRule"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"rules": {
"items": {
"$ref": "Rule
},
"required": false,
"title": "Rules that are a part of this SecurityPolicy",
"type": "array"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of Rules for GatewayPolicy",
"type": "object"
}
GatewayPolicyListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListResult
},
"id": "GatewayPolicyListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "GatewayPolicy
},
"required": true,
"title": "GatewayPolicy list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of gateway policies",
"type": "object"
}
GatewayQosProfile (type)
{
"additionalProperties": false,
"description": "QoS profile contains configuration of rate limiting properties which can be applied in ingress and egress directions at Tier1 gateways",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "GatewayQosProfile",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"burst_size": {
"default": 1,
"description": "Burst size in bytes.",
"minimum": 1,
"title": "Burst size in bytes",
"type": "int"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"committed_bandwidth": {
"default": 1,
"description": "Committed bandwidth in both directions specified in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate.",
"minimum": 1,
"title": "Committed bandwidth in Mbps",
"type": "int"
},
"committed_bandwitdth": {
"default": 1,
"deprecated": true,
"description": "Committed bandwidth in both directions specified in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate. This property is deprecated, use committed_bandwidth instead.",
"minimum": 1,
"title": "Committed bandwidth in Mbps",
"type": "int"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"excess_action": {
"description": "Action on traffic exceeding bandwidth.",
"enum": [
"DROP"
],
"required": false,
"title": "Action on traffic exceeding bandwidth.",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "QoS configuration of Tier1 gateway",
"type": "object"
}
GatewayQosProfileConfig (type)
{
"additionalProperties": false,
"id": "GatewayQosProfileConfig",
"module_id": "PolicyConnectivity",
"properties": {
"egress_qos_profile_path": {
"description": "Policy path to gateway QoS profile in egress direction.",
"required": false,
"title": "Egress QoS profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier1"
],
"relationshipType": "GATEWAY_QOS_PROFILE_RELATIONSHIP",
"rightType": [
"GatewayQosProfile"
]
},
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_SERVICE_GATEWAY_EGRESS_QOS_RELATIONSHIP",
"rightType": [
"GatewayQosProfile"
]
}
]
},
"ingress_qos_profile_path": {
"description": "Policy path to gateway QoS profile in ingress direction.",
"required": false,
"title": "Ingress QoS profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier1"
],
"relationshipType": "GATEWAY_QOS_PROFILE_RELATIONSHIP",
"rightType": [
"GatewayQosProfile"
]
},
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_SERVICE_GATEWAY_INGRESS_QOS_RELATIONSHIP",
"rightType": [
"GatewayQosProfile"
]
}
]
}
},
"title": "Gateway QoS profile configuration",
"type": "object"
}
GatewayQosProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "GatewayQosProfileListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "GatewayQosProfile
},
"required": true,
"title": "Paginated list of GatewayQosProfile",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
GatewayRecoverySiteConfig (type)
{
"additionalProperties": false,
"description": "Recovery site config",
"id": "GatewayRecoverySiteConfig",
"module_id": "PolicyConnectivity",
"properties": {
"failover_linked_tier1_gateway": {
"default": true,
"description": "Linked Tier1 gateway whose primary site matches from_site_path and are stretched to new primary site are recovered on new primary site path.",
"required": false,
"title": "Failover Linked Tier-1 Gateway",
"type": "boolean"
},
"tier0_gateway_path": {
"description": "Path of Tier-0 gateway",
"required": true,
"title": "Tier-0 gateway path",
"type": "string"
},
"to_primary_site_path": {
"description": "Recovery site path",
"required": true,
"title": "Recovery site path",
"type": "string"
}
},
"title": "Recovery site config",
"type": "object"
}
GatewayRouteCsvRecord (type)
{
"extends": {
"$ref": "CsvRecord
},
"id": "GatewayRouteCsvRecord",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"admin_distance": {
"required": false,
"title": "The admin distance of the next hop",
"type": "integer"
},
"black_hole": {
"description": "Value of this field will be true if given routes are null routes",
"readonly": true,
"required": false,
"title": "BlackHole",
"type": "boolean"
},
"edge_path": {
"description": "Edge node policy path.",
"readonly": true,
"title": "Edge path",
"type": "string"
},
"interface": {
"required": false,
"title": "The policy path of the interface which is used as the next hop",
"type": "string"
},
"lr_component_id": {
"required": false,
"title": "Logical router component(Service Router/Distributed Router) id",
"type": "string"
},
"lr_component_type": {
"required": false,
"title": "Logical router component(Service Router/Distributed Router) type",
"type": "string"
},
"network": {
"$ref": "IPCIDRBlock,
"required": true,
"title": "CIDR network address"
},
"next_hop": {
"$ref": "IPAddress,
"required": false,
"title": "The IP of the next hop"
},
"next_hop_gateway": {
"required": false,
"title": "Next hop gateway path",
"type": "string"
},
"route_type": {
"required": true,
"title": "Route type (USER, CONNECTED, NSX_INTERNAL,..)",
"type": "string"
}
},
"type": "object"
}
GatewayRouteTableInCsvFormat (type)
{
"extends": {
"$ref": "CsvListResult
},
"id": "GatewayRouteTableInCsvFormat",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"results": {
"items": {
"$ref": "GatewayRouteCsvRecord
},
"required": false,
"type": "array"
}
},
"type": "object"
}
GatewaySiteFailoverActionConfig (type)
{
"additionalProperties": false,
"description": "configuration to trigger site failover for one or more Tier0 and linked Tier1 gateway(s).",
"id": "GatewaySiteFailoverActionConfig",
"module_id": "PolicyConnectivity",
"properties": {
"from_site_path": {
"description": "Source site path for failover. Gateway whose primary site path matches from_site_path are considered for recovery.",
"required": true,
"title": "Source site path",
"type": "string"
},
"to_primary_site_config": {
"description": "Recovery stie for Tier-0 gateway and linked Tier-1 gateway.",
"items": {
"$ref": "GatewayRecoverySiteConfig
},
"maxItems": 200,
"required": true,
"title": "Recovery site for gateway",
"type": "array"
}
},
"title": "Gateway site failover action",
"type": "object"
}
GeneralSecurityProfile (type)
{
"abstract": true,
"additionalProperties": false,
"description": "A profile holding general security settings.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "GeneralSecurityProfile",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "GeneralSecurityProfileResourceType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "General Security profile",
"type": "object"
}
GeneralSecurityProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between General Security profile and Logical Routers.",
"extends": {
"$ref": "ProfileBindingMap
},
"id": "GeneralSecurityProfileBindingMap",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "GeneralSecurityProfileBindingMap"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profile_path": {
"description": "PolicyPath of associated Profile",
"required": true,
"title": "Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupDiscoveryProfileBindingMap"
],
"relationshipType": "GROUP_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
},
{
"leftType": [
"PolicyFirewallFloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"FloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"PolicyFirewallCPUMemThresholdsProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FirewallCPUMemoryThresholdsProfile"
]
},
{
"leftType": [
"SessionTimerProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
},
{
"leftType": [
"DnsSecurityProfileBindingMap"
],
"relationshipType": "DNS_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"DnsSecurityProfile"
]
},
{
"leftType": [
"GeneralSecurityProfileBindingMap"
],
"relationshipType": "GATEWAY_GENERAL_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"GeneralSecurityProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy General Security profile binding map",
"type": "object"
}
GeneralSecurityProfileResourceType (type)
{
"additionalProperties": false,
"description": "GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways.",
"enum": [
"GatewayGeneralSecurityProfile"
],
"id": "GeneralSecurityProfileResourceType",
"module_id": "PolicyProfile",
"title": "Resource types of General Security profiles",
"type": "string"
}
GenericDhcpOption (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Define DHCP options other than option 121.",
"id": "GenericDhcpOption",
"module_id": "Dhcp",
"properties": {
"code": {
"description": "Code of the dhcp option.",
"maximum": 255,
"minimum": 0,
"required": true,
"title": "DHCP option code, [0-255]",
"type": "integer"
},
"values": {
"description": "Value of the option.",
"items": {
"type": "string"
},
"maxItems": 10,
"minItems": 1,
"required": true,
"title": "DHCP option value",
"type": "array"
}
},
"title": "Generic DHCP option",
"type": "object"
}
GenericPolicyRealizedResource (type)
{
"description": "Represents realized entity",
"extends": {
"$ref": "PolicyRealizedResource
},
"id": "GenericPolicyRealizedResource",
"module_id": "PolicyRealizedState",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alarms": {
"items": {
"$ref": "PolicyAlarmResource
},
"required": false,
"title": "Alarm info detail",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point.",
"readonly": true,
"title": "Enforcement Point Path",
"type": "string"
},
"entity_type": {
"readonly": true,
"title": "Type of realized entity",
"type": "string"
},
"extended_attributes": {
"items": {
"$ref": "AttributeVal
},
"readonly": true,
"required": false,
"title": "Collection of type specific properties",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"intent_paths": {
"items": {
"type": "string"
},
"readonly": true,
"title": "Collection of intent paths",
"type": "array"
},
"intent_reference": {
"items": {
"type": "string"
},
"required": false,
"title": "Desire state paths of this object",
"type": "array"
},
"operational_status": {
"description": "Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive.",
"required": false,
"title": "String representation of operational status",
"type": "string"
},
"operational_status_error": {
"description": "It defines the root cause for operational status error.",
"required": false,
"title": "String representation of operational status error",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"publish_status": {
"description": "Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive.",
"required": false,
"title": "String representation of publish status",
"type": "string"
},
"publish_status_error": {
"description": "It defines the root cause for publish status error.",
"required": false,
"title": "String representation of publish status error",
"type": "string"
},
"publish_status_error_code": {
"description": "It defines error code for publish status error.",
"required": false,
"title": "Represents error code for publish status.",
"type": "int"
},
"publish_status_error_details": {
"description": "Error details for publish status.",
"items": {
"$ref": "ConfigurationStateElement
},
"required": false,
"title": "Details for publich status error.",
"type": "array"
},
"publish_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time",
"readonly": true,
"title": "Publish time of the intent"
},
"realization_api": {
"required": false,
"title": "Realization API of this object on enforcement point",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"realization_specific_identifier": {
"required": false,
"title": "Realization id of this object",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"runtime_error": {
"description": "It define the root cause for runtime error.",
"required": false,
"title": "String representation of runtime error",
"type": "string"
},
"runtime_status": {
"deprecated": true,
"description": "Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive.",
"required": false,
"title": "String representation of runtime status",
"type": "string"
},
"site_path": {
"description": "The site where this entity resides.",
"readonly": true,
"title": "Site Path",
"type": "string"
},
"state": {
"enum": [
"UNAVAILABLE",
"UNREALIZED",
"REALIZED",
"ERROR"
],
"required": true,
"title": "Realization state of this object",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"time_taken_for_realization": {
"description": "This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization",
"title": "Appoximate time taken in milliseconds for end to end realization.",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Generic realized entity",
"type": "object"
}
GenericPolicyRealizedResourceListResult (type)
{
"additionalProperties": false,
"description": "GenericPolicyRealizedResource list result",
"extends": {
"$ref": "ListResult
},
"id": "GenericPolicyRealizedResourceListResult",
"module_id": "PolicyRealizedState",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "List of realized resources",
"items": {
"$ref": "GenericPolicyRealizedResource
},
"required": false,
"title": "Paged Collection of GenericPolicyRealizedResources",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "GenericPolicyRealizedResource list result",
"type": "object"
}
GetBackupUiFramesInfoRequestParameters (type)
{
"extends": {
"$ref": "ListRequestParameters
},
"id": "GetBackupUiFramesInfoRequestParameters",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"ui_tab_type": {
"default": "LOCAL_MANAGER_TAB",
"enum": [
"LOCAL_MANAGER_TAB",
"GLOBAL_MANAGER_TAB"
],
"readonly": true,
"required": false,
"type": "string"
}
},
"type": "object"
}
GetCertParameter (type)
{
"additionalProperties": false,
"id": "GetCertParameter",
"module_id": "CertificateManager",
"properties": {
"details": {
"default": false,
"required": false,
"title": "whether to expand the pem data and show all its details",
"type": "boolean"
}
},
"type": "object"
}
GetSNMPParameters (type)
{
"additionalProperties": false,
"description": "Get SNMP request parameters.",
"id": "GetSNMPParameters",
"properties": {
"show_sensitive_data": {
"default": false,
"description": "Whether to show SNMP service properties including community strings if any applicable.",
"required": false,
"title": "Show SNMP sensitive data or not",
"type": "boolean"
}
},
"title": "Get SNMP request parameters",
"type": "object"
}
GlobalCollectorConfig (type)
{
"abstract": true,
"description": "The GlobalCollectorConfig is the base class for global collector configurations for different types in a NSX domain.",
"id": "GlobalCollectorConfig",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "collector_type"
},
"properties": {
"collector_ip": {
"$ref": "IPAddress,
"description": "IP address for the global collector.",
"required": true,
"title": "IP address for the global collector collector"
},
"collector_port": {
"description": "Port for the global collector.",
"maximum": 65535,
"minimum": 0,
"required": true,
"title": "Port for the global collector",
"type": "int"
},
"collector_type": {
"$ref": "GlobalCollectorType,
"description": "Specify the global collector type.",
"required": true
}
},
"title": "Abstract base type for Global collector configurations of different types",
"type": "object"
}
GlobalCollectorType (type)
{
"enum": [
"VRNI",
"WAVE_FRONT"
],
"id": "GlobalCollectorType",
"module_id": "Policy",
"title": "Valid Global collector types",
"type": "string"
}
GlobalConfig (type)
{
"additionalProperties": false,
"description": "Global configuration",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "GlobalConfig",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"allow_changing_vdr_mac_in_use": {
"default": false,
"description": "When this flag is set to true, it is allowed to change the VDR MAC being used by existing transport nodes in a NSX system. The VDR MAC used by a host switch in a transport node is decided by the OVERLAY transport zone(s) which the host switch joins. If any of the OVERLAY transport zone(s) has \"nested_nsx\" property set to true, the MAC in \"vdr_mac_nested\" is used; otherwise the MAC in \"vdr_mac\" is used. Thus the VDR MAC being used by a host switch in a transport node can be changed in below ways. If the host switch is not in any OVERLAY transport zone whose \"nested_nsx\" property is true but is in an OVERLAY transport zone, the first way is updating the \"vdr_mac\" property. The 2nd way is updating one of the OVERLAY transport zones joined by the host switch to set \"nested_nsx\" property true which will make the host switch use the VDR MAC in \"vdr_mac_nested\". The third way is directly updating the transport node to add an OVERLAY transport zone whose \"nested_nsx\" property is true into the host switch which will also make the host switch use the VDR MAC in \"vdr_mac_nested\". If the host switch is in some OVERLAY transport zone(s) whose \"nested_nsx\" property is true, the first way is updating the \"vdr_mac_nested\" property. The 2nd way is updating all those OVERLAY transport zones to set \"nested_nsx\" property false which will make the host switch use the VDR MAC in \"vdr_mac\". The third way is directly updating the transport node to remove all those OVERLAY transport zones from the host switch which will also make the host switch use the VDR MAC in \"vdr_mac\". Please note that changing the VDR MAC being used by existing transport nodes will most likely cause traffic disruption and network outage!",
"title": "A flag to indicate if changing the VDR MAC being used is allowed",
"type": "boolean"
},
"arp_limit_per_gateway": {
"default": 50000,
"description": "Global configuration of maximum number of ARP entries per transport node at each Tier0/Tier1 gateway.",
"maximum": 50000,
"minimum": 5000,
"title": "ARP limit per Tier0/Tier1 gateway",
"type": "int"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"external_gateway_bfd": {
"$ref": "ExternalGatewayBfdConfig,
"description": "Configuration for BFD session between host nodes and external gateways. If this configuration is not provided, system defaults are applied.",
"title": "External Bidirectional Flow Detection configuration"
},
"fips": {
"$ref": "FIPSGlobalConfig,
"description": "Contains the FIPSGlobalConfig object.",
"required": false,
"title": "FIPS enabled config"
},
"global_replication_mode_enabled": {
"default": false,
"description": "When this flag is set true, certain types of BUM packets will be sent to all VTEPs in the global VTEP table, ignoring the logical switching span.",
"title": "A flag to indicate if global replication mode is enabled",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_inherited": {
"description": "if True, meaning that this is a copy version of GM if False, meaning that this is a local version on LM",
"required": false,
"title": "This field indicates whether this is a copy version of GM/NSX+ or not",
"type": "boolean"
},
"l3_forwarding_mode": {
"default": "IPV4_ONLY",
"description": "Configure forwarding mode for routing. This setting does not restrict configuration for other modes.",
"enum": [
"IPV4_ONLY",
"IPV4_AND_IPV6"
],
"required": false,
"title": "L3 forwarding mode",
"type": "string"
},
"lb_ecmp": {
"default": false,
"deprecated": true,
"description": "Flag to activate/deactivate ECMP load balancing. By default ECMP load balancing is deactivated.",
"title": "Flag for controlling equal-cost multi-path(ECMP) load balancing.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mtu": {
"description": "Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. This is the global default MTU for all the EXTERNAL (uplink) and SERVICE (CSP) interfaces in the NSX domain. There is no option to override this value at the transport zone level or transport node level.",
"minimum": 1280,
"required": false,
"title": "MTU size",
"type": "int"
},
"operation_collectors": {
"deprecated": true,
"description": "This property is a part of OpsGlobalConfig object. Use /infra/ops-global-config instead. The VRNI and WAVE_FRONT collector type can be defined to collect the metric data. The WAVE_FRONT collector type can only be used in VMC mode.",
"items": {
"$ref": "GlobalCollectorConfig
},
"required": false,
"title": "Operation global collector config",
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"physical_uplink_mtu": {
"default": 1700,
"description": "This is the global default MTU for all the physical uplinks in a NSX domain. This is the default value for the optional uplink profile MTU field. When the MTU value is not specified in the uplink profile, this global value will be used. This value can be overridden by providing a value for the optional MTU field in the uplink profile. Whenever this value is updated, the updated value will only be propagated to the uplinks that don't have the MTU value in their uplink profiles. If this value is not set, the default value of 1700 will be used. The Transport Node state can be monitored to confirm if the updated MTU value has been realized.",
"readonly": false,
"title": "MTU for the physical uplinks",
"type": "int"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"remote_tunnel_physical_mtu": {
"default": 1700,
"description": "This is the global default MTU for all the physical remote tunnel endpoints in an NSX domain. Please consider intersite link MTU minus any external overhead when defining the MTU. If this value is not set, the default value of 1500 will be used.",
"readonly": false,
"title": "The physical MTU for the remote tunnel endpoints",
"type": "int"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"site_infos": {
"description": "Information related to sites applicable for given config.",
"items": {
"$ref": "SiteInfo
},
"maxItems": 16,
"required": false,
"title": "Collection of Site information",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tep_group_config": {
"$ref": "TepGroupConfig,
"description": "Indicates if the TEP Grouping is supported in Transport Nodes.",
"title": "VTEP Group Configuration."
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"uplink_mtu_threshold": {
"default": 9000,
"description": "This value defines the upper threshold for the Maximum Transmission Unit (MTU) value that can be configured at a physical uplink level or a logical routing uplink level in a NSX domain. All Uplink profiles validate against this value so that the MTU specified in an Uplink profile does not exceed this global upper threshold. Similarly, when this value is modified, the new value must be greater than or equal to any existing Uplink profile's MTU.",
"required": false,
"title": "Upper threshold for MTU on physical and logical uplinks",
"type": "int"
},
"vdr_mac": {
"$ref": "MACAddress,
"default": "02:50:56:56:44:52",
"description": "This is the global default MAC address for all VDRs in all transport nodes in a NSX system. It can be changed only when there is no transport node in the NSX system. This value cannot be same as vdr_mac_nested. When the property \"allow_changing_vdr_mac_in_use\" is false, it can not be changed if the current VDR MAC is being used by any transport node. A transport node uses this VDR MAC if any host switch in the node is in OVERLAY transport zone(s) but none of the transport zone(s) has \"nested_nsx\" property being true.",
"title": "MAC address of the Virtual Distributed Router (VDR) port"
},
"vdr_mac_nested": {
"$ref": "MACAddress,
"default": "02:50:56:56:44:53",
"description": "This is the global default MAC address for all VDRs in all transport nodes in a NSX system nested in another NSX system. It can be changed only when there is no transport node in the NSX system. All transport zones in such a nested NSX system will have the \"nested_nsx\" property being true so that all transport nodes will use this MAC for the VDR ports to avoid conflict with the VDR MAC in the outer NSX system. When the property \"allow_changing_vdr_mac_in_use\" is false, it can not be changed if the current VDR MAC is being used by any transport node in a nested NSX environment. A transport node uses this VDR MAC if any host switch in the node is in an OVERLAY transport zone whose \"nested_nsx\" property is true.",
"title": "The MAC address of the Virtual Distributed Router (VDR) port in a nested NSX environment."
}
},
"title": "Global configuration",
"type": "object"
}
GlobalDfwConfiguration (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "GlobalDfwConfiguration",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_firewall": {
"default": true,
"description": "If set to true, distributed firewall is enabled on a specified site.",
"title": "Distributed firewall enable flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Global distributed firewall configuration for a specific site",
"type": "object"
}
GlobalDfwConfigurationListResult (type)
{
"additionalProperties": false,
"description": "Paged Collection of global distributed firewall configurations for all the sites.",
"extends": {
"$ref": "ListResult
},
"id": "GlobalDfwConfigurationListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Global distributed firewall configuration list results.",
"items": {
"$ref": "GlobalDfwConfiguration
},
"required": true,
"title": "Global distributed firewall configuration list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of global distributed firewall configurations for all the sites",
"type": "object"
}
GlobalIdsSettings (type)
{
"additionalProperties": false,
"description": "Represents the Intrusion Detection System settings for NSX+.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "GlobalIdsSettings",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"auto_update": {
"default": false,
"description": "Parameter to let the user decide whether to update the IDS Signatures automatically or not.",
"required": false,
"title": "Auto update signatures flag",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Global Intrusion Detection System settings\n",
"type": "object"
}
GlobalIdsSignature (type)
{
"additionalProperties": false,
"description": "Global IDS signature.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "GlobalIdsSignature",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action.",
"enum": [
"ALERT",
"DROP",
"REJECT"
],
"title": "Global IDS signature's action",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable": {
"default": true,
"description": "Flag through which user can Activate/Deactivate a Signature at Global Level.",
"title": "Flag to Activate/Deactivate a IDS Signature globally.",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_custom_signature": {
"description": "It represents whether the overridden signature is custom or system signature.",
"nsx_feature": "IDSCustomSignatures",
"readonly": true,
"title": "Flag to determine custom signature",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"signature_id": {
"description": "Represents the Signature's id.",
"required": true,
"title": "Signature ID",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Global IDS signature",
"type": "object"
}
GlobalManager (type)
{
"additionalProperties": false,
"description": "Global Manager.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "GlobalManager",
"module_id": "PolicySiteGM",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"connection_info": {
"description": "To create a standby GM, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the GM has been successfully onboarded, the connection_info is discarded and authentication to the standby GM occurs using an X.509 client certificate.",
"items": {
"$ref": "SiteNodeConnectionInfo
},
"maxItems": 3,
"title": "Connection information",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"fail_if_rtt_exceeded": {
"default": true,
"description": "Fail onboarding if maximum RTT exceeded.",
"title": "Fail onboarding if maximum RTT exceeded",
"type": "boolean"
},
"federation_id": {
"description": "Internally generated UUID to the federation of Global Manager.",
"readonly": true,
"title": "Global manager federation UUID",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"maximum_rtt": {
"default": 250,
"description": "If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.",
"maximum": 1000,
"minimum": 0,
"title": "Maximum acceptable packet round trip time (RTT)",
"type": "integer"
},
"mode": {
"description": "There can be at most one ACTIVE global manager and one STANDBY global manager. In order to add a STANDBY manager, there must be an ACTIVE manager defined.",
"enum": [
"ACTIVE",
"STANDBY"
],
"required": true,
"title": "Mode of the global manager",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"site_id": {
"description": "UUID of the site where Global manager is running. This is the Site Manager generated UUID for every NSX deployment.",
"readonly": true,
"title": "UUID of the site where Global manager is running",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Global Manager",
"type": "object"
}
GlobalManagerConfig (type)
{
"additionalProperties": false,
"description": "This configuration is distributed to all Sites participating in federation.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "GlobalManagerConfig",
"module_id": "PolicySiteGM",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rtep_config": {
"$ref": "GmRtepConfig,
"description": "Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation.",
"required": false,
"title": "Global Manager federation RTEP configuration"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Global Manager configuration",
"type": "object"
}
GlobalManagerListRequestParameters (type)
{
"additionalProperties": false,
"description": "Site list request parameters.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "GlobalManagerListRequestParameters",
"module_id": "PolicySiteGM",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Site List Request Parameters",
"type": "object"
}
GlobalManagerListResult (type)
{
"additionalProperties": false,
"description": "Paged Collection of Global Managers.",
"extends": {
"$ref": "ListResult
},
"id": "GlobalManagerListResult",
"module_id": "PolicySiteGM",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Global Manager List Result.",
"items": {
"$ref": "GlobalManager
},
"required": true,
"title": "Global Manager List Result",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Global Managers",
"type": "object"
}
GlobalManagerSwitchOverRequestParameter (type)
{
"description": "Parameter to force switch over from Standby to Active.",
"id": "GlobalManagerSwitchOverRequestParameter",
"module_id": "PolicySiteGM",
"properties": {
"force": {
"description": "If true indicates that user requested make standby Global Manager as active ignoring the state of current active Global Manager. Typically, recommended to use when active Global Manager is failed or not reachable.",
"title": "Indciates force switchover to Active",
"type": "boolean"
}
},
"title": "Parameter to force switchover",
"type": "object"
}
GlobalRestoreStatus (type)
{
"id": "GlobalRestoreStatus",
"module_id": "ClusterRestore",
"properties": {
"description": {
"readonly": true,
"required": true,
"title": "A description of the restore status",
"type": "string"
},
"value": {
"enum": [
"INITIAL",
"SUCCESS",
"FAILED",
"RUNNING",
"SUSPENDED_BY_USER",
"SUSPENDED_FOR_USER_ACTION",
"SUSPENDED",
"ABORTED"
],
"readonly": true,
"required": true,
"title": "Global rolled-up restore status value",
"type": "string"
}
},
"title": "Overall restore process status",
"type": "object"
}
GmConfigOnboardingConflictEntityInfo (type)
{
"description": "Conflicting Entity information on GM.",
"id": "GmConfigOnboardingConflictEntityInfo",
"module_id": "GmConfigOnboarding",
"properties": {
"error_messages": {
"$ref": "ConfigOnboardingError,
"readonly": true,
"required": false
},
"example": {
"$ref": "OnboardingFeatureInfo,
"description": "Conflict example",
"readonly": true,
"required": false,
"title": "Conflict example"
}
},
"title": "GM config Onboarding Conflicting Entity Info",
"type": "object"
}
GmFederationSiteConfig (type)
{
"additionalProperties": false,
"description": "Additional configuration required for federation at Site.",
"id": "GmFederationSiteConfig",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"transit_subnet": {
"description": "IP Addresses to be allocated for transit segment when the gateway is stretched. Note that Global Manager will carve out the IP Pool for each site to be used for edge nodes when gateway is stretched based on the user provided subnet and maximum number of edge nodes allowed per site.",
"format": "ip-cidr-block",
"readlony": true,
"title": "Transit subnet in CIDR format",
"type": "string"
}
},
"title": "Federation configuration for the site",
"type": "object"
}
GmNodeStatus (type)
{
"id": "GmNodeStatus",
"module_id": "GmOperationalState",
"properties": {
"end_time": {
"read_only": true,
"title": "End time of the switchover operation",
"type": "integer"
},
"errors": {
"items": {
"type": "string"
},
"read_only": true,
"title": "Errors if any",
"type": "array"
},
"node_id": {
"read_only": true,
"title": "UUID of the Global Manager node",
"type": "string"
},
"start_time": {
"read_only": true,
"title": "Start time of the switchover operation",
"type": "integer"
},
"status": {
"enum": [
"IN_PROGRESS",
"COMPLETED",
"FAILED"
],
"read_only": true,
"title": "Status of switchover operation",
"type": "string"
},
"warnings": {
"items": {
"type": "string"
},
"read_only": true,
"title": "Errors if any",
"type": "array"
}
},
"title": "Represents the Global Manager node switchover status",
"type": "object"
}
GmOperationalState (type)
{
"description": "Represents the switchover operational state of Global Manager. Offers information about the current switchover operation including status from each Global Manager node and the errors if any.",
"id": "GmOperationalState",
"module_id": "GmOperationalState",
"properties": {
"consolidated_progress": {
"enum": [
"IN_PROGRESS",
"COMPLETED",
"FAILED"
],
"read_only": true,
"title": "Consolidated status of the current operation",
"type": "string"
},
"end_time": {
"read_only": true,
"title": "End time of the switchover operation",
"type": "integer"
},
"errors": {
"items": {
"type": "string"
},
"read_only": true,
"title": "Errors if any",
"type": "array"
},
"node_statuses": {
"items": {
"$ref": "GmNodeStatus
},
"read_only": true,
"title": "Switchover status from each NSX Global Manager appliance node",
"type": "array"
},
"site_manager_ref": {
"read_only": true,
"title": "Timestamp reference for the change provided by SiteManager",
"type": "integer"
},
"start_time": {
"read_only": true,
"title": "Start time of the switchover operation",
"type": "integer"
},
"status": {
"enum": [
"NONE",
"ACTIVE",
"STANDBY",
"SWITCHING_TO_ACTIVE",
"SWITCHING_TO_STANDBY",
"DECOMMISSIONED"
],
"read_only": true,
"required": true,
"title": "The current switchover operation requested.",
"type": "string"
},
"warnings": {
"items": {
"type": "string"
},
"read_only": true,
"title": "Errors if any",
"type": "array"
}
},
"title": "Represents the operational state of Global Manager",
"type": "object"
}
GmRtepConfig (type)
{
"additionalProperties": false,
"description": "Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation.",
"id": "GmRtepConfig",
"module_id": "PolicySiteGM",
"properties": {
"ibgp_password": {
"description": "Password to authenticate IBGP session between remote tunnel endpoints created on federated sites. This is applied to inter-site underlay IBGP neighbors created over remote tunnel endpoints on all sites. Empty string (\"\") clears existing password.",
"maxLength": 20,
"required": false,
"sensitive": true,
"title": "Password for IBGP sessions between federated sites",
"type": "secure_string"
}
},
"title": "Global Manager federation RTEP configuration",
"type": "object"
}
GraphConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration of a graph widget",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "GraphConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "GraphConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"axes": {
"$ref": "Axes,
"desription": "Represents the Axes of a graph. If axes is not specified, labels are not applied to the axes.",
"title": "Axes of a graph"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"display_x_value": {
"default": false,
"description": "If true, value of a point is shown as label on X axis. If false, value of point is not shown as label on X axis. false can be useful in situations where there are too many points and showing the X value as label can clutter the X axis.",
"title": "Show or hide the value of a point on X axis",
"type": "boolean"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"graphs": {
"decription": "Array of graphs to be plotted on the Axes. If more than 1 graph needs to be shown on the same axes, each graph will be distinguished by its color and legend.",
"items": {
"$ref": "GraphDefinition
},
"minItems": 1,
"required": true,
"title": "Graphs",
"type": "array"
},
"graphs_colors": {
"description": "An array of graphs colors which will be applied to each graph seperately. if number of provided colors are smaller than number of graph in the widget then colors are applied in circular manner.",
"items": {
"type": "string"
},
"title": "A colors for the graph",
"type": "array"
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"line_chart_plot_configs": {
"description": "List of line chart plotting configuration. This plotting configuration will be applicable for the LINE_GRAPH only.",
"items": {
"$ref": "LineChartPlotConfiguration
},
"required": false,
"title": "List of line chart plotting configuration",
"type": "array"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details.",
"title": "Navigation to a specified UI page",
"type": "string"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"sub_type": {
"default": "BAR_GRAPH",
"description": "Describes the the type of graph. LINE_GRAPH shows a line graph chart BAR_GRAPH shows a simple bar graph chart STACKED_BAR_GRAPH shows a stacked bar graph chart",
"enum": [
"LINE_GRAPH",
"BAR_GRAPH",
"STACKED_BAR_GRAPH"
],
"title": "Subtype of a graph",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
},
"x_value_type": {
"default": "string",
"description": "x value type.",
"enum": [
"string",
"number",
"date",
"millisecond",
"second"
],
"required": false,
"title": "x value type",
"type": "string"
},
"y_value_type": {
"description": "y value type.",
"enum": [
"integer",
"double"
],
"required": false,
"title": "y value type",
"type": "string"
}
},
"title": "Graph Configuration",
"type": "object"
}
GraphDefinition (type)
{
"additionalProperties": false,
"description": "Defines a graph",
"id": "GraphDefinition",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"id": {
"description": "Identifier of graph. It can be used to differentiate multiple graph series present in GraphWidgetConfiguration.",
"title": "Identifier of graph",
"type": "string"
},
"label": {
"$ref": "Label,
"description": "Describes the graph. It labels the entities of graph. If the label is not provided then it is not shown for a graph. For example, for a single graph, the title of widget can describe the graph and a label may not be necessary to be shown.",
"title": "Label of a graph"
},
"point_definition": {
"$ref": "PointDefinition,
"description": "Defines the points of a graph.",
"required": true,
"title": "Definition for points of a graph"
},
"render_configuration": {
"description": "Additional rendering or conditional evaluation of the field values to be performed, if any.",
"items": {
"$ref": "RenderConfiguration
},
"minItems": 0,
"title": "Render Configuration",
"type": "array"
},
"row_list_field": {
"description": "An expression that represents the series of the graph",
"required": false,
"title": "Expression for series of the graph",
"type": "string"
}
},
"title": "Definition of a graph",
"type": "object"
}
GreTunnel (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Tunnel
},
"id": "GreTunnel",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "GreTunnel"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_address": {
"$ref": "IPv4Address,
"description": "Destination IP address of P2P GRE Tunnel. The IP address that the NSX Edge will connect to.",
"required": true,
"title": "Destination IPv4 address"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "Enable/Disable Tunnel",
"required": false,
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mtu": {
"default": 1476,
"description": "Maximum transmission unit(MTU) in bytes specifies the size of the largest packet that a tunnel can transmit.",
"minimum": 64,
"required": false,
"title": "Maximum transmission unit",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Indicates Resource type of tunnel, GreTunnel - Resource type as GreTunnel will be used to configure P2P GRE Tunnel.",
"enum": [
"GreTunnel"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tunnel_address": {
"description": "Specify list of IP address per every edge node for tunnel interface. Supports both IPv4 and IPv6 address.",
"items": {
"$ref": "TunnelAddress
},
"maxItems": 8,
"minItems": 1,
"required": true,
"title": "Tunnel Address object parameter",
"type": "array"
},
"tunnel_keepalive": {
"$ref": "TunnelKeepAlive,
"description": "GRE Tunnel's keepalive configuration",
"required": false,
"title": "tunnel keep alive object"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "GRE Tunnel",
"type": "object"
}
GridConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration of a Grid or Table widget.",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "GridConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "GridConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"columns": {
"description": "Array of columns of a Grid widget",
"items": {
"$ref": "ColumnItem
},
"required": true,
"title": "Columns",
"type": "array"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"page_size": {
"default": 30,
"description": "Number of records per page. page_size will be effective only when the urls provided in the datasource support paging.",
"title": "Page Size",
"type": "int"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"row_list_fields": {
"description": "Rows of grid or table are formed from the list of objects returned by a row list field.",
"items": {
"$ref": "RowListField
},
"minItems": 1,
"required": true,
"title": "List of fields from which rows are formed",
"type": "array"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Grid Configuration",
"type": "object"
}
Group (type)
{
"additionalProperties": false,
"description": "Group.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Group",
"module_id": "Policy",
"policy_hierarchical_children": [
"ChildDnsSecurityProfileBindingMap",
"ChildGroupDiscoveryProfileBindingMap",
"ChildPolicyFirewallFloodProtectionProfileBindingMap",
"ChildPolicyFirewallSessionTimerProfileBindingMap"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"expression": {
"description": "The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed the defined Config Max limit for the form-factor of Manager nodes. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information.",
"items": {
"$ref": "Expression
},
"required": false,
"title": "Expression",
"type": "array"
},
"extended_expression": {
"description": "Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map.",
"items": {
"$ref": "Expression
},
"maxItems": 1,
"required": false,
"title": "Extended Expression",
"type": "array"
},
"group_type": {
"description": "Group type can be specified during create and update of a group. Empty group type indicates a 'generic' group, ie group can include any entity from the valid GroupMemberType.",
"items": {
"$ref": "GroupTypes
},
"maxItems": 1,
"required": false,
"title": "Indicates the group type.",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"reference": {
"default": false,
"description": "If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false.",
"readonly": true,
"title": "Indicates if the group is a reference.",
"type": "boolean"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"state": {
"enum": [
"IN_PROGRESS",
"SUCCESS",
"FAILURE"
],
"readonly": true,
"title": "Realization state of this group",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Group",
"type": "object"
}
GroupDeleteRequestParameters (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"extends": {
"$ref": "DeleteRequestParameters
},
"id": "GroupDeleteRequestParameters",
"module_id": "Policy",
"properties": {
"fail_if_subtree_exists": {
"default": false,
"description": "Check if the group sub-tree has any entities. These primarily include the binding maps that point to various profiles. If this flag is passed as true, the group delete fails if any binding maps exist in the group sub-tree. By default, this flag is false, which means that the group is deleted along with the group sub-tree.",
"title": "Do not delete if the group subtree has any entities",
"type": "boolean"
},
"force": {
"default": false,
"description": "If true, deleting the resource succeeds even if it is being referred as a resource reference.",
"title": "Force delete the resource even if it is being used somewhere\n",
"type": "boolean"
}
},
"title": "Group delete request parameters",
"type": "object"
}
GroupDiscoveryProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between discovery profile and Group. With this entity, user can specify intent for applying discovery profile profile to particular Group.",
"extends": {
"$ref": "ProfileBindingMap
},
"id": "GroupDiscoveryProfileBindingMap",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profile_path": {
"description": "PolicyPath of associated Profile",
"required": true,
"title": "Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupDiscoveryProfileBindingMap"
],
"relationshipType": "GROUP_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
},
{
"leftType": [
"PolicyFirewallFloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"FloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"PolicyFirewallCPUMemThresholdsProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FirewallCPUMemoryThresholdsProfile"
]
},
{
"leftType": [
"SessionTimerProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
},
{
"leftType": [
"DnsSecurityProfileBindingMap"
],
"relationshipType": "DNS_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"DnsSecurityProfile"
]
},
{
"leftType": [
"GeneralSecurityProfileBindingMap"
],
"relationshipType": "GATEWAY_GENERAL_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"GeneralSecurityProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"description": "Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000.",
"maximum": 100000,
"minimum": 1,
"requried": true,
"title": "Sequence number group discovery profile Binding Map",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Map for binding group with discovery profile",
"type": "object"
}
GroupDiscoveryProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "GroupDiscoveryProfileBindingMapListRequestParameters",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Group Discovery Profile Binding Map List Request Parameters",
"type": "object"
}
GroupDiscoveryProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "GroupDiscoveryProfileBindingMapListResult",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "GroupDiscoveryProfileBindingMap
},
"requried": true,
"title": "Group Discovery Profile Binding Map List Results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Group Discovery Profile Binding Map",
"type": "object"
}
GroupListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "GroupListRequestParameters",
"module_id": "Policy",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"member_types": {
"description": "Optionally, specify valid member types as request parameter to filter NSGroups.",
"required": false,
"title": "Comma Separated Member types",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Group list request parameters",
"type": "object"
}
GroupListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "GroupListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Group
},
"required": true,
"title": "Group list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Groups",
"type": "object"
}
GroupMemberActionParameters (type)
{
"additionalProperties": false,
"description": "Request Parameter to either add or remove the Group members.",
"id": "GroupMemberActionParameters",
"module_id": "Policy",
"properties": {
"action": {
"description": "Action parameter determines whether to add or remove the group members.",
"enum": [
"add",
"remove"
],
"required": true,
"title": "Add or Remove group members.",
"type": "string"
}
},
"title": "Request Parameters for Group members",
"type": "object"
}
GroupMemberList (type)
{
"additionalProperties": false,
"description": "List of same type members to either add or remove from a group.",
"id": "GroupMemberList",
"module_id": "Policy",
"properties": {
"members": {
"description": "This array contains group members of similar types.",
"items": {
"type": "string"
},
"maxItems": 4000,
"minItems": 1,
"required": true,
"title": "Groups members collection",
"type": "array"
}
},
"title": "Members to add or remove for a Group.",
"type": "object"
}
GroupMemberTagsList (type)
{
"additionalProperties": false,
"description": "Collection of tags used in a policy group for a particular member type",
"id": "GroupMemberTagsList",
"module_id": "PolicyGroupRealization",
"properties": {
"member_type": {
"required": true,
"title": "Member type for which we will list the tags",
"type": "string"
},
"tags": {
"items": {
"type": "string"
},
"required": true,
"title": "List of tags for the member type",
"type": "array"
}
},
"title": "Group tags list for a particular member type",
"type": "object"
}
GroupMemberType (type)
{
"enum": [
"VirtualMachine",
"VirtualNetworkInterface",
"SegmentPort",
"Segment",
"CloudNativeServiceInstance",
"IPAddress",
"MACAddress",
"IPSet",
"IdentityGroup",
"PhysicalServer",
"Pod",
"Service",
"Namespace",
"Cluster",
"TransportNode",
"Group",
"DVPG",
"DVPort",
"KubernetesCluster",
"KubernetesNamespace",
"AntreaEgress",
"AntreaIPPool",
"KubernetesIngress",
"KubernetesGateway",
"KubernetesService",
"KubernetesNode",
"VpcSubnet",
"VpcSubnetPort"
],
"id": "GroupMemberType",
"module_id": "Policy",
"title": "Valid Group member type",
"type": "string"
}
GroupMemberTypeListResult (type)
{
"additionalProperties": false,
"id": "GroupMemberTypeListResult",
"module_id": "Policy",
"properties": {
"result_count": {
"readonly": true,
"required": true,
"title": "Count of the member types in the results array",
"type": "integer"
},
"results": {
"items": {
"$ref": "GroupMemberType
},
"required": true,
"title": "Collection of member types for the given Group",
"type": "array"
}
},
"type": "object"
}
GroupMonitoringProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between monitoring profile and Group. Using this entity, you can specify intent for applying monitoring profile to particular Group. Group with membership criteria vm only supported as source group. Port mirroring is only supported on group with five vms. For the IPFIX profile, only Segment and Segment Port types are supported in the group.",
"extends": {
"$ref": "MonitoringProfileBindingMap
},
"id": "GroupMonitoringProfileBindingMap",
"module_id": "PolicyMonitoringProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ipfix_dfw_profile_path": {
"description": "PolicyPath of associated IPFIX DFW Profile",
"required": false,
"title": "IPFIX DFW Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupMonitoringProfileBindingMap"
],
"relationshipType": "IPFIX_DFW_PROFILE_GROUP_BINDING_MAP_RELATIONSHIP",
"rightType": [
"IPFIXDFWProfile"
]
}
]
},
"ipfix_l2_profile_path": {
"description": "PolicyPath of associated IPFIX L2 Profile",
"required": false,
"title": "IPFIX L2 Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupMonitoringProfileBindingMap"
],
"relationshipType": "IPFIX_L2_PROFILE_GROUP_BINDING_MAP_RELATIONSHIP",
"rightType": [
"IPFIXL2Profile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"port_mirroring_profile_path": {
"description": "PolicyPath of associated Port Mirroring Profile",
"required": false,
"title": "Port Mirroring Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupMonitoringProfileBindingMap"
],
"relationshipType": "PORT_MIRRORING_PROFILE_GROUP_BINDING_MAP_RELATIONSHIP",
"rightType": [
"PortMirroringProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Group Monitoring Profile binding map",
"type": "object"
}
GroupScopeExpression (type)
{
"additionalProperties": false,
"description": "Represents scope of the workloads that needs to be added to the Group.",
"extends": {
"$ref": "Expression
},
"id": "GroupScopeExpression",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "GroupScopeExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"scope_path": {
"required": true,
"title": "Path of the scope",
"type": "string"
},
"scope_type": {
"enum": [
"PROJECT",
"VPC"
],
"required": true,
"title": "Scope type",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Scope association expression node",
"type": "object"
}
GroupStatusListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "GroupStatusListRequestParameters",
"module_id": "Upgrade",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"has_errors": {
"default": false,
"readonly": false,
"required": false,
"title": "Flag to indicate whether to return only upgrade units with errors",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
GroupTagsList (type)
{
"additionalProperties": false,
"description": "Collection of tags used in a policy group listed per member type",
"id": "GroupTagsList",
"module_id": "PolicyGroupRealization",
"properties": {
"results": {
"items": {
"$ref": "GroupMemberTagsList
},
"required": true,
"title": "Collection of tags used in a policy group listed per member type",
"type": "array"
}
},
"title": "Group tags list listed per member type",
"type": "object"
}
GroupTypes (type)
{
"description": "ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types.",
"enum": [
"IPAddress",
"ANTREA"
],
"id": "GroupTypes",
"module_id": "Policy",
"title": "Valid Group Types.",
"type": "string"
}
Header (type)
{
"additionalProperties": false,
"description": "Header of a widget that provides additional information. This will be shown at the container level. It includes details as label value pairs.",
"id": "Header",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"condition": {
"description": "If the condition is met then the header will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"content_alignment": {
"default": "RIGHT",
"description": "Alignment of header labels.",
"enum": [
"LEFT",
"RIGHT"
],
"title": "alignment for labelvalue pair",
"type": "string"
},
"sub_header_widgets": {
"description": "An array of widgets which will appear inside the container header Instead of 'sub_headers' property use this property.",
"items": {
"$ref": "WidgetItem
},
"minItems": 0,
"title": "An array of widgets inside the container header",
"type": "array"
},
"sub_headers": {
"deprecated": true,
"description": "An array of label-value properties. This field is deprecated instead used 'sub_header_widgets' property to define header widgets.",
"items": {
"$ref": "PropertyItem
},
"minItems": 0,
"title": "Rows",
"type": "array"
}
},
"title": "Widget Header",
"type": "object"
}
HealthRequestParameters (type)
{
"additionalProperties": false,
"id": "HealthRequestParameters",
"module_id": "PolicyMonitoring",
"properties": {
"dependent_services_health": {
"description": "If set to false, then it will return only policy health. If set to true, then it will return health of policy and it's dependent services. If it is not provided, then then it will return health of policy and it's dependent services.",
"title": "Fetch the health of policy and it's dependent services.",
"type": "boolean"
}
},
"title": "Service list request parameters",
"type": "object"
}
HostKeyAlgorithms (type)
{
"enum": [
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521",
"ssh-dss",
"ssh-ed25519",
"ssh-rsa"
],
"id": "HostKeyAlgorithms",
"title": "SSH key type",
"type": "string"
}
HostUpgradeStatus (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ComponentUpgradeStatus
},
"id": "HostUpgradeStatus",
"module_id": "Upgrade",
"properties": {
"can_rollback": {
"description": "This field indicates whether we can perform upgrade rollback.",
"readonly": true,
"required": false,
"title": "Can perform rollback",
"type": "boolean"
},
"can_skip": {
"readonly": true,
"required": false,
"title": "Can the upgrade of the remaining units in this component be skipped",
"type": "boolean"
},
"component_type": {
"readonly": true,
"required": false,
"title": "Component type for the upgrade status",
"type": "string"
},
"current_version_node_summary": {
"$ref": "NodeSummaryList,
"readonly": true,
"required": false,
"title": "Mapping of current versions of nodes and counts of nodes at the respective versions."
},
"details": {
"readonly": true,
"required": false,
"title": "Details about the upgrade status",
"type": "string"
},
"node_count_at_target_version": {
"description": "Number of nodes of the type and at the component version",
"readonly": true,
"required": false,
"title": "Count of nodes at target component version",
"type": "int"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"pre_upgrade_status": {
"$ref": "UpgradeChecksExecutionStatus,
"readonly": true,
"required": false,
"title": "Pre-upgrade status of the component-type"
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Upgrade status of component",
"type": "string"
},
"target_component_version": {
"readonly": true,
"required": false,
"title": "Target component version",
"type": "string"
}
},
"title": "Status of host upgrade",
"type": "object"
}
HostnameOrIPAddress (type)
{
"format": "hostname-or-ip",
"id": "HostnameOrIPAddress",
"module_id": "Common",
"title": "Hostname or IPv4 or IPv6 address",
"type": "string"
}
HostnameOrIPv46Address (type)
{
"id": "HostnameOrIPv46Address",
"maxLength": 255,
"pattern": "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\\.?$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$",
"title": "Hostname or IPv4 or IPv6 address",
"type": "string"
}
HostnameOrIPv4AddressOrEmptyString (type)
{
"id": "HostnameOrIPv4AddressOrEmptyString",
"maxLength": 255,
"module_id": "Common",
"pattern": "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\\.?$|^$",
"title": "Hostname or IPv4 address",
"type": "string"
}
HttpProtocol (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Protocol
},
"id": "HttpProtocol",
"polymorphic-type-descriptor": {
"type-identifier": "http"
},
"properties": {
"authentication_scheme": {
"$ref": "BasicAuthenticationScheme,
"title": "Scheme to authenticate if required"
},
"name": {
"enum": [
"http",
"https",
"scp",
"sftp"
],
"required": true,
"title": "Protocol name",
"type": "string"
}
},
"type": "object"
}
HttpRequestMethodType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"enum": [
"GET",
"OPTIONS",
"POST",
"HEAD",
"PUT"
],
"id": "HttpRequestMethodType",
"module_id": "LoadBalancer",
"title": "http monitor method",
"type": "string"
}
HttpRequestVersionType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"enum": [
"HTTP_VERSION_1_0",
"HTTP_VERSION_1_1"
],
"id": "HttpRequestVersionType",
"module_id": "LoadBalancer",
"title": "http request version",
"type": "string"
}
HttpServiceProperties (type)
{
"additionalProperties": false,
"id": "HttpServiceProperties",
"properties": {
"basic_authentication_enabled": {
"default": true,
"deprecated": true,
"description": "Identifies whether basic authentication is enabled or disabled in API calls.",
"title": "Enable or disable basic authentication",
"type": "boolean"
},
"certificate": {
"$ref": "Certificate,
"deprecated": true,
"readonly": true,
"required": true
},
"cipher_suites": {
"deprecated": true,
"items": {
"$ref": "CipherSuite
},
"minItems": 1,
"title": "Cipher suites used to secure contents of connection",
"type": "array"
},
"client_api_concurrency_limit": {
"default": 40,
"deprecated": true,
"description": "A per-client concurrency limit. This is the maximum number of outstanding requests that a client can have. For example, a client can open multiple connections to NSX and submit operations on each connection. When this limit is exceeded, the server returns a 503 Service Unavailable error to the client. To disable API concurrency limiting, set this value to 0.",
"minimum": 0,
"title": "Client API concurrency limit in calls",
"type": "integer"
},
"client_api_rate_limit": {
"default": 100,
"deprecated": true,
"description": "The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0.",
"minimum": 0,
"title": "Client API rate limit in calls per second",
"type": "integer"
},
"connection_timeout": {
"deprecated": true,
"maximum": 2147483647,
"minimum": 0,
"title": "NSX connection timeout, set to 0 to configure no timeout",
"type": "integer"
},
"cookie_based_authentication_enabled": {
"default": true,
"deprecated": true,
"description": "Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create.",
"title": "Enable or disable cookie-based authentication",
"type": "boolean"
},
"global_api_concurrency_limit": {
"default": 100,
"deprecated": true,
"description": "The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0.",
"minimum": 0,
"title": "Global API concurrency limit in calls",
"type": "integer"
},
"logging_level": {
"default": "INFO",
"enum": [
"OFF",
"FATAL",
"ERROR",
"WARN",
"INFO",
"DEBUG",
"TRACE"
],
"required": false,
"title": "Service logging level",
"type": "string"
},
"protocol_versions": {
"deprecated": true,
"items": {
"$ref": "ProtocolVersion
},
"minItems": 1,
"title": "TLS protocol versions",
"type": "array"
},
"redirect_host": {
"$ref": "HostnameOrIPv4AddressOrEmptyString,
"default": "",
"deprecated": true,
"title": "Host name or IP address to use for redirect location headers, or empty string to derive from current request"
},
"session_timeout": {
"deprecated": true,
"maximum": 2147483647,
"minimum": 0,
"title": "NSX session inactivity timeout, set to 0 to configure no timeout",
"type": "integer"
}
},
"title": "HTTP Service properties",
"type": "object"
}
HttpsProtocol (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Protocol
},
"id": "HttpsProtocol",
"polymorphic-type-descriptor": {
"type-identifier": "https"
},
"properties": {
"authentication_scheme": {
"$ref": "BasicAuthenticationScheme,
"title": "Scheme to authenticate if required"
},
"name": {
"enum": [
"http",
"https",
"scp",
"sftp"
],
"required": true,
"title": "Protocol name",
"type": "string"
},
"sha256_thumbprint": {
"required": true,
"title": "SSL thumbprint of server",
"type": "string"
}
},
"type": "object"
}
ICMPTypeServiceEntry (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ServiceEntry
},
"id": "ICMPTypeServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "ICMPTypeServiceEntry"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"icmp_code": {
"maximum": 255,
"minimum": 0,
"required": false,
"title": "ICMP message code",
"type": "integer"
},
"icmp_type": {
"maximum": 255,
"minimum": 0,
"required": false,
"title": "ICMP message type",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"protocol": {
"enum": [
"ICMPv4",
"ICMPv6"
],
"required": true,
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"IPProtocolServiceEntry",
"IGMPTypeServiceEntry",
"ICMPTypeServiceEntry",
"ALGTypeServiceEntry",
"L4PortSetServiceEntry",
"EtherTypeServiceEntry",
"NestedServiceServiceEntry"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A ServiceEntry that represents IPv4 or IPv6 ICMP protocol",
"type": "object"
}
IGMPTypeServiceEntry (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ServiceEntry
},
"id": "IGMPTypeServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "IGMPTypeServiceEntry"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"IPProtocolServiceEntry",
"IGMPTypeServiceEntry",
"ICMPTypeServiceEntry",
"ALGTypeServiceEntry",
"L4PortSetServiceEntry",
"EtherTypeServiceEntry",
"NestedServiceServiceEntry"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A ServiceEntry that represents IGMP protocol",
"type": "object"
}
IPAddress (type)
{
"format": "ip",
"id": "IPAddress",
"module_id": "Common",
"title": "IPv4 or IPv6 address",
"type": "string"
}
IPAddressExpression (type)
{
"additionalProperties": false,
"description": "Represents IP address expressions in the form of an array, to support addition of IP addresses in a group.If duplicate IP Addresses are provided these will be filtered out and only unique IP Addresses will be considered. Avoid creating groups with multiple IPAddressExpression.In future releases, group will be restricted to contain a single IPAddressExpression. To group IPAddresses, use nested groups instead of multiple IPAddressExpressions.",
"extends": {
"$ref": "Expression
},
"id": "IPAddressExpression",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "IPAddressExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_addresses": {
"description": "This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, \"192.168.1.1\", \"192.168.1.1-192.168.1.100\", \"192.168.0.0/24\", \"fe80::250:56ff:fe83:318c\", \"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c\", \"fe80::250:56ff:fe83:318c/64\". The max limit for number of IP addresses applies across all expressions in a group. Please refer to Config Max limits specification document for a given environment.",
"items": {
"$ref": "IPElement
},
"maxItems": 25000,
"minItems": 1,
"required": true,
"title": "Array of IP addresses",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IP address expression node",
"type": "object"
}
IPAddressGroupAssociationRequestParams (type)
{
"description": "List request parameters containing ip address and enforcement point path",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "IPAddressGroupAssociationRequestParams",
"module_id": "PolicyGroupRealization",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"ip_address": {
"required": true,
"title": "IPAddress",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List request parameters containing ip address and enforcement point path",
"type": "object"
}
IPAddressList (type)
{
"additionalProperties": false,
"description": "Collection of IP Addresses.",
"id": "IPAddressList",
"module_id": "Policy",
"properties": {
"ip_addresses": {
"description": "The array contains IP addresses.",
"items": {
"$ref": "IPElement
},
"maxItems": 25000,
"minItems": 1,
"required": true,
"title": "Array of IP addresses",
"type": "array"
}
},
"title": "IP Address collection.",
"type": "object"
}
IPAddressOrCIDRBlock (type)
{
"format": "address-or-cidr-block",
"id": "IPAddressOrCIDRBlock",
"module_id": "Common",
"title": "IPAddress or CIDR Block",
"type": "string"
}
IPAddresses (type)
{
"id": "IPAddresses",
"module_id": "PortMirroring",
"properties": {
"ip_addresses": {
"description": "The IP addresses in the form of IP Address, IP Range, CIDR, used as source IPs or destination IPs of filters.",
"items": {
"$ref": "IPElement
},
"minItems": 1,
"required": false,
"title": "IPs of the filter",
"type": "array"
}
},
"type": "object"
}
IPCIDRBlock (type)
{
"format": "ip-cidr-block",
"id": "IPCIDRBlock",
"module_id": "Common",
"title": "IPv4 or IPv6 CIDR Block",
"type": "string"
}
IPDiscoveryProfile (type)
{
"additionalProperties": false,
"description": "Using this profile to configure different options of IP Discovery",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPDiscoveryProfile",
"module_id": "PolicyIpDiscovery",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"arp_nd_binding_timeout": {
"default": 10,
"description": "This property controls the ARP and ND cache timeout period. It is recommended that this property be greater than the ARP/ND cache timeout on the VM.",
"maximum": 120,
"minimum": 5,
"required": false,
"title": "ARP and ND cache timeout (in minutes)",
"type": "int"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"duplicate_ip_detection": {
"$ref": "DuplicateIPDetectionOptions,
"description": "Duplicate IP detection is used to determine if there is any IP conflict with any other port on the same logical switch. If a conflict is detected, then the IP is marked as a duplicate on the port where the IP was discovered last. The duplicate IP will not be added to the realized address binings for the port and hence will not be used in DFW rules or other security configurations for the port.rt.",
"readonly": false,
"required": false,
"title": "Duplicate IP Dection Options"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_v4_discovery_options": {
"$ref": "IPv4DiscoveryOptions,
"description": "Indicates IPv4 Discovery options",
"required": false,
"title": "IPv4 Discovery options"
},
"ip_v6_discovery_options": {
"$ref": "IPv6DiscoveryOptions,
"description": "Indicates IPv6 Discovery options",
"required": false,
"title": "IPv6 Discovery options"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tofu_enabled": {
"default": true,
"description": "Indicates whether \"Trust on First Use(TOFU)\" paradigm is enabled.",
"required": false,
"title": "Is TOFU enabled or not",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_name": [
"ip discovery segment profile"
],
"title": "IP Discovery Profile",
"type": "object"
}
IPDiscoveryProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "IPDiscoveryProfileListRequestParameters",
"module_id": "PolicyIpDiscovery",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "IP Discovery Profile request parameters",
"type": "object"
}
IPDiscoveryProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "IPDiscoveryProfileListResult",
"module_id": "PolicyIpDiscovery",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "IPDiscoveryProfile
},
"required": true,
"title": "IP Discovery profile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of IP Discovery Profiles",
"type": "object"
}
IPElement (type)
{
"description": "IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are \"192.168.1.1\", \"192.168.1.1-192.168.1.100\", \"192.168.0.0/24\", \"fe80::250:56ff:fe83:318c\", \"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c\", \"fe80::250:56ff:fe83:318c/64\"",
"format": "address-or-block-or-range",
"id": "IPElement",
"module_id": "Common",
"title": "IP address, range, or subnet",
"type": "string"
}
IPElementList (type)
{
"description": "IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are \"192.168.1.1\", \"192.168.1.1-192.168.1.100\", \"192.168.0.0/24\", \"fe80::250:56ff:fe83:318c\", \"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c\", \"fe80::250:56ff:fe83:318c/64\"",
"format": "list-of-address-or-block-or-range",
"id": "IPElementList",
"module_id": "Common",
"title": "List of IP address, range, or subnet",
"type": "string"
}
IPFIXDFWCollector (type)
{
"additionalProperties": false,
"description": "IPFIX DFW data will be collected on collector Host IP and Port address should be provided for collector.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPFIXDFWCollector",
"module_id": "PolicyIPFIXDFW",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"collector_ip_address": {
"$ref": "IPAddress,
"description": "IP address for the IPFIX DFW collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid.",
"required": true,
"title": "IP address"
},
"collector_port": {
"description": "Port for the IPFIX DFW collector.",
"maximum": 65535,
"minimum": 0,
"required": true,
"title": "Port",
"type": "int"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPFIX DFW Collector",
"type": "object"
}
IPFIXDFWCollectorProfile (type)
{
"additionalProperties": false,
"description": "IPFIX data for the NSX distributed firewall will be sent to the specified IPFIX collectors.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPFIXDFWCollectorProfile",
"module_id": "PolicyIPFIXDFW",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ipfix_dfw_collectors": {
"description": "It accepts Multiple Collectors.",
"items": {
"$ref": "IPFIXDFWCollector
},
"minItems": 1,
"required": true,
"title": "IPFIX DFW Collectors.",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPFIX DFW Collector Profile",
"type": "object"
}
IPFIXDFWProfile (type)
{
"additionalProperties": false,
"description": "IPFIX packets from source will be sent to IPFIX DFW collector.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPFIXDFWProfile",
"module_id": "PolicyIPFIXDFW",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"active_flow_export_timeout": {
"default": 1,
"description": "For long standing active flows, IPFIX records will be sent per timeout period in minutes.",
"maximum": 60,
"minimum": 1,
"required": true,
"title": "Active timeout (Minutes)",
"type": "int"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ipfix_dfw_collector_profile_path": {
"description": "Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors.",
"required": true,
"title": "IPFIX collector Paths",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"IPFIXDFWProfile"
],
"relationshipType": "IPFIX_DFW_COLLECTION_COLLECTOR_PROFILE_RELATIONSHIP",
"rightType": [
"IPFIXDFWCollectorProfile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"observation_domain_id": {
"default": 0,
"description": "An identifier that is unique to the exporting process and used to meter the flows.",
"maximum": 65536,
"minimum": 0,
"required": false,
"title": "Observation domain ID",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"priority": {
"default": 0,
"description": "This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only.",
"maximum": 32000,
"minimum": 0,
"required": false,
"title": "Config Priority",
"type": "int"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPFIX DFW Profile",
"type": "object"
}
IPFIXL2Collector (type)
{
"additionalProperties": false,
"description": "IPFIX packets will be collected on collector. IP and port address should be provided for collector.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPFIXL2Collector",
"module_id": "PolicyIPFIXSwitch",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"collector_ip_address": {
"$ref": "IPAddress,
"description": "IP address for the IPFIX L2 collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid.",
"required": true,
"title": "IP address"
},
"collector_port": {
"default": 4739,
"description": "Port number for the IPFIX L2 collector.",
"maximum": 65535,
"minimum": 0,
"title": "Port",
"type": "int"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPFIX L2 Collector",
"type": "object"
}
IPFIXL2CollectorProfile (type)
{
"additionalProperties": false,
"description": "IPFIX L2 data will be collected on collectors.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPFIXL2CollectorProfile",
"module_id": "PolicyIPFIXSwitch",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ipfix_l2_collectors": {
"description": "It accepts Multiple Collector objects.",
"items": {
"$ref": "IPFIXL2Collector
},
"maxItems": 4,
"minItems": 1,
"required": true,
"title": "It accepts Multiple Collector objects.",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPFIX L2 Collector Profile",
"type": "object"
}
IPFIXL2Profile (type)
{
"additionalProperties": false,
"description": "IPFIX data from source logical segment, port, group will be forwarded to IPFIX collector.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPFIXL2Profile",
"module_id": "PolicyIPFIXSwitch",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"active_timeout": {
"default": 300,
"description": "The time in seconds after a flow is expired even if more packets matching this flow are received by the cache.",
"maximum": 3600,
"minimum": 60,
"title": "Active timeout",
"type": "int"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"export_overlay_flow": {
"default": true,
"description": "This property controls whether overlay flow info is included in the sample result.",
"required": false,
"title": "Export overlay Flow",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idle_timeout": {
"default": 300,
"description": "The time in seconds after a flow is expired if no more packets matching this flow are received by the cache.",
"maximum": 3600,
"minimum": 60,
"required": false,
"title": "Idle timeout",
"type": "int"
},
"ipfix_collector_profile_path": {
"description": "Policy path for IPFIX collector profile. User can specify only one IPFIX collector.",
"required": true,
"title": "IPFIX collector Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"IPFIXL2Profile"
],
"relationshipType": "IPFIX_L2_PROFILE_COLLECTOR_PROFILE_RELATIONSHIP",
"rightType": [
"IPFIXL2CollectorProfile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"max_flows": {
"default": 16384,
"description": "The maximum number of flow entries in each exporter flow cache.",
"maximum": 4294967295,
"minimum": 0,
"required": false,
"title": "Max flows",
"type": "integer"
},
"observation_domain_id": {
"default": 0,
"description": "An identifier that is unique to the exporting process and used to meter the flows.",
"maximum": 4294967295,
"minimum": 0,
"required": false,
"title": "Observation domain ID",
"type": "integer"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"packet_sample_probability": {
"default": 0.1,
"description": "The probability in percentage that a packet is sampled, in range 0-100. The probability is equal for every packet.",
"exclusiveMinimum": true,
"maximum": 100,
"minimum": 0,
"required": true,
"title": "Packet sample probability",
"type": "number"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"priority": {
"default": 0,
"description": "This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only.",
"maximum": 32000,
"minimum": 0,
"required": false,
"title": "Config Priority",
"type": "int"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPFIX L2 Profile",
"type": "object"
}
IPInfo (type)
{
"description": "An IP information structure that includes a single IP address and its associated prefix length.",
"id": "IPInfo",
"module_id": "ServiceInsertionCommonTypes",
"properties": {
"ip_addresses": {
"items": {
"$ref": "IPAddress
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "IP Addresses",
"type": "array"
},
"prefix_length": {
"maximum": 128,
"minimum": 1,
"required": true,
"title": "Subnet Prefix Length",
"type": "integer"
}
},
"type": "object"
}
IPProtocolServiceEntry (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ServiceEntry
},
"id": "IPProtocolServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "IPProtocolServiceEntry"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"protocol_number": {
"maximum": 255,
"minimum": 0,
"required": true,
"type": "integer"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"IPProtocolServiceEntry",
"IGMPTypeServiceEntry",
"ICMPTypeServiceEntry",
"ALGTypeServiceEntry",
"L4PortSetServiceEntry",
"EtherTypeServiceEntry",
"NestedServiceServiceEntry"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A ServiceEntry that represents an IP protocol",
"type": "object"
}
IPSecDigestAlgorithm (type)
{
"additionalProperties": false,
"description": "The IPSecDigestAlgorithms are used to verify message integrity during IPSec VPN tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.",
"enum": [
"SHA1",
"SHA2_256",
"SHA2_384",
"SHA2_512"
],
"id": "IPSecDigestAlgorithm",
"module_id": "PolicyVpnIPSecVpn",
"title": "Digest Algorithms used in IPSec tunnel establishment",
"type": "string"
}
IPSecEncryptionAlgorithm (type)
{
"additionalProperties": false,
"description": "IPSecEncryptionAlgorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encyption. Digest algorithm should be empty for this option.",
"enum": [
"AES_128",
"AES_256",
"AES_GCM_128",
"AES_GCM_192",
"AES_GCM_256",
"NO_ENCRYPTION_AUTH_AES_GMAC_128",
"NO_ENCRYPTION_AUTH_AES_GMAC_192",
"NO_ENCRYPTION_AUTH_AES_GMAC_256",
"NO_ENCRYPTION"
],
"id": "IPSecEncryptionAlgorithm",
"module_id": "PolicyVpnIPSecVpn",
"title": "Encryption algorithm used in IPSec tunnel",
"type": "string"
}
IPSecVpnDpdProfile (type)
{
"additionalProperties": false,
"description": "Dead peer detection (DPD) is a method that allows detection of unreachable internet key excahnge (IKE) peers. Any changes affects all IPSec VPN sessions consuming this profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPSecVpnDpdProfile",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dpd_probe_interval": {
"description": "DPD probe interval defines an interval for DPD probes (in seconds). - When the DPD probe mode is periodic, this interval is the number of seconds between DPD messages. - When the DPD probe mode is on-demand, this interval is the number of seconds during which traffic is not received from the peer before DPD retry messages are sent if there is IPSec traffic to send. For PERIODIC Mode: Minimum: 3 Maximum: 360 Default: 60 For ON_DEMAND Mode: Minimum: 1 Maximum: 10 Default: 10",
"title": "DPD Probe Interval",
"type": "integer"
},
"dpd_probe_mode": {
"default": "PERIODIC",
"description": "DPD probe mode is used to query the liveliness of the peer. Two modes are possible: - PERIODIC: is used to query the liveliness of the peer at regular intervals (dpd_probe_interval). It does not take into consideration traffic coming from the peer. The benefit of this mode over the on-demand mode is earlier detection of dead peers. However, use of periodic DPD incurs extra overhead. When communicating to large numbers of peers, please consider using on-demand DPD instead. - ON_DEMAND: is used to query the liveliness of the peer by instructing the local endpoint to send DPD message to a peer if there is traffic to send to the peer AND the peer was idle for dpd_probe_interval seconds (i.e. there was no traffic from the peer for dpd_probe_interval seconds).",
"enum": [
"PERIODIC",
"ON_DEMAND"
],
"title": "DPD Probe Mode",
"type": "string"
},
"enabled": {
"default": true,
"description": "If true, enable dead peer detection.",
"title": "Enable dead peer detection (DPD)",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"retry_count": {
"default": 10,
"description": "Maximum number of DPD messages' retry attempts. This value is applicable for both dpd probe modes, periodic and on-demand.",
"maximum": 100,
"minimum": 1,
"title": "Retry Count",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Dead peer detection (DPD) profile",
"type": "object"
}
IPSecVpnIkeProfile (type)
{
"additionalProperties": false,
"description": "IKE Profile is a reusable profile that captures IKE phase one negotiation parameters. Any changes affects all IPSec VPN sessions consuming this profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPSecVpnIkeProfile",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dh_groups": {
"description": "Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.",
"items": {
"$ref": "DhGroup
},
"title": "DH group",
"type": "array"
},
"digest_algorithms": {
"description": "Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. A default value of SHA2_256 will be applied only when the supplied encryption algorithms contain either AES_128 or AES_256.",
"items": {
"$ref": "IkeDigestAlgorithm
},
"title": "Algorithm for message hash",
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"encryption_algorithms": {
"description": "Encryption algorithm is used during Internet Key Exchange(IKE) negotiation. Default is AES_128.",
"items": {
"$ref": "IkeEncryptionAlgorithm
},
"title": "Encryption algorithm for IKE",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_version": {
"default": "IKE_V2",
"description": "IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2.",
"enum": [
"IKE_V1",
"IKE_V2",
"IKE_FLEX"
],
"title": "IKE version",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sa_life_time": {
"default": 86400,
"description": "Life time for security association. Default is 86400 seconds (1 day).",
"maximum": 31536000,
"minimum": 21600,
"title": "Security association (SA) life time",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Internet key exchange (IKE) profile",
"type": "object"
}
IPSecVpnLocalEndpoint (type)
{
"additionalProperties": false,
"description": "Local endpoint represents a tier-0/tier-1 on which tunnel needs to be terminated. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope attribute at the corresponding LM. Local endpoint without any scope will be realized on all sites. The scope attribute is applicable only on GM not on LM.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPSecVpnLocalEndpoint",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"certificate_path": {
"description": "Policy path referencing site certificate.",
"title": "Certificate path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"IPSecVpnLocalEndpoint"
],
"relationshipType": "IPSEC_VPN_LOCAL_ENDPOINT_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"local_address": {
"$ref": "IPAddress,
"description": "IPv4 or IPv6 Address of local endpoint. Please note that configuring local_address as IPv6 address is not supported in the deprecated IPSecVpnLocalEndpoint Patch/PUT APIs.",
"required": true,
"title": "IPv4 or IPv6 Address of local endpoint"
},
"local_id": {
"description": "Local identifier.",
"title": "Local identifier",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"scope": {
"description": "Scope attribute refers to the Policy path identifying the LocaleService of specific site where all the local end point configurations will be realized. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope at the corresponding LM. Local endpoint without any scope will be realized on all sites. This attribute will not be applicable on LM.",
"required": false,
"title": "scope identify the site to which LocalEndpoint configuration associated with. Applicable only in GM",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"IPSecVpnLocalEndpoint"
],
"relationshipType": "IPSEC_VPN_LOCAL_ENDPOINT_LOCALE_SERVICE_RELATIONSHIP",
"rightType": [
"LocaleServices"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"trust_ca_paths": {
"description": "List of policy paths referencing certificate authority (CA) to verify peer certificates.",
"items": {
"type": "string"
},
"title": "Certificate authority (CA) paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"IPSecVpnLocalEndpoint"
],
"relationshipType": "IPSEC_VPN_LOCAL_ENDPOINT_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"trust_crl_paths": {
"description": "List of policy paths referencing certificate revocation list (CRL) to peer certificates.",
"items": {
"type": "string"
},
"title": "Certificate revocation list (CRL) paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"IPSecVpnLocalEndpoint"
],
"relationshipType": "IPSEC_VPN_LOCAL_ENDPOINT_TLS_CRL_RELATIONSHIP",
"rightType": [
"TlsCrl"
]
}
]
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPSec VPN Local Endpoint",
"type": "object"
}
IPSecVpnRule (type)
{
"additionalProperties": false,
"description": "For policy-based IPsec VPNs, a security policy specifies as its action the VPN tunnel to be used for transit traffic that meets the policy\u2019s match criteria.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPSecVpnRule",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"default": "PROTECT",
"description": "PROTECT - Protect rules are defined per policy based IPSec VPN session. BYPASS - Bypass rules are defined per IPSec VPN service and affects all policy based IPSec VPN sessions. Bypass rules are prioritized over protect rules.",
"enum": [
"PROTECT",
"BYPASS"
],
"readonly": true,
"title": "Action to be applied",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destinations": {
"description": "List of IPv4 or IPv6 peer subnets. Specifying no value is interpreted as 0.0.0.0/0, ::/0. The maximum number of IPv4 or IPv6 local subnets allowed is 128 Please note that configuring IPv6 peer subnets is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.",
"items": {
"$ref": "IPSecVpnSubnet
},
"maxItems": 256,
"required": false,
"title": "Destination list",
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "A flag to enable/disable the rule.",
"title": "Enabled flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"logged": {
"default": false,
"description": "A flag to enable/disable the logging for the rule.",
"title": "Logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"description": "A sequence number is used to give a priority to an IPSecVpnRule.",
"minimum": 0,
"required": false,
"title": "Sequence number of the IPSecVpnRule",
"type": "int"
},
"sources": {
"description": "List of IPv4 or IPv6 local subnets. Specifying no value is interpreted as 0.0.0.0/0, ::/0. The maximum number of IPv4 or IPv6 local subnets allowed is 128 Please note that configuring IPv6 local subnets is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.",
"items": {
"$ref": "IPSecVpnSubnet
},
"maxItems": 256,
"required": false,
"title": "Source list",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPSec VPN Rule",
"type": "object"
}
IPSecVpnService (type)
{
"additionalProperties": false,
"description": "Create and manage IPSec VPN service under tier-0/tier-1.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPSecVpnService",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"bypass_rules": {
"description": "Bypass policy rules are configured using VPN service. Bypass rules always have higher priority over protect rules and they affect all policy based vpn sessions associated with the IPSec VPN service. Protect rules are defined per policy based vpn session.",
"items": {
"$ref": "IPSecVpnRule
},
"required": false,
"title": "Bypass Policy rules",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "If true, enable VPN services under tier-0/tier-1.",
"title": "Enable virtual private network (VPN) service",
"type": "boolean"
},
"ha_sync": {
"default": true,
"description": "Enable/disable IPSec HA state sync. IPSec HA state sync can be disabled if in case there are performance issues w.r.t. the state sync messages.",
"title": "Flag to enable IPSec HA State Sync",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_log_level": {
"default": "INFO",
"description": "Log level for internet key exchange (IKE).",
"enum": [
"DEBUG",
"INFO",
"WARN",
"ERROR",
"EMERGENCY"
],
"title": "Internet key exchange (IKE) log level",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPSec VPN service",
"type": "object"
}
IPSecVpnSession (type)
{
"abstract": true,
"additionalProperties": false,
"description": "VPN session defines connection between local and peer endpoint. Until VPN session is defined configuration is not realized.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPSecVpnSession",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"authentication_mode": {
"default": "PSK",
"description": "Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication.",
"enum": [
"PSK",
"CERTIFICATE"
],
"title": "Authentication Mode",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"compliance_suite": {
"description": "Compliance suite.",
"enum": [
"CNSA",
"SUITE_B_GCM_128",
"SUITE_B_GCM_256",
"PRIME",
"FOUNDATION",
"FIPS",
"NONE"
],
"title": "Compliance suite",
"type": "string"
},
"connection_initiation_mode": {
"default": "INITIATOR",
"description": "Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.",
"enum": [
"INITIATOR",
"RESPOND_ONLY",
"ON_DEMAND"
],
"title": "Connection initiation mode",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dpd_profile_path": {
"description": "Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.",
"title": "Dead peer detection (DPD) profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_DPD_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnDpdProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_DPD_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnDpdProfile"
]
}
]
},
"enabled": {
"default": true,
"description": "Enable/Disable IPSec VPN session.",
"title": "Enable/Disable IPSec VPN session",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_profile_path": {
"description": "Policy path referencing IKE profile to be used. Default is set according to system default profile.",
"title": "Internet key exchange (IKE) profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_IKE_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnIkeProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_IKE_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnIkeProfile"
]
}
]
},
"local_endpoint_path": {
"description": "Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.",
"required": false,
"title": "Local endpoint path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_LOCAL_ENDPOINT_RELATIONSHIP",
"rightType": [
"IPSecVpnLocalEndpoint"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_LOCAL_ENDPOINT_RELATIONSHIP",
"rightType": [
"IPSecVpnLocalEndpoint"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"peer_address": {
"$ref": "IPAddress,
"description": "Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.",
"required": false,
"title": "IPV4 or IPV6 address of peer endpoint on remote site"
},
"peer_id": {
"description": "Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.",
"required": false,
"title": "Peer id",
"type": "string"
},
"psk": {
"description": "IPSec Pre-shared key. Maximum length of this field is 128 characters.",
"sensitive": true,
"title": "Pre-shared key",
"type": "secure_string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "IPSecVpnSessionResourceType,
"required": true
},
"site_overrides": {
"description": "A collection of site specific attributes specificed only on GM",
"items": {
"$ref": "SiteOverride
},
"maxItems": 128,
"required": false,
"title": "SiteOverride list",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_mss_clamping": {
"$ref": "TcpMaximumSegmentSizeClamping,
"description": "TCP Maximum Segment Size Clamping Direction and Value.",
"title": "TCP MSS Clamping"
},
"tunnel_profile_path": {
"description": "Policy path referencing Tunnel profile to be used. Default is set to system default profile.",
"title": "IPSec tunnel profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_TUNNEL_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnTunnelProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_TUNNEL_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnTunnelProfile"
]
}
]
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPSec VPN session",
"type": "object"
}
IPSecVpnSessionResourceType (type)
{
"additionalProperties": false,
"description": "A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.",
"enum": [
"PolicyBasedIPSecVpnSession",
"RouteBasedIPSecVpnSession"
],
"id": "IPSecVpnSessionResourceType",
"module_id": "PolicyVpnIPSecVpn",
"title": "Resource types of IPsec VPN session",
"type": "string"
}
IPSecVpnSubnet (type)
{
"additionalProperties": false,
"description": "Used to specify the local/peer subnets in IPSec VPN rule.",
"id": "IPSecVpnSubnet",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"subnet": {
"$ref": "IPCIDRBlock,
"description": "Subnet used in policy rule.",
"required": true,
"title": "IPv4/IPv6 Peer or local subnet"
}
},
"title": "Subnet for IPSec Policy based VPN",
"type": "object"
}
IPSecVpnTunnelInterface (type)
{
"additionalProperties": false,
"description": "IP tunnel interface configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPSecVpnTunnelInterface",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_subnets": {
"description": "IP Tunnel interface (commonly referred as VTI) subnet. Supports assigning both IPv4 and IPV6 subnets to VTI. If two IPs are provided for VTI, both cannot be of same IP versions. Please note that configuring IPv6 subnets to VTI is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.",
"items": {
"$ref": "TunnelInterfaceIPSubnet
},
"maxItems": 2,
"minItems": 1,
"required": true,
"title": "IP Tunnel interface subnet",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IP tunnel interface configuration",
"type": "object"
}
IPSecVpnTunnelProfile (type)
{
"additionalProperties": false,
"description": "IPSec VPN tunnel profile is a reusable profile that captures phase two negotiation parameters and IPSec tunnel properties. Any changes affects all IPSec VPN sessions consuming this profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IPSecVpnTunnelProfile",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"df_policy": {
"default": "COPY",
"description": "Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet.",
"enum": [
"COPY",
"CLEAR"
],
"title": "Policy for handling defragmentation bit",
"type": "string"
},
"dh_groups": {
"description": "Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.",
"items": {
"$ref": "DhGroup
},
"title": "Dh group",
"type": "array"
},
"digest_algorithms": {
"description": "Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm \"AES_GCM_128\".",
"items": {
"$ref": "IPSecDigestAlgorithm
},
"title": "Algorithm for message hash",
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_perfect_forward_secrecy": {
"default": true,
"description": "If true, perfect forward secrecy (PFS) is enabled.",
"title": "Enable perfect forward secrecy",
"type": "boolean"
},
"encryption_algorithms": {
"description": "Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128.",
"items": {
"$ref": "IPSecEncryptionAlgorithm
},
"title": "Encryption algorithm to use in IPSec tunnel establishement",
"type": "array"
},
"extended_attributes": {
"description": "Collection of type specific properties. As of now, to hold encapsulation mode and transform protocol.",
"items": {
"$ref": "AttributeVal
},
"readonly": true,
"required": false,
"title": "Extended Attributes.",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sa_life_time": {
"default": 3600,
"description": "SA life time specifies the expiry time of security association. Default is 3600 seconds.",
"maximum": 31536000,
"minimum": 900,
"title": "Security association (SA) life time",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IPSec VPN tunnel profile",
"type": "object"
}
IPSubnet (type)
{
"additionalProperties": false,
"id": "IPSubnet",
"module_id": "LogicalRouterPorts",
"properties": {
"ip_addresses": {
"description": "All IP addresses, some of which may be automatically configured. When updating this field, the payload may contain only the IP addresses that should be changed, or may contain the IP addresses to change as well as the automatically assigned addresses. Currently, only one updatable address and one system-maintained address are supported. Currently, the system-maintained address supported is Extended Unique Identifier(EUI)-64 address. EUI-64 address is generated by the system only when user configured ip-subnet has prefix length less than or equal to 64.",
"items": {
"$ref": "IPAddress
},
"maxItems": 2,
"minItems": 1,
"required": true,
"title": "IP Addresses",
"type": "array"
},
"prefix_length": {
"maximum": 128,
"minimum": 1,
"required": true,
"title": "Subnet Prefix Length",
"type": "integer"
}
},
"type": "object"
}
IPv4Address (type)
{
"format": "ipv4",
"id": "IPv4Address",
"module_id": "Common",
"title": "IPv4 address",
"type": "string"
}
IPv4AddressProperties (type)
{
"additionalProperties": false,
"id": "IPv4AddressProperties",
"properties": {
"ip_address": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$",
"title": "Interface IPv4 address",
"type": "string"
},
"netmask": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$",
"title": "Interface netmask",
"type": "string"
}
},
"title": "IPv4 address properties",
"type": "object"
}
IPv4CIDRBlock (type)
{
"format": "ipv4-cidr-block",
"id": "IPv4CIDRBlock",
"module_id": "Common",
"title": "IPv4 CIDR Block",
"type": "string"
}
IPv4DiscoveryOptions (type)
{
"additionalProperties": false,
"description": "Contains IPv4 related discovery options.",
"id": "IPv4DiscoveryOptions",
"module_id": "PolicyIpDiscovery",
"properties": {
"arp_snooping_config": {
"$ref": "ArpSnoopingConfig,
"description": "Indicates ARP snooping options",
"required": false,
"title": "ARP snooping configuration"
},
"dhcp_snooping_enabled": {
"default": true,
"description": "Indicates whether DHCP snooping is enabled",
"required": false,
"title": "Is DHCP snooping enabled or not",
"type": "boolean"
},
"vmtools_enabled": {
"default": true,
"description": "Indicates whether fetching IP using vm-tools is enabled. This option is only supported on ESX where vm-tools is installed.",
"required": false,
"title": "Is VM tools enabled or not",
"type": "boolean"
}
},
"title": "IPv4 discovery options",
"type": "object"
}
IPv6Address (type)
{
"format": "ipv6",
"id": "IPv6Address",
"module_id": "Common",
"title": "IPv6 address",
"type": "string"
}
IPv6AddressProperties (type)
{
"additionalProperties": false,
"id": "IPv6AddressProperties",
"properties": {
"ip6_address": {
"pattern": "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$",
"title": "Interface IPv6 address",
"type": "string"
},
"ip6_gateway": {
"pattern": "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$",
"title": "IPv6 Gateway",
"type": "string"
},
"prefixlen": {
"title": "Prefix length",
"type": "integer"
}
},
"title": "IPv6 address properties",
"type": "object"
}
IPv6CIDRBlock (type)
{
"format": "ipv6-cidr-block",
"id": "IPv6CIDRBlock",
"module_id": "Common",
"title": "IPv6 CIDR Block",
"type": "string"
}
IPv6DADStatus (type)
{
"additionalProperties": false,
"id": "IPv6DADStatus",
"module_id": "LogicalRouterPorts",
"properties": {
"ip_address": {
"$ref": "IPAddress,
"description": "IP address on the port for which DAD status is reported.",
"readonly": true,
"required": false,
"title": "IP address"
},
"status": {
"$ref": "DADStatus,
"description": "DAD status for IP address on the port.",
"readonly": true,
"required": false,
"title": "DAD Status"
},
"transport_node": {
"description": "Array of transport node id on which DAD status is reported for given IP address.",
"items": {
"$ref": "ResourceReference
},
"readonly": true,
"required": false,
"title": "Transport node",
"type": "array"
}
},
"title": "IPv6 DAD status",
"type": "object"
}
IPv6DiscoveryOptions (type)
{
"additionalProperties": false,
"description": "Contains IPv6 related discovery options.",
"id": "IPv6DiscoveryOptions",
"module_id": "PolicyIpDiscovery",
"properties": {
"dhcp_snooping_v6_enabled": {
"default": false,
"description": "Enable this method will snoop the DHCPv6 message transaction which a VM makes with a DHCPv6 server. From the transaction, we learn the IPv6 addresses assigned by the DHCPv6 server to this VM along with its lease time.",
"required": false,
"title": "Is DHCP snoping v6 enabled or not",
"type": "boolean"
},
"nd_snooping_config": {
"$ref": "NdSnoopingConfig,
"description": "Indicates ND snooping options",
"required": false,
"title": "ND snooping configuration"
},
"vmtools_v6_enabled": {
"default": false,
"description": "Enable this method will learn the IPv6 addresses which are configured on interfaces of a VM with the help of the VMTools software.",
"required": false,
"type": "boolean"
}
},
"title": "IPv6 discovery options",
"type": "object"
}
IPv6Status (type)
{
"additionalProperties": false,
"id": "IPv6Status",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"connected_segment_path": {
"description": "Path of the segment attached to the interface.",
"readonly": true,
"required": false,
"title": "Connected segment path",
"type": "string"
},
"dad_statuses": {
"description": "Array of DAD status which contains DAD information for IP addresses on the interface.",
"items": {
"$ref": "IPv6DADStatus
},
"readonly": true,
"title": "IPv6 DAD status",
"type": "array"
},
"interface_id": {
"description": "Policy path or realization ID of interface for which IPv6 DAD status is returned.",
"title": "Policy path or realization ID of interface",
"type": "string"
},
"tier0_gateway": {
"description": "Tier-0 Gateway this router Link belongs to.",
"title": "Tier-0 Gateway",
"type": "string"
},
"tier1_gateway": {
"description": "Tier-1 Gateway this router Link belongs to.",
"title": "Tier-1 Gateway",
"type": "string"
}
},
"title": "IPv6 status",
"type": "object"
}
IcmpEchoRequestHeader (type)
{
"additionalProperties": false,
"id": "IcmpEchoRequestHeader",
"module_id": "Traceflow",
"properties": {
"id": {
"default": 0,
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "ICMP id",
"type": "integer"
},
"sequence": {
"default": 0,
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "ICMP sequence number",
"type": "integer"
}
},
"type": "object"
}
Icon (type)
{
"additionalProperties": false,
"description": "Icon to be applied at dashboard for widgets and UI elements.",
"id": "Icon",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"color": {
"description": "Icon color applied to icon in hex format.",
"title": "Icon color applied to icon in hex format",
"type": "string"
},
"placement": {
"default": "PRE",
"description": "If specified as PRE, the icon appears before the UI element. If set as POST, the icon appears after the UI element.",
"enum": [
"PRE",
"POST"
],
"title": "Position at which to display icon, if any",
"type": "string"
},
"size": {
"description": "Icon size in unit applied to icon.A unit can be specified by the 'size_unit' property.",
"minimum": 1,
"title": "Icon size in unit",
"type": "number"
},
"size_unit": {
"description": "Icon size unit applied to icon along with size. if 'size' property value is provided and no value is provided for this property then default value for this proerty is set to 'px'.",
"enum": [
"px",
"rem",
"pc"
],
"title": "Icon size unit in rem/px/pc",
"type": "string"
},
"tooltip": {
"description": "Multi-line text to be shown on tooltip while hovering over the icon.",
"items": {
"$ref": "Tooltip
},
"title": "Multi-line tooltip",
"type": "array"
},
"type": {
"description": "Icon will be rendered based on its type. For example, if ERROR is chosen, then icon representing error will be rendered. or else custom svg icon name can be given.",
"title": "Type of icon",
"type": "string"
}
},
"title": "Icon",
"type": "object"
}
IdentityFirewallAdStore (type)
{
"extends": {
"$ref": "IdentityFirewallStore
},
"id": "IdentityFirewallAdStore",
"module_id": "PolicyIdentity",
"polymorphic-type-descriptor": {
"type-identifier": "IdentityFirewallAdStore"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"base_distinguished_name": {
"description": "Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head.",
"required": true,
"title": "IdentityFirewallStore base distinguished name",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"event_log_servers": {
"description": "IdentityFirewallStore Event Log server's information including host, name, protocol and so on.",
"items": {
"$ref": "IdentityFirewallStoreEventLogServer
},
"maxItems": 50,
"readonly": true,
"required": false,
"title": "Event Log server of IdentityFirewallStore",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ldap_servers": {
"description": "IdentityFirewallStore LDAP servers' information including host, name, port, protocol and so on.",
"items": {
"$ref": "IdentityFirewallStoreLdapServer
},
"maxItems": 50,
"required": true,
"title": "LDAP server of IdentityFirewallStore",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"name": {
"description": "IdentityFirewallStore name which best describes the Directory domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.",
"required": true,
"title": "IdentityFirewallStore name",
"type": "string"
},
"netbios_name": {
"description": "NetBIOS names can contain all alphanumeric characters except for the certain disallowed characters. Names can contain a period, but names cannot start with a period. NetBIOS is similar to DNS in that it can serve as a directory service, but more limited as it has no provisions for a name hierarchy and names are limited to 15 characters. The netbios name is case insensitive and is stored in upper case regardless of input case.",
"required": true,
"title": "IdentityFirewallStore NETBIOS name",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Domain resource type comes from multiple sub-classes extending this base class. For example, IdentityFirewallAdStore is one accepted resource_type. If there are more sub-classes defined, they will also be accepted resource_type.",
"enum": [
"IdentityFirewallAdStore"
],
"required": true,
"title": "IdentityFirewallStore resource type",
"type": "string"
},
"selective_sync_settings": {
"$ref": "SelectiveSyncSettings,
"description": "SelectiveSync settings toggle the SelectiveSync feature and selected OrgUnits. If this is not specified, SelectiveSync is disabled by default.",
"required": false,
"title": "SelectiveSync settings"
},
"sync_settings": {
"$ref": "DirectoryDomainSyncSettings,
"description": "Each domain sync settings can be changed using this object. It is not required since there are default values used if there is no specification for this object.",
"required": false,
"title": "IdentityFirewallStore sync settings"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Active IdentityFirewallStore",
"type": "object"
}
IdentityFirewallStore (type)
{
"abstract": true,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdentityFirewallStore",
"module_id": "PolicyIdentity",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"event_log_servers": {
"description": "IdentityFirewallStore Event Log server's information including host, name, protocol and so on.",
"items": {
"$ref": "IdentityFirewallStoreEventLogServer
},
"maxItems": 50,
"readonly": true,
"required": false,
"title": "Event Log server of IdentityFirewallStore",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ldap_servers": {
"description": "IdentityFirewallStore LDAP servers' information including host, name, port, protocol and so on.",
"items": {
"$ref": "IdentityFirewallStoreLdapServer
},
"maxItems": 50,
"required": true,
"title": "LDAP server of IdentityFirewallStore",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"name": {
"description": "IdentityFirewallStore name which best describes the Directory domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.",
"required": true,
"title": "IdentityFirewallStore name",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Domain resource type comes from multiple sub-classes extending this base class. For example, IdentityFirewallAdStore is one accepted resource_type. If there are more sub-classes defined, they will also be accepted resource_type.",
"enum": [
"IdentityFirewallAdStore"
],
"required": true,
"title": "IdentityFirewallStore resource type",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IdentityFirewallStore",
"type": "object"
}
IdentityFirewallStoreEventLogServer (type)
{
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdentityFirewallStoreEventLogServer",
"module_id": "PolicyIdentity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"domain_name": {
"description": "IdentityFirewallStore name which best describes the IdentityFirewallStore. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for IdentityFirewallStore name among different IdentityFirewallStores.",
"required": false,
"title": "IdentityFirewallStore name",
"type": "string"
},
"host": {
"description": "Directory Event Log server DNS host name or ip address which is reachable by NSX manager to be connected and do event fetching.",
"format": "hostname-or-ip",
"required": true,
"title": "Event log server host name",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"password": {
"description": "IdentityFirewallStore event log server connection password.",
"required": false,
"sensitive": true,
"title": "Event log server password",
"type": "secure_string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"status": {
"$ref": "DirectoryEventLogServerStatus,
"description": "Event log server connection status object",
"required": false,
"title": "Event log server connection status"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"username": {
"description": "Directory event log server connection user name.",
"required": false,
"title": "Event log server username",
"type": "string"
}
},
"title": "Event log server of IdentityFirewallStore",
"type": "object"
}
IdentityFirewallStoreLdapServer (type)
{
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdentityFirewallStoreLdapServer",
"module_id": "PolicyIdentity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"domain_name": {
"description": "IdentityFirewallStore name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for IdentityFirewallStore name among different IdentityFirewallStores.",
"required": false,
"title": "IdentityFirewallStore name",
"type": "string"
},
"host": {
"description": "IdentityFirewallStore LDAP server DNS host name or ip address which is reachable by NSX manager to be connected and do object synchronization.",
"format": "hostname-or-ip",
"required": true,
"title": "LDAP server host name",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"password": {
"description": "IdentityFirewallStore LDAP server connection password.",
"required": false,
"sensitive": true,
"title": "LDAP server password",
"type": "secure_string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"port": {
"default": 389,
"description": "IdentityFirewallStore LDAP server connection TCP/UDP port.",
"max": 65535,
"min": 1,
"required": false,
"title": "LDAP server TCP/UDP port",
"type": "integer"
},
"protocol": {
"default": "LDAP",
"description": "IdentityFirewallStore LDAP server connection protocol which is either LDAP or LDAPS.",
"enum": [
"LDAP",
"LDAPS"
],
"required": false,
"title": "LDAP server protocol",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"thumbprint": {
"description": "IdentityFirewallStore LDAP server certificate thumbprint used in secure LDAPS connection.",
"required": false,
"title": "LDAP server certificate thumbprint using SHA-256 algorithm",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"username": {
"description": "IdentityFirewallStore LDAP server connection user name.",
"required": false,
"title": "LDAP server username",
"type": "string"
}
},
"title": "LDAP server of directory domain",
"type": "object"
}
IdentityGroupExpression (type)
{
"additionalProperties": false,
"description": "Represents a list of identity group (Ad group SID) expressions.",
"extends": {
"$ref": "Expression
},
"id": "IdentityGroupExpression",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "IdentityGroupExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"identity_groups": {
"description": "This array consists of set of identity group object. All members within this array are implicitly OR'ed together.",
"items": {
"$ref": "IdentityGroupInfo
},
"maxItems": 500,
"minItems": 1,
"required": true,
"title": "Array of identity group",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IdentityGroup expression node",
"type": "object"
}
IdentityGroupInfo (type)
{
"id": "IdentityGroupInfo",
"module_id": "PolicyIdentity",
"properties": {
"distinguished_name": {
"description": "Each LDAP object is uniquely identified by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas. e.g. CN=Larry Cole,CN=admin,DC=corp,DC=acme,DC=com. A valid fully qualified distinguished name should be provided to include specific groups else the create / update realization of the Group containing an invalid/ partial DN will fail. This value is valid only if it matches to exactly 1 LDAP object on the LDAP server.",
"required": true,
"title": "LDAP distinguished name",
"type": "string"
},
"domain_base_distinguished_name": {
"description": "This is the base distinguished name for the domain where this particular group resides. (e.g. dc=example,dc=com) Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head.",
"required": true,
"title": "Identity (Directory) domain base distinguished name",
"type": "string"
},
"sid": {
"description": "A security identifier (SID) is a unique value of variable length used to identify a trustee. A SID consists of the following components: The revision level of the SID structure; A 48-bit identifier authority value that identifies the authority that issued the SID; A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID. This field is only populated for Microsoft Active Directory identity store.",
"required": false,
"title": "Identity (Directory) Group SID (security identifier)",
"type": "string"
}
},
"title": "Identity (Directory) group",
"type": "object"
}
IdentitySourceLdapServer (type)
{
"description": "Information about a single LDAP server.",
"id": "IdentitySourceLdapServer",
"module_id": "LdapIdentitySources",
"properties": {
"bind_identity": {
"description": "A username used to authenticate to the directory when admnistering roles in NSX. This user should have privileges to search the LDAP directory for groups and users. This user is also used in some cases (OpenLDAP) to look up an NSX user's distinguished name based on their NSX login name. If omitted, NSX will authenticate to the LDAP server using an LDAP anonymous bind operation. For Active Directory, provide a userPrincipalName (e.g. [email protected]) or the full distinguished nane. For OpenLDAP, provide the distinguished name of the user (e.g. uid=admin, cn=airius, dc=com).",
"title": "Username or DN for LDAP authentication",
"type": "string"
},
"certificates": {
"description": "If using LDAPS or STARTTLS, provide the X.509 certificate of the LDAP server in PEM format. This property is not required when connecting without TLS encryption and is ignored in that case.",
"items": {
"type": "string"
},
"title": "TLS certificate(s) for LDAP server(s)",
"type": "array"
},
"enabled": {
"default": true,
"description": "Allows the LDAP server to be enabled or disabled. When disabled, this LDAP server will not be used to authenticate users.",
"title": "If true, this LDAP server is enabled",
"type": "boolean"
},
"password": {
"description": "A password used when authenticating to the directory.",
"sensitive": true,
"title": "Username for LDAP authentication",
"type": "secure_string"
},
"url": {
"description": "The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme.",
"required": true,
"title": "The URL for the LDAP server",
"type": "string"
},
"use_starttls": {
"default": false,
"description": "If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS.",
"title": "Enable/disable StartTLS",
"type": "boolean"
}
},
"title": "An LDAP server",
"type": "object"
}
IdentitySourceLdapServerEndpoint (type)
{
"description": "Information about a single LDAP server endpoint.",
"id": "IdentitySourceLdapServerEndpoint",
"module_id": "LdapIdentitySources",
"properties": {
"url": {
"description": "The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme.",
"required": true,
"title": "The URL for the LDAP server",
"type": "string"
},
"use_starttls": {
"default": false,
"description": "If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS.",
"title": "Enable/disable StartTLS",
"type": "boolean"
}
},
"title": "An LDAP server endpoint",
"type": "object"
}
IdentitySourceLdapServerProbeResult (type)
{
"description": "The results of probing an individual LDAP server.",
"id": "IdentitySourceLdapServerProbeResult",
"module_id": "LdapIdentitySources",
"properties": {
"errors": {
"description": "Detail about errors encountered during the probe.",
"items": {
"$ref": "LdapProbeError
},
"title": "Error details",
"type": "array"
},
"result": {
"description": "Overall result of the probe. If the probe was able to connect to the LDAP service, authenticate using the provided credentials, and perform searches of the configured user and group search bases without error, the result is SUCCESS. Otherwise, the result is FAILURE, and additional details may be found in the errors property.",
"enum": [
"SUCCESS",
"FAILURE"
],
"title": "Overall result",
"type": "string"
},
"url": {
"description": "THe URL of the probed LDAP host.",
"title": "LDAP Server URL",
"type": "string"
}
},
"title": "Results from one LDAP server probe",
"type": "object"
}
IdsClusterConfig (type)
{
"additionalProperties": false,
"description": "IDS configuration to activate/deactivate IDS on cluster level.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsClusterConfig",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cluster": {
"$ref": "PolicyResourceReference,
"description": "Contains policy resource reference object",
"readonly": false,
"required": true,
"title": "PolicyResourceReference"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ids_enabled": {
"description": "If set to true, IDS is enabled on the respective cluster",
"readonly": false,
"required": true,
"title": "Ids enabled flag",
"type": "boolean"
},
"is_stale": {
"description": "If set to true, this cluster has been deleted from NSX.",
"readonly": true,
"title": "Cluster stale flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Intrusion Detection System cluster configuration",
"type": "object"
}
IdsCustomSignatureSettings (type)
{
"additionalProperties": false,
"description": "Represents the IDS Custom Signature settings.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsCustomSignatureSettings",
"module_id": "PolicyIDSCustomSignature",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_custom_signatures": {
"default": false,
"description": "Flag to enable custom signatures globally.",
"required": false,
"title": "Custom signatures global enablement flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IDS Custom Signature settings\n",
"type": "object"
}
IdsGatewayPolicy (type)
{
"description": "Represents the Intrusion Detection System Gateway Policy, which contains the list of IDS Rules.",
"extends": {
"$ref": "IdsPolicy
},
"id": "IdsGatewayPolicy",
"module_id": "PolicyIDSGateway",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"rules": {
"items": {
"$ref": "IdsRule
},
"required": false,
"title": "IDS Rules that are a part of this SecurityPolicy",
"type": "array"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of IDS Rules",
"type": "object"
}
IdsGlobalEventConfig (type)
{
"additionalProperties": false,
"description": "Represents IDS event publishing configuration for NSX-I and NDR.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsGlobalEventConfig",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ids_data_topic_name": {
"default": "ids_data",
"required": false,
"title": "kafka topic into which to publish IDS events.",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"publish_ids_events": {
"default": false,
"description": "When this flag is set to true, IDS events will be sent to kafka, for consumption by components such as NSX-I and NDR.",
"required": false,
"title": "A flag to indicate if IDS events need to be sent to kafka",
"type": "boolean"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Intrusion Detection System global event configuration\n",
"type": "object"
}
IdsPcapConfig (type)
{
"additionalProperties": false,
"description": "Pcap Configuration for IdsProfile.",
"id": "IdsPcapConfig",
"module_id": "PolicyIDS",
"properties": {
"pcap_byte_count": {
"default": 10000,
"description": "Determine how many bytes will be captured.",
"maximum": 65536,
"minimum": 1524,
"required": false,
"title": "IDPS Byte capture count.",
"type": "int"
},
"pcap_enabled": {
"default": false,
"description": "Flag which determines whether packet capturing is enabled or not.",
"required": false,
"title": "A flag to activate/deactivate pcap for IDPS Profile.",
"type": "boolean"
},
"pcap_packet_count": {
"default": 5,
"description": "Determine how many packets will be captured.",
"maximum": 15,
"minimum": 1,
"required": false,
"title": "IDPS Packet capture count.",
"type": "int"
}
},
"title": "IDPS Pcap configuration\n",
"type": "object"
}
IdsPcapFileMetadata (type)
{
"additionalProperties": false,
"description": "Represents pcap file as requested by the User.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsPcapFileMetadata",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"available_until": {
"description": "Time until which the file will be avilable for download.",
"readonly": true,
"title": "Available untill",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"exported_on": {
"description": "Time when the file extraction started.",
"readonly": true,
"title": "Extracted Time",
"type": "string"
},
"failure_cause": {
"description": "If creation of zipped pcap file fails then this will tell the failure cause.",
"readonly": true,
"title": "Failure Cause",
"type": "string"
},
"file_name": {
"description": "Name of the Pcap File requested by the user.",
"required": false,
"title": "Pcap File Name.",
"type": "string"
},
"file_size": {
"description": "Tells the size of the zipped pcap file.",
"readonly": true,
"title": "File size",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"node_id": {
"description": "Node wher file extraction is triggered.",
"readonly": true,
"title": "Node Id",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pcap_ids": {
"description": "List of all pcap ids which are requested by the user as part of this File.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Pcap Ids.",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"signature_ids": {
"description": "List of all signature ids which are part of the events whose pcap files is selected by the user as part of this File.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Signature Ids.",
"type": "array"
},
"status": {
"description": "READY means zipped pcap file is succesfully created and ready to download. IN_PROGRESS means creation of zipped pcap file is in progress. FAILED means some error occurred during creation of zipped pcap file. INCOMPLETE means zipped pcap file doea not have all the specified pcaps.",
"enum": [
"READY",
"IN_PROGRESS",
"FAILED",
"INCOMPLETE"
],
"readonly": true,
"title": "IDS zipped pcap file status",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IDPS pcap file\n",
"type": "object"
}
IdsPolicy (type)
{
"description": "Represents the Intrusion Detection System Policy, which contains the list of IDS Rules.",
"extends": {
"$ref": "Policy
},
"id": "IdsPolicy",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"rules": {
"items": {
"$ref": "IdsRule
},
"required": false,
"title": "IDS Rules that are a part of this SecurityPolicy",
"type": "array"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of IDS Rules",
"type": "object"
}
IdsProfile (type)
{
"additionalProperties": false,
"description": "IDS Profile which contains the signatures and will be used in IDS rules.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsProfile",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"criteria": {
"description": "Represents the filtering criteria for the IDS Profile. 1. A non-empty criteria list, must be of odd size. In a list, with indices starting from 0, all IdsProfileFilterCriteria must be at even indices, separated by the IdsProfileConjunctionOperator AND at odd indices. 2. There may be at most 7 IdsProfileCriteria objects inside a list.",
"items": {
"$ref": "IdsProfileCriteria
},
"maxItems": 7,
"required": false,
"title": "Filtering criteria of IDS Profile",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"include_custom_signatures": {
"description": "Represents the flag to enable/disable the inclusion of custom signatures in the profile.",
"nsx_feature": "IDSCustomSignatures",
"title": "Include Custom Signatures flag",
"type": "boolean"
},
"include_system_signatures": {
"description": "Represents the flag to enable/disable the inclusion of system signatures in the profile. By default this flag will be true.",
"nsx_feature": "IDSCustomSignatures",
"title": "Include System Signatures flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"overridden_signatures": {
"description": "Represents the signatures that has been overridden for this Profile.",
"items": {
"$ref": "IdsProfileLocalSignature
},
"required": false,
"title": "Represents the signatures that is overridden for the Profile",
"type": "array"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pcap_config": {
"$ref": "IdsPcapConfig,
"description": "Tells about the Pcap configuration for a IDS Profile. Only supported on Local Manager.",
"required": false,
"title": "Represents pcap configuration"
},
"profile_severity": {
"description": "Represents the severities of signatures which are part of this profile.",
"items": {
"$ref": "ProfileSeverity
},
"required": false,
"title": "IDS Profile severity",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"severities": {
"deprecated": true,
"description": "Represents the severities of signatures which are part of this profile.",
"items": {
"$ref": "IdsProfileSeverity
},
"required": false,
"title": "IDS Profile severity",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Intrusion Detection System Profile",
"type": "object"
}
IdsProfileConjunctionOperator (type)
{
"additionalProperties": false,
"description": "Represents the operator AND.",
"extends": {
"$ref": "IdsProfileCriteria
},
"id": "IdsProfileConjunctionOperator",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "IdsProfileConjunctionOperator"
},
"properties": {
"operator": {
"enum": [
"AND"
],
"required": true,
"title": "IDS Profile Filter Condition",
"type": "string"
},
"resource_type": {
"enum": [
"IdsProfileConjunctionOperator",
"IdsProfileFilterCriteria"
],
"required": true,
"type": "string"
}
},
"title": "Represents the operator AND",
"type": "object"
}
IdsProfileCriteria (type)
{
"abstract": true,
"additionalProperties": false,
"description": "All the filtering criteria objects extend from this abstract class. This is present for extensibility.",
"id": "IdsProfileCriteria",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"enum": [
"IdsProfileConjunctionOperator",
"IdsProfileFilterCriteria"
],
"required": true,
"type": "string"
}
},
"title": "Base class for IDS Profile criteria",
"type": "object"
}
IdsProfileFilterCriteria (type)
{
"additionalProperties": false,
"description": "Represents the filtering criteria of a IDS Profile.",
"extends": {
"$ref": "IdsProfileCriteria
},
"id": "IdsProfileFilterCriteria",
"module_id": "PolicyIDS",
"polymorphic-type-descriptor": {
"type-identifier": "IdsProfileFilterCriteria"
},
"properties": {
"filter_name": {
"description": "Represents the filter for IDS Profile.",
"enum": [
"CVSS",
"ATTACK_TARGET",
"ATTACK_TYPE",
"PRODUCT_AFFECTED"
],
"required": true,
"title": "Represents the filter name",
"type": "string"
},
"filter_value": {
"description": "Represents the value of selected filter name. Note : The supported values for filter name CVSS are NONE, LOW, MEDIUM, HIGH, CRITICAL. NONE means CVSS score as 0.0 LOW means CVSS score as 0.1-3.9 MEDIUM means CVSS score as 4.0-6.9 HIGH means CVSS score as 7.0-8.9 CRITICAL means CVSS score as 9.0-10.0",
"items": {
"type": "string"
},
"required": true,
"title": "Represents the value of selected filter name",
"type": "array"
},
"resource_type": {
"enum": [
"IdsProfileConjunctionOperator",
"IdsProfileFilterCriteria"
],
"required": true,
"type": "string"
}
},
"title": "IDS Profile filter criteria",
"type": "object"
}
IdsProfileLocalSignature (type)
{
"additionalProperties": false,
"description": "IDS Profile local signature.",
"extends": {
"$ref": "GlobalIdsSignature
},
"id": "IdsProfileLocalSignature",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action.",
"enum": [
"ALERT",
"DROP",
"REJECT"
],
"title": "Global IDS signature's action",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable": {
"default": true,
"description": "Flag through which user can Activate/Deactivate a Signature at Global Level.",
"title": "Flag to Activate/Deactivate a IDS Signature globally.",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_custom_signature": {
"description": "It represents whether the overridden signature is custom or system signature.",
"nsx_feature": "IDSCustomSignatures",
"readonly": true,
"title": "Flag to determine custom signature",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"signature_id": {
"description": "Represents the Signature's id.",
"required": true,
"title": "Signature ID",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IDS Profile local signature",
"type": "object"
}
IdsProfileSeverity (type)
{
"additionalProperties": false,
"description": "Intrusion Detection System Profile severity.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsProfileSeverity",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ignore_signatures": {
"description": "Contains the id of signatures that will be ignored as part of the profile. This field is deprecated, please use ignore_signatures field under IdsProfile to ignore the signatures.",
"items": {
"type": "string"
},
"required": false,
"title": "Represents the signatures that will be ignored",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"severity": {
"description": "Represents the severity of a profile.",
"enum": [
"CRITICAL",
"HIGH",
"MEDIUM",
"LOW",
"SUSPICIOUS",
"NONE"
],
"required": true,
"title": "Severity of profile",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Intrusion Detection System Profile severity",
"type": "object"
}
IdsRule (type)
{
"additionalProperties": false,
"description": "Represents the Intrusion Detection System rule which indicates the action to be performed for the corresponding workload groups.",
"extends": {
"$ref": "BaseRule
},
"id": "IdsRule",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "The action to be applied.",
"enum": [
"DETECT",
"DETECT_PREVENT"
],
"title": "Action",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Destination group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"destinations_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups",
"readonly": false,
"required": false,
"title": "Negation of destination groups",
"type": "boolean"
},
"direction": {
"default": "IN_OUT",
"description": "Define direction of traffic.",
"enum": [
"IN",
"OUT",
"IN_OUT"
],
"required": false,
"title": "Direction",
"type": "string"
},
"disabled": {
"default": false,
"description": "Flag to deactivate the rule. Default is activated.",
"readonly": false,
"required": false,
"title": "Flag to deactivate the rule",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ids_profiles": {
"description": "collections of IDS or Anti-Malware profiles. At Max 1 each Profile will be supported.",
"items": {
"type": "string"
},
"maxItems": 2,
"minItems": 1,
"required": false,
"title": "IDS profiles",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_IDS_PROFILE_RELATIONSHIP",
"rightType": [
"IdsProfile"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_IDS_PROFILE_RELATIONSHIP",
"rightType": [
"MalwarePreventionProfile"
]
}
]
},
"ip_protocol": {
"description": "Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.",
"enum": [
"IPV4",
"IPV6",
"IPV4_IPV6"
],
"readonly": false,
"required": false,
"title": "IPv4 vs IPv6 packet type",
"type": "string"
},
"is_default": {
"description": "A flag to indicate whether rule is a default rule.",
"readonly": true,
"required": false,
"title": "Default rule flag",
"type": "boolean"
},
"logged": {
"default": false,
"description": "Flag to enable packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"notes": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.",
"maxLength": 2048,
"readonly": false,
"required": false,
"title": "Text for additional notes on changes",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"oversubscription": {
"$ref": "Oversubscription,
"default": "INHERIT_GLOBAL",
"description": "Following are the choices for oversubscription configuration at the rule-level. INHERIT_GLOBAL: Inherit the behavior from the global settings BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped",
"title": "Rule-level selection for oversubscription behavior"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profiles": {
"description": "Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Layer 7 service profiles or TLS action profile",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"Rule"
],
"relationshipType": "COMMUNICATION_ENTRY_L7_ACCESS_PROFILE_RELATIONSHIP",
"rightType": [
"L7AccessProfile"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_id": {
"description": "This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.",
"readonly": true,
"required": false,
"title": "Unique rule ID",
"type": "integer"
},
"scope": {
"description": "The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier0Interface",
"Tier1Interface",
"Tier0",
"Tier1",
"IPSecVpnSession",
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number",
"minimum": 0,
"required": false,
"title": "Sequence number of the this Rule",
"type": "int"
},
"service_entries": {
"description": "In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.",
"items": {
"$ref": "ServiceEntry
},
"maxItems": 128,
"required": false,
"title": "Raw services",
"type": "array"
},
"services": {
"description": "In order to specify all services, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Names of services",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"source_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Source group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sources_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups",
"readonly": false,
"required": false,
"title": "Negation of source groups",
"type": "boolean"
},
"tag": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.",
"required": false,
"title": "Tag applied on the rule",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A rule specifies the IDS security policy rule between the workload groups",
"type": "object"
}
IdsSecurityPolicy (type)
{
"description": "Represents the Intrusion Detection System Security Policy, which contains the list of IDS Rules.",
"extends": {
"$ref": "IdsPolicy
},
"id": "IdsSecurityPolicy",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"rules": {
"items": {
"$ref": "IdsRule
},
"required": false,
"title": "IDS Rules that are a part of this SecurityPolicy",
"type": "array"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of IDS Rules",
"type": "object"
}
IdsSettings (type)
{
"additionalProperties": false,
"description": "Represents the Intrusion Detection System settings.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsSettings",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"auto_update": {
"default": false,
"description": "Parameter to let the user decide whether to update the IDS Signatures automatically or not.",
"required": false,
"title": "Auto update signatures flag",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ids_events_to_syslog": {
"default": false,
"description": "Flag to send IDS events to syslog server.",
"required": false,
"title": "Flag to send IDS events to syslog server.",
"type": "boolean"
},
"ids_ever_enabled": {
"description": "Flag which tells whether IDS was ever enabled.",
"readonly": true,
"required": false,
"title": "Flag which tells whether IDS was ever enabled.",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"oversubscription": {
"$ref": "Oversubscription,
"default": "BYPASSED",
"description": "Following are the choices for oversubscription configuration at the global level. BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped",
"required": false,
"title": "Global toggle for whether the IDS oversubscribed packets need to be bypassed or dropped"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Intrusion Detection System settings\n",
"type": "object"
}
IdsSignature (type)
{
"additionalProperties": false,
"description": "Intrusion Detection System Signature .",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsSignature",
"module_id": "PolicyIDSMetrics",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "Signature action.",
"required": false,
"title": "Represents the signature's action",
"type": "string"
},
"attack_target": {
"description": "Target of the signature.",
"required": false,
"title": "Signature attack target",
"type": "string"
},
"categories": {
"description": "Represents the internal categories a signature belongs to.",
"items": {
"$ref": "IdsSignatureInternalCategory
},
"required": false,
"title": "IDS Signature Internal category",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"class_type": {
"description": "Class type of Signature.",
"required": false,
"title": "Signature class type",
"type": "string"
},
"confidence": {
"description": "Signature's confidence score.",
"title": "Confidence",
"type": "string"
},
"cves": {
"description": "CVE score",
"items": {
"type": "string"
},
"required": false,
"title": "Represents the cve score.",
"type": "array"
},
"cvss": {
"description": "Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. NONE means cvssv3/cvssv2 score as 0.0 LOW means cvssv3/cvssv2 score as 0.1-3.9 MEDIUM means cvssv3/cvssv2 score as 4.0-6.9 HIGH means cvssv3/cvssv2 score as 7.0-8.9 CRITICAL means cvssv3/cvssv2 score as 9.0-10.0",
"enum": [
"NONE",
"LOW",
"MEDIUM",
"HIGH",
"CRITICAL"
],
"required": false,
"title": "CVSS of signature",
"type": "string"
},
"cvss_score": {
"description": "Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. If cvssv3 exists, then this is the cvssv3 score, else it is the cvssv2 score.",
"required": false,
"title": "Signature CVSS score",
"type": "string"
},
"cvssv2": {
"description": "Signature cvssv2 score.",
"required": false,
"title": "Signature cvssv2 score",
"type": "string"
},
"cvssv3": {
"description": "Signature cvssv3 score.",
"required": false,
"title": "Signature cvssv3 score",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"direction": {
"description": "Source-destination direction.",
"title": "Direction",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable": {
"description": "Flag which tells whether the signature is enabled or not.",
"required": false,
"title": "Activate/Deactivate flag",
"type": "boolean"
},
"flow": {
"description": "Flow established from server, from client etc.",
"required": false,
"title": "Flow established.",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"impact": {
"description": "Impact of Signature.",
"title": "Impact",
"type": "string"
},
"malware_family": {
"description": "Family of the malware tracked in the signature.",
"title": "Malware Family",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mitre_attack": {
"description": "Mitre Attack details of Signature.",
"items": {
"$ref": "MitreAttack
},
"title": "MitreAttack",
"type": "array"
},
"name": {
"description": "Signature name.",
"required": false,
"title": "Represents the signature name",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"performance_impact": {
"description": "Performance impact of the signature.",
"title": "Performance impact",
"type": "string"
},
"policy": {
"description": "Signature policy.",
"items": {
"type": "string"
},
"title": "Policy",
"type": "array"
},
"product_affected": {
"description": "Product affected by this signature.",
"required": false,
"title": "Signature product affected",
"type": "string"
},
"protocol": {
"description": "Protocol used in the packet analysis.",
"title": "Protocol",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"risk_score": {
"description": "Risk score of signature.",
"title": "Risk Score",
"type": "string"
},
"severity": {
"description": "Represents the severity of the Signature.",
"required": false,
"title": "Signature severity",
"type": "string"
},
"signature": {
"description": "Decoded Signature.",
"title": "Signature",
"type": "string"
},
"signature_id": {
"description": "Represents the Signature's id.",
"required": false,
"title": "Signature ID",
"type": "string"
},
"signature_revision": {
"description": "Represents revision of the Signature.",
"required": false,
"title": "Signature revision",
"type": "string"
},
"signature_severity": {
"description": "Signature vendor set severity of the signature rule.",
"title": "Signature severity",
"type": "string"
},
"tag": {
"description": "Vendor assigned classification tag.",
"items": {
"type": "string"
},
"title": "Signature tag",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"threshold": {
"$ref": "IdsSignatureThreshold,
"description": "Default threshold values for IDS signature.",
"nsx_feature": "IdsThreshold",
"title": "IDS signature threshold values"
},
"type": {
"description": "Signature type.",
"items": {
"type": "string"
},
"title": "Type",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"urls": {
"description": "List of mitre attack URLs pertaining to signature",
"items": {
"type": "string"
},
"required": false,
"title": "List of mitre attack URLs pertaining to signature.",
"type": "array"
}
},
"title": "Intrusion Detection System Signature",
"type": "object"
}
IdsSignatureInternalCategory (type)
{
"additionalProperties": false,
"description": "Represents the internal categories. APPLICATION : IDS signature having protocol comes under APPLICATION internal category. MALWARE: IDS signature having malware_family comes under this internal category. VULNERABILITY : IDS signature having cvssv3 score comes under this internal category.",
"enum": [
"APPLICATION",
"MALWARE",
"VULNERABILITY"
],
"id": "IdsSignatureInternalCategory",
"module_id": "PolicyIDSMetrics",
"title": "IDS signature internal categories",
"type": "string"
}
IdsSignatureRateFilter (type)
{
"additionalProperties": false,
"description": "Rate filter for IDS signature can be used to change signature action when thresholds are met.",
"id": "IdsSignatureRateFilter",
"module_id": "PolicyIDSMetrics",
"nsx_feature": "IdsThreshold",
"properties": {
"count": {
"description": "Number of signature hits before rate filter is activated.",
"maximum": 60,
"minimum": 1,
"required": true,
"title": "Rate filter threshold count",
"type": "integer"
},
"new_action": {
"default": "DROP",
"description": "Indicates the new action to be applied when rate filter is activated for the signature. DROP - Traffic will be dropped when rate filter is activated.",
"enum": [
"DROP"
],
"required": false,
"title": "New action for rate filter",
"type": "string"
},
"time_period": {
"description": "Time period (in seconds) during which signature must be hit 'count' number of times in order to activate rate filter.",
"maximum": 3600,
"minimum": 1,
"required": true,
"title": "Rate filter time period in seconds",
"type": "integer"
},
"timeout": {
"description": "Time period (in seconds) during which rate filter will remain active once activated.",
"maximum": 3600,
"minimum": 1,
"required": true,
"title": "Rate filter activation timeout in seconds",
"type": "integer"
}
},
"title": "IDS signature rate filter",
"type": "object"
}
IdsSignatureStatus (type)
{
"additionalProperties": false,
"description": "Ids signature status.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsSignatureStatus",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"download_status": {
"description": "READY means signatures were downloaded and parsed successfully. PENDING means that signatures download is in progress. ERROR means error occurred during signature processing. DISABLED means IDS is deactivated.",
"enum": [
"READY",
"PENDING",
"ERROR",
"DISABLED"
],
"readonly": true,
"title": "IDS signature download status",
"type": "string"
},
"failure_cause": {
"description": "If signature download fails then this will tell the failure cause.",
"readonly": true,
"title": "Failure Cause",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"signature_status": {
"description": "AVAILABLE means the signatures are available for the version. UNAVAILABLE means there are no available signatures for the version.",
"enum": [
"AVAILABLE",
"UNAVAILABLE"
],
"readonly": true,
"title": "IDS signature status",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"version_id": {
"description": "Represents the version id.",
"readonly": true,
"title": "Version Id",
"type": "string"
}
},
"title": "Intrusion Detection System signature status",
"type": "object"
}
IdsSignatureThreshold (type)
{
"additionalProperties": false,
"description": "Threshold values for IDS signature can be used to control IDS event generation frequency.",
"id": "IdsSignatureThreshold",
"module_id": "PolicyIDSMetrics",
"properties": {
"count": {
"description": "Number of signature hits for threshold.",
"maximum": 60,
"minimum": 1,
"required": true,
"title": "Threshold count",
"type": "integer"
},
"threshold_type": {
"description": "THRESHOLD - An IDS event is generated if signature is hit at least 'count' times within specified time period. LIMIT - At most 'count' number of IDS events are generated for this signature within specified time period. BOTH - A single IDS event is generated if signature is hit at least 'count' times within specified time period.",
"enum": [
"THRESHOLD",
"LIMIT",
"BOTH"
],
"required": true,
"title": "Threshold type",
"type": "string"
},
"time_period": {
"description": "Time period (in seconds) for signature threshold.",
"maximum": 3600,
"minimum": 1,
"required": true,
"title": "Time period (in seconds) for threshold",
"type": "integer"
},
"track_by": {
"description": "This property is read-only and shows existing track by value from the signature. SOURCE - Track signature matches for threshold by source. DESTINATION - Track signature matches for threshold by destination.",
"enum": [
"SOURCE",
"DESTINATION"
],
"readonly": true,
"title": "Signature threshold tracking type",
"type": "string"
}
},
"title": "IDS signature threshold values",
"type": "object"
}
IdsSignatureVersion (type)
{
"additionalProperties": false,
"description": "It represents the version information corresponding to which the signatures will be available.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsSignatureVersion",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"change_log": {
"description": "Represents the version's change log.",
"readonly": true,
"title": "Change log",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sites": {
"description": "Contains the path of sites that has been mapped with the Signature Version.",
"items": {
"type": "string"
},
"required": false,
"title": "Represents the Sites mapped with the Signature Version.",
"type": "array"
},
"state": {
"description": "This flag tells which Version is currently active. ACTIVE: It means the signatures under this version is currently been used under IDS Profiles. NOTACTIVE: It means signatures of this version are available but not being used in IDS Profiles.",
"enum": [
"ACTIVE",
"NOTACTIVE"
],
"readonly": true,
"title": "State of the Version",
"type": "string"
},
"status": {
"description": "This flag tells the status of the signatures under a version. OUTDATED: It means the signatures under this version are outdated and new version is available. LATEST: It means the signatures of this version are up to date.",
"enum": [
"OUTDATED",
"LATEST"
],
"readonly": true,
"title": "Status of the Version",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"update_time": {
"$ref": "EpochMsTimestamp,
"description": "Time when this version was downloaded and saved.",
"readonly": true,
"title": "IDS Signature Version update time"
},
"user_uploaded": {
"description": "Flag which tells whether the Signature version is uploaded by user or not.",
"readonly": true,
"title": "User Uploaded Signature bundle flag",
"type": "boolean"
},
"version_id": {
"description": "Represents the version id.",
"readonly": true,
"title": "Version Id",
"type": "string"
}
},
"title": "Intrusion Detection System signature version",
"type": "object"
}
IdsStandaloneHostConfig (type)
{
"additionalProperties": false,
"description": "IDS configuration to activate/deactivate IDS on standalone host level.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsStandaloneHostConfig",
"module_id": "PolicyIDS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ids_enabled": {
"description": "If set to true, IDS is enabled on standalone hosts.",
"readonly": false,
"required": true,
"title": "IDS enabled flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Intrusion Detection System configuration",
"type": "object"
}
IdsThresholdConfig (type)
{
"additionalProperties": false,
"description": "Threshold configuration for IDS signature.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IdsThresholdConfig",
"module_id": "PolicyIDSMetrics",
"nsx_feature": "IdsThreshold",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"rate_filter": {
"$ref": "IdsSignatureRateFilter,
"description": "Rate filter for IDS signature can be used to change signature action when threshold is met.",
"required": false,
"title": "IDS signature rate filter"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"threshold": {
"$ref": "IdsSignatureThreshold,
"description": "Threshold values for IDS signature can be used to control IDS event generation frequency.",
"required": false,
"title": "IDS signature threshold values"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IDS signature threshold configuration",
"type": "object"
}
IkeDigestAlgorithm (type)
{
"additionalProperties": false,
"description": "The IkeDigestAlgorithms are used to verify message integrity during Ike negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.",
"enum": [
"SHA1",
"SHA2_256",
"SHA2_384",
"SHA2_512"
],
"id": "IkeDigestAlgorithm",
"module_id": "PolicyVpnIPSecVpn",
"title": "Digest Algorithms used in IKE negotiations",
"type": "string"
}
IkeEncryptionAlgorithm (type)
{
"additionalProperties": false,
"description": "IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GCM_128 uses 128-bit keys. AES_GCM_192 uses 192-bit keys. AES_GCM_256 uses 256-bit keys.",
"enum": [
"AES_128",
"AES_256",
"AES_GCM_128",
"AES_GCM_192",
"AES_GCM_256"
],
"id": "IkeEncryptionAlgorithm",
"module_id": "PolicyVpnIPSecVpn",
"title": "Encryption algorithms used in IKE",
"type": "string"
}
ImportErrorMessage (type)
{
"additional_properties": false,
"description": "Error message during import of network policy",
"id": "ImportErrorMessage",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"errors": {
"description": "Contains a list of errors against all network policy rules and fields failed during import.",
"items": {
"$ref": "ImportErrorMessageDetail
},
"title": "List of errors, if any",
"type": "array"
},
"network_policy_id": {
"description": "K8s Network Policy ID. If it's not set, the error_message is related to the overall import operation but not to specific K8s Network Policy.",
"required": false,
"title": "K8s network policy identifier.",
"type": "string"
}
},
"title": "Error Message during import of network policy",
"type": "object"
}
ImportErrorMessageDetail (type)
{
"additional_properties": false,
"description": "Detailed Error message during import of network policy rule or field.",
"id": "ImportErrorMessageDetail",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"error_code": {
"title": "Error Code",
"type": "string"
},
"error_message": {
"required": false,
"title": "Error message",
"type": "string"
}
},
"title": "Detailed Error Message of a K8s NetworkPolicy Rule or Field",
"type": "object"
}
ImportRequestParameter (type)
{
"additionalProperties": false,
"description": "This holds the request parameters required to invoke the import task.",
"extends": {
"$ref": "NoRestRequestParameters
},
"id": "ImportRequestParameter",
"module_id": "PolicyTask",
"properties": {
"draft_description": {
"description": "Description to be set on the draft, which will hold the imported configuration.",
"required": false,
"title": "Description to be set on the draft",
"type": "string"
},
"draft_display_name": {
"description": "Display name to be set on the draft, which will hold the imported configuration.",
"minLength": 1,
"required": true,
"title": "Display name to be set on the draft",
"type": "string"
},
"file": {
"description": "The file having stored firewall configuration. Only zip file will be accepted.",
"required": true,
"title": "File to be imported",
"type": "multipart_file"
},
"passphrase": {
"description": "Passphrase to verify imported files. Passphrase needs to be same as provided earlier to export operation which generated these imported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character.",
"required": true,
"sensitive": true,
"title": "Passphrase to verify imported files",
"type": "secure_string",
"validation_msg_key": "com.vmware.nsx.validation.constraints.BackupRestore.weak_passprase.message"
}
},
"title": "Import task request parameters",
"type": "object"
}
ImportTask (type)
{
"additionalProperties": false,
"description": "This object holds the information of the import task.",
"extends": {
"$ref": "PolicyTask
},
"id": "ImportTask",
"module_id": "PolicyTask",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"async_response_available": {
"display": {
"order": 13
},
"readonly": true,
"title": "True if response for asynchronous request is available",
"type": "boolean"
},
"cancelable": {
"display": {
"order": 8
},
"readonly": true,
"title": "True if this task can be canceled",
"type": "boolean"
},
"description": {
"display": {
"order": 2
},
"readonly": true,
"title": "Description of the task",
"type": "string"
},
"draft_path": {
"description": "Policy path of a draft in which the imported configuration gets stored after completion of import task.",
"readonly": true,
"title": "Policy path of a draft",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"display": {
"order": 6
},
"readonly": true,
"title": "The end time of the task in epoch milliseconds"
},
"failure_msg": {
"description": "This property holds the reason of the task failure, if any.",
"readonly": true,
"title": "Reason of the task failure",
"type": "string"
},
"id": {
"display": {
"order": 1
},
"readonly": true,
"title": "Identifier for this task",
"type": "string"
},
"message": {
"display": {
"order": 4
},
"readonly": true,
"title": "A message describing the disposition of the task",
"type": "string"
},
"progress": {
"display": {
"order": 7
},
"maximum": 100,
"minimum": 0,
"readonly": true,
"title": "Task progress if known, from 0 to 100",
"type": "integer"
},
"request_method": {
"display": {
"order": 12
},
"readonly": true,
"title": "HTTP request method",
"type": "string"
},
"request_uri": {
"display": {
"order": 11
},
"readonly": true,
"title": "URI of the method invocation that spawned this task",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"display": {
"order": 5
},
"readonly": true,
"title": "The start time of the task in epoch milliseconds"
},
"status": {
"$ref": "TaskStatus,
"display": {
"order": 3
},
"readonly": true,
"title": "Current status of the task"
},
"user": {
"display": {
"order": 10
},
"readonly": true,
"title": "Name of the user who created this task",
"type": "string"
}
},
"title": "Import task information",
"type": "object"
}
IncludedFieldsParameters (type)
{
"additionalProperties": false,
"id": "IncludedFieldsParameters",
"module_id": "Common",
"properties": {
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
}
},
"title": "A list of fields to include in query results",
"type": "object"
}
Infra (type)
{
"additionalProperties": false,
"description": "Infra space related policy.",
"extends": {
"$ref": "AbstractSpace
},
"id": "Infra",
"module_id": "Policy",
"policy_hierarchical_children": [
"ChildBfdProfile",
"ChildCaBundle",
"ChildConstraint",
"ChildConstraintGlobalConfig",
"ChildDhcpRelayConfig",
"ChildDhcpServerConfig",
"ChildDnsSecurityProfile",
"ChildDomain",
"ChildEvpnTenantConfig",
"ChildFloodProtectionProfile",
"ChildFullSyncState",
"ChildGatewayQosProfile",
"ChildGlobalManager",
"ChildGlobalManagerConfig",
"ChildIPDiscoveryProfile",
"ChildIpv6DadProfile",
"ChildIpv6NdraProfile",
"ChildMacDiscoveryProfile",
"ChildPolicyContextProfile",
"ChildPolicyDnsForwarderZone",
"ChildPolicyDraft",
"ChildPolicyFirewallScheduler",
"ChildPolicyFirewallSessionTimerProfile",
"ChildPolicyLabel",
"ChildPolicyLatencyStatProfile",
"ChildPolicyTransportZoneProfile",
"ChildQoSProfile",
"ChildSegment",
"ChildSegmentSecurityProfile",
"ChildService",
"ChildSite",
"ChildSpan",
"ChildSpoofGuardProfile",
"ChildTier0",
"ChildTier1",
"ChildTlsCertificate",
"ChildTlsCrl",
"ChildTlsCsr",
"ChildTraceflowConfig",
"ChildVMTagReplicationPolicy"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"connectivity_strategy": {
"deprecated": true,
"description": "The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use \"allow\" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use \"drop\" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelisting with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added.",
"enum": [
"WHITELIST",
"BLACKLIST",
"WHITELIST_ENABLE_LOGGING",
"BLACKLIST_ENABLE_LOGGING",
"NONE"
],
"required": false,
"title": "Connectivity strategy used by this tenant",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"domains": {
"description": "This field is used while creating or updating the infra space.",
"items": {
"$ref": "Domain
},
"required": false,
"title": "Domains for infra",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Infra",
"type": "object"
}
InfraSecurityConfig (type)
{
"extends": {
"$ref": "ManagedResource
},
"id": "InfraSecurityConfig",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"automatic_appliance_certificate_renewal_enabled": {
"description": "When this flag is set to true, NSX will periodically check if any of the appliance certificates used for NSX internal communications are about to expire. If any are due to expire, new certificates will be created and installed automatically. If not provided, this defaults to true.",
"nsx_feature": "CertificateAutoReplace",
"readonly": false,
"title": "Renew appliance certificates automatically",
"type": "boolean"
},
"automatic_appliance_certificate_renewal_lead_time": {
"description": "The number of days before certificate expiration that NSX will automatically renew expiring appliance certificates. By default, this is 31 days.",
"minimum": 31,
"nsx_feature": "CertificateAutoReplace",
"readonly": false,
"title": "Lead time for automatic renewal of appliance certificates",
"type": "int"
},
"ca_signed_only": {
"description": "When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates. Since this check has now moved to the compliance-report, enabling this check is no longer required if the NDcPP Security alarms have been enabled.",
"readonly": false,
"title": "A flag to indicate whether the server certs are only allowed to be ca-signed.",
"type": "boolean"
},
"crl_checking_enabled": {
"description": "When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not. Setting this property to false results in lower security. It is not advisable to import certificate without CRL info while CRL checking is deactivated, and then re-enable CRL checking.",
"readonly": false,
"title": "A flag to indicate whether the Java trust-managers check certificate revocation",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"eku_checking_enabled": {
"description": "When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk. Since this check has now moved to the compliance-report, enabling/disabling this flag no longer has any effect when applying certificates.",
"readonly": false,
"title": "A flag to indicate whether the Extended Key Usage extension in the certificate is checked.",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "NSX global configs for security purposes, like trust store and trust manager.",
"type": "object"
}
IngressBroadcastRateLimiter (type)
{
"extends": {
"$ref": "QoSBaseRateLimiter
},
"id": "IngressBroadcastRateLimiter",
"module_id": "PolicyQoS",
"polymorphic-type-descriptor": {
"type-identifier": "IngressBroadcastRateLimiter"
},
"properties": {
"average_bandwidth": {
"default": 0,
"descrption": "Set custom average_bandwidth for the outbound network traffic\nfrom the VM to the logical network based on broadcast.\n",
"minimum": 0,
"title": "Average bandwidth in kb/s",
"type": "int"
},
"burst_size": {
"default": 0,
"descrition": "Set custom burst_size for the outbound network traffic\nfrom the VM to the logical network based on broadcast.\n",
"minimum": 0,
"title": "Burst size in bytes",
"type": "int"
},
"enabled": {
"required": true,
"type": "boolean"
},
"peak_bandwidth": {
"default": 0,
"desription": "Set custom peak_bandwidth for the outbound network traffic\nfrom the VM to the logical network based on broadcast.\n",
"minimum": 0,
"title": "Peak bandwidth in kb/s",
"type": "int"
},
"resource_type": {
"default": "IngressRateLimiter",
"description": "Type rate limiter",
"enum": [
"IngressRateLimiter",
"IngressBroadcastRateLimiter",
"EgressRateLimiter"
],
"required": true,
"type": "string"
}
},
"title": "A shaper that specifies ingress rate properties in kb/s",
"type": "object"
}
IngressRateLimiter (type)
{
"extends": {
"$ref": "QoSBaseRateLimiter
},
"id": "IngressRateLimiter",
"module_id": "PolicyQoS",
"polymorphic-type-descriptor": {
"type-identifier": "IngressRateLimiter"
},
"properties": {
"average_bandwidth": {
"default": 0,
"description": "You can use the average bandwidth to reduce network congestion.",
"minimum": 0,
"title": "Average bandwidth in Mb/s",
"type": "int"
},
"burst_size": {
"default": 0,
"description": "The burst duration is set in the burst size setting.",
"minimum": 0,
"title": "Burst size in bytes",
"type": "int"
},
"enabled": {
"required": true,
"type": "boolean"
},
"peak_bandwidth": {
"default": 0,
"description": "The peak bandwidth rate is used to support burst traffic.",
"minimum": 0,
"title": "Peak bandwidth in Mb/s",
"type": "int"
},
"resource_type": {
"default": "IngressRateLimiter",
"description": "Type rate limiter",
"enum": [
"IngressRateLimiter",
"IngressBroadcastRateLimiter",
"EgressRateLimiter"
],
"required": true,
"type": "string"
}
},
"title": "A shaper that specifies ingress rate properties in Mb/s",
"type": "object"
}
InitiateClusterRestoreRequest (type)
{
"id": "InitiateClusterRestoreRequest",
"module_id": "ClusterRestore",
"properties": {
"ip_address": {
"format": "hostname-or-ip",
"readonly": true,
"required": false,
"title": "IP address or FQDN of the node from which the backup was taken",
"type": "string"
},
"ipv6_address": {
"description": "IPv6 address or FQDNv6 of the node which would be used for the restoration. This should be same as the one on which backup was taken",
"format": "hostname-or-ip",
"readonly": true,
"required": false,
"title": "IPv6 address or FQDNv6 of the node from which the backup was taken",
"type": "string"
},
"node_id": {
"readonly": true,
"required": true,
"title": "Unique id of the backed-up configuration from which\nthe appliance will be restored\n",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"required": true,
"title": "Timestamp of the backed-up configuration from which\nthe appliance will be restored\n"
}
},
"type": "object"
}
Injection (type)
{
"additionalProperties": false,
"description": "Injection holding a key and a corresponding value.",
"id": "Injection",
"module_id": "PolicyReaction",
"properties": {
"key": {
"description": "Injection key.",
"required": true,
"title": "Key",
"type": "string"
},
"value": {
"$ref": "InjectionValue,
"description": "Injection value.",
"required": true,
"title": "Value"
}
},
"title": "Injection",
"type": "object"
}
InjectionValue (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Injection Value.",
"id": "InjectionValue",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"description": "Injection Value resource type.",
"enum": [
"UnaryOperationBasedInjectionValue"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Injection Value",
"type": "object"
}
InstallUpgradeServiceProperties (type)
{
"additionalProperties": false,
"id": "InstallUpgradeServiceProperties",
"properties": {
"enabled": {
"required": true,
"title": "True if service enabled; otherwise, false",
"type": "boolean"
},
"enabled_on": {
"readonly": true,
"title": "IP of manager on which install-upgrade is enabled",
"type": "string"
}
},
"title": "install-upgrade service properties",
"type": "object"
}
InstructionInfo (type)
{
"id": "InstructionInfo",
"module_id": "ClusterRestore",
"properties": {
"actions": {
"description": "A list of actions that are to be applied to resources",
"help_detail": "This attribute lists actions that are to be applied to the resources\nreferenced in the \"resources\" attribute. There is an m x n relationship\nbetween these actions and resources.\n",
"items": {
"type": "string"
},
"readonly": true,
"required": true,
"title": "Actions list",
"type": "array"
},
"fields": {
"description": "A list of fields that are displayable to users in a table",
"items": {
"type": "string"
},
"readonly": true,
"required": true,
"title": "Displayable fields",
"type": "array"
},
"id": {
"readonly": true,
"required": true,
"title": "UUID of the instruction",
"type": "string"
},
"name": {
"readonly": true,
"required": true,
"title": "Instruction name",
"type": "string"
}
},
"title": "Details of the instructions displayed during restore process",
"type": "object"
}
IntegerArrayConstraintValue (type)
{
"additionalProperties": false,
"description": "List of values",
"extends": {
"$ref": "ConstraintValue
},
"id": "IntegerArrayConstraintValue",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"type-identifier": "IntegerArrayConstraintValue"
},
"properties": {
"resource_type": {
"enum": [
"StringArrayConstraintValue",
"CidrArrayConstraintValue",
"IntegerArrayConstraintValue"
],
"required": true,
"type": "string"
},
"values": {
"description": "Array of integer values",
"items": {
"type": "int"
},
"maxItems": 100,
"minItems": 1,
"required": true,
"title": "Array of Integer",
"type": "array"
}
},
"title": "Array of Integer Values to perform operation",
"type": "object"
}
IntentEnforcementPointListRequestParams (type)
{
"additionalProperties": false,
"description": "List request parameters containing intent path and enforcement point path",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "IntentEnforcementPointListRequestParams",
"module_id": "PolicyGroupRealization",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"intent_path": {
"required": true,
"title": "String path of the intent object",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List request parameters containing intent path and enforcement point path",
"type": "object"
}
IntentPathRequestParameter (type)
{
"description": "Intent path for which state/realized entities would be fetched.",
"id": "IntentPathRequestParameter",
"module_id": "PolicyRealizedState",
"properties": {
"intent_path": {
"description": "Intent path of object, forward slashes must be escaped using %2F",
"required": true,
"title": "String Path of the intent object",
"type": "string"
},
"site_path": {
"description": "Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites",
"required": false,
"title": "Policy Path of the site",
"type": "string"
}
},
"title": "Parameter to filter realized entities by intent path",
"type": "object"
}
IntentRuntimeRequestParameters (type)
{
"description": "Request parameters that represents a an intent path.",
"id": "IntentRuntimeRequestParameters",
"module_id": "PolicyBaseStatistics",
"properties": {
"intent_path": {
"description": "Policy Path referencing an intent object.",
"required": true,
"title": "Policy Path of the intent object",
"type": "string"
},
"site_path": {
"description": "Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites",
"required": false,
"title": "Policy Path of the site from where the realization status needs to be fetched",
"type": "string"
}
},
"title": "Request Parameters for Intent Runtime Information",
"type": "object"
}
IntentStatusRequestParameters (type)
{
"additionalProperties": false,
"description": "Request parameters that represents a binding between an intent path and whether the enforcement point specific status shall be retrieved from the enforcement point or not. A request can be parameterized with this pair and will be evaluated as follows: - <intent_path>: the request is evaluated on all enforcement points for the given intent with no enforced statuses' details returned. - <intent_path, include_enforced_status=true>: the request is evaluated on all enforcement points for the given intent with enforced statuses' details returned.",
"extends": {
"$ref": "IntentRuntimeRequestParameters
},
"id": "IntentStatusRequestParameters",
"module_id": "PolicyRealizationStatus",
"properties": {
"include_enforced_status": {
"default": false,
"description": "Flag conveying whether to include detailed view of the enforcement point specific status or not.",
"title": "Include Enforced Status Flag",
"type": "boolean"
},
"intent_path": {
"description": "Policy Path referencing an intent object.",
"required": true,
"title": "Policy Path of the intent object",
"type": "string"
},
"site_path": {
"description": "Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites",
"required": false,
"title": "Policy Path of the site from where the realization status needs to be fetched",
"type": "string"
}
},
"title": "Request Parameters for Intent Status Information",
"type": "object"
}
InterSitePortCounters (type)
{
"description": "Provides the statistics of a port since the time it was created. It includes the number of incoming, outgoing and dropped packet counters and, the number of errors and failures causing the drops. The statistics will be reset on edge reboot or edge dataplane restart.",
"extends": {
"$ref": "LogicalRouterPortCounters
},
"id": "InterSitePortCounters",
"module_id": "AggSvcInterSite",
"properties": {
"blocked_packets": {
"description": "The total number of packets blocked on the port. This could be due to either port is operatively down or blocked. The port can be blocked due to admin-down, backplane port is in standby SR (internal operational state is down) etc. It also includes drops when a tunnel port receives packet with local VTEP which is not the assigned one. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Packets blocked",
"type": "integer"
},
"dad_dropped_packets": {
"description": "The total number of packets dropped because source IP is not assigned to the logical port. For IPv6 address, it could be due to DAD (Duplicate Address Detection) status of the IP is not in ASSIGNED state. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "DAD packets dropped",
"type": "integer"
},
"destination_unsupported_dropped_packets": {
"description": "The total number of packets dropped because the destination address in the packet - broadcast, multicast, loopback or reserved address - is not supported on the port. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Destination unsupported packets dropped",
"type": "integer"
},
"dropped_packets": {
"description": "The total number of packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Packets dropped",
"type": "integer"
},
"firewall_dropped_packets": {
"description": "The total number of packets dropped due to firewall rules or firewall state mismatch (For example, the expected sequence number in TCP window was not received). The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Firewall packets dropped",
"type": "integer"
},
"frag_needed_dropped_packets": {
"description": "The total number of packets dropped because they could not be fragmented when their size was larger than the port MTU due to DF bit set in them. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Fragmentation needed packets dropped",
"type": "integer"
},
"ipsec_dropped_packets": {
"description": "The total number of IPSec packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec packets dropped",
"type": "integer"
},
"ipsec_no_sa_dropped_packets": {
"description": "The total number of IPSec packets dropped due to missing security association. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec no security association packets dropped",
"type": "integer"
},
"ipsec_no_vti_dropped_packets": {
"description": "The total number of IPSec packets dropped due to missing Virtual tunnel interface (VTI) in the security association. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec no VTI packets dropped",
"type": "integer"
},
"ipsec_pol_block_dropped_packets": {
"description": "The total number of IPSec packets dropped due to a discard policy configured for the traffic. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec policy block packets dropped",
"type": "integer"
},
"ipsec_pol_err_dropped_packets": {
"description": "The total number of IPSec packets dropped due to policy lookup failure for the packets in the security policy database. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec policy error packets dropped",
"type": "integer"
},
"ipv6_dropped_packets": {
"description": "The total number of IPv6 packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPv6 packets dropped",
"type": "integer"
},
"kni_dropped_packets": {
"description": "The total number of packets that the DPDK kernel NIC interface failed to send to the linux kernel. For example BGP packets, Load balancer etc. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Kernel NIC interface packets dropped",
"type": "integer"
},
"l4port_unsupported_dropped_packets": {
"description": "The total number of packets dropped for having an unknown/unsupported L4 port (TCP or UDP) and destination IP which is owned by the logical router ports including the loopback port. For example, if we receive a UDP packet whose port does not map to the expected port of BFD, AppHA, IPSec or DHCP, then we drop it. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "L4 port unsupported packets dropped",
"type": "integer"
},
"malformed_dropped_packets": {
"description": "The total number of malformed packets dropped on the port due to IP checksum error by IP checksum verification or the physical NIC (vmxnet3 for VM or other NIC for BM) marks the IP checksum error. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Malformed packets dropped",
"type": "integer"
},
"no_arp_dropped_packets": {
"description": "The total number of packets dropped due to incomplete ARP resolution of the next-hop. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No ARP packets dropped",
"type": "integer"
},
"no_linked_dropped_packets": {
"description": "The total number of packets dropped because the port did not have a linked peer port. For example, the logical router port is not connected to a segment port. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No linked packets dropped",
"type": "integer"
},
"no_mem_dropped_packets": {
"description": "The total number of packets dropped due to insufficient memory. One such example is the mBuf pool memory. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No memory packets dropped",
"type": "integer"
},
"no_receiver_dropped_packets": {
"description": "The total number of packets dropped due to absence of the receiver. This could happen when the protocol is not supported by the logical router, or the corresponding tunnel does not exist. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No receiver packets dropped",
"type": "integer"
},
"no_route_dropped_packets": {
"description": "The total number of packets dropped because no route exists for the IP destination of the packets. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No route packets dropped",
"type": "integer"
},
"non_ip_dropped_packets": {
"description": "The total number of non-IP packets dropped because only IP packets are allowed on the port. For example spanning tree BPDU packets. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Non IP packets dropped",
"type": "integer"
},
"proto_unsupported_dropped_packets": {
"description": "The total number of packets dropped because the known protocols such as ARP, ICMP, DHCP cannot be decoded/fully supported. Also, when the ether-type is MPLS but the IP version is not 4 nor 6. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Protocol unsupported packets dropped",
"type": "integer"
},
"redirect_dropped_packets": {
"description": "The total number of packets dropped due to redirection of packet to Kernel NIC Interface(KNI) failed. This could be due to either the redirected interface is a non-KNI interface or we could not fetch the mapping KNI interface for the UUID of the redirected interface. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Redirect packets dropped",
"type": "integer"
},
"rpf_check_dropped_packets": {
"description": "The total number of packets dropped due to RPF check failure. It is applicable to both unicast and multicast. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Reverse-path forwarding check packets dropped",
"type": "integer"
},
"service_insert_dropped_packets": {
"description": "Total number of service insertion packets dropped.",
"required": false,
"title": "Service insert packets dropped",
"type": "integer"
},
"total_bytes": {
"description": "The total number of bytes transferred since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Bytes transferred",
"type": "integer"
},
"total_packets": {
"description": "The total number of packets transferred since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Packets transferred",
"type": "integer"
},
"ttl_exceeded_dropped_packets": {
"description": "The total number of packets dropped due to exceeded TTL. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Time to live exceeded packets dropped",
"type": "integer"
}
},
"title": "Inter-site port counters",
"type": "object"
}
InterVrfRouteAdvertisementTypes (type)
{
"additionalProperties": false,
"description": "Inter-vrf route advertisement types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute TIER0 connected subnets. TIER0_NAT: Redistribute NAT IPs owned by TIER0. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER0. TIER1_STATIC: Redistribute user added static routes. TIER1_CONNECTED: Redistribute Tier1 connected subnets. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1.",
"enum": [
"TIER0_STATIC",
"TIER0_CONNECTED",
"TIER0_NAT",
"TIER0_DNS_FORWARDER_IP",
"TIER0_IPSEC_LOCAL_ENDPOINT",
"TIER1_STATIC",
"TIER1_CONNECTED",
"TIER1_LB_SNAT",
"TIER1_LB_VIP",
"TIER1_NAT",
"TIER1_DNS_FORWARDER_IP",
"TIER1_IPSEC_LOCAL_ENDPOINT"
],
"id": "InterVrfRouteAdvertisementTypes",
"module_id": "PolicyConnectivity",
"title": "Inter-vrf route advertisement types",
"type": "string"
}
InterfaceArpCsvRecord (type)
{
"extends": {
"$ref": "CsvRecord
},
"id": "InterfaceArpCsvRecord",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"ip": {
"$ref": "IPAddress,
"required": true,
"title": "The IP address"
},
"mac_address": {
"required": true,
"title": "The MAC address",
"type": "string"
}
},
"type": "object"
}
InterfaceArpEntry (type)
{
"id": "InterfaceArpEntry",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"ip": {
"$ref": "IPAddress,
"required": true,
"title": "The IP address"
},
"mac_address": {
"required": true,
"title": "The MAC address",
"type": "string"
}
},
"type": "object"
}
InterfaceArpProxy (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "InterfaceArpProxy",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"arp_proxy_entries": {
"items": {
"$ref": "PolicyArpProxyEntry
},
"readonly": true,
"title": "Array of ARP proxy table entries",
"type": "array"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"interface_path": {
"readonly": true,
"title": "Policy path of gateway interface",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
InterfaceArpProxyCsvEntry (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CsvRecord
},
"id": "InterfaceArpProxyCsvEntry",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"arp_proxy_ip": {
"description": "ARP proxy information for a service with ip.",
"readonly": true,
"required": false,
"title": "ARP proxy service addresses",
"type": "string"
},
"interface_path": {
"readonly": true,
"required": false,
"title": "Policy path of gateway interface",
"type": "string"
},
"service_id": {
"description": "Identifier of connected service on port.",
"readonly": true,
"required": false,
"title": "Service type id",
"type": "string"
}
},
"type": "object"
}
InterfaceArpTable (type)
{
"extends": {
"$ref": "ListResult
},
"id": "InterfaceArpTable",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_path": {
"description": "Policy path of edge node.",
"title": "Policy path of edge node",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point.",
"title": "Enforcement point path",
"type": "string"
},
"interface_path": {
"required": true,
"title": "The ID of the logical router port",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Timestamp when the data was last updated; unset if data source has never updated the data."
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "InterfaceArpEntry
},
"required": false,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
InterfaceArpTableInCsvFormat (type)
{
"extends": {
"$ref": "CsvListResult
},
"id": "InterfaceArpTableInCsvFormat",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Timestamp when the data was last updated; unset if data source has never updated the data."
},
"results": {
"items": {
"$ref": "InterfaceArpCsvRecord
},
"required": false,
"type": "array"
}
},
"type": "object"
}
InterfaceDADState (type)
{
"additionalProperties": false,
"description": "Duplicate address detection status on the interface.",
"id": "InterfaceDADState",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"dad_statuses": {
"description": "Array of DAD status which contains DAD information for IP addresses on the interface.",
"items": {
"$ref": "InterfaceIPv6DADStatus
},
"readonly": true,
"title": "IPv6 DAD status",
"type": "array"
},
"interface_path": {
"description": "Policy path or realization ID of interface for which IPv6 DAD status is returned.",
"readonly": true,
"title": "Policy path or realization ID of interface",
"type": "string"
}
},
"title": "Interface DAD status",
"type": "object"
}
InterfaceIPv6DADStatus (type)
{
"additionalProperties": false,
"description": "Duplicate address detection status for IP address on the interface.",
"id": "InterfaceIPv6DADStatus",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"edge_paths": {
"description": "Array of edge nodes on which DAD status is reported for given IP address.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Edge node paths",
"type": "array"
},
"ip_address": {
"$ref": "IPAddress,
"description": "IP address on the port for which DAD status is reported.",
"readonly": true,
"required": false,
"title": "IP address"
},
"status": {
"$ref": "DADStatus,
"description": "DAD status for IP address on the port.",
"readonly": true,
"required": false,
"title": "DAD Status"
}
},
"title": "IPv6 DAD status for Interface",
"type": "object"
}
InterfaceSubnet (type)
{
"additionalProperties": false,
"id": "InterfaceSubnet",
"module_id": "PolicyConnectivity",
"properties": {
"ip_addresses": {
"items": {
"$ref": "IPAddress
},
"required": true,
"title": "IP addresses assigned to interface",
"type": "array"
},
"prefix_len": {
"maximum": 128,
"minimum": 1,
"required": true,
"title": "Subnet prefix length",
"type": "int"
}
},
"title": "Subnet specification for interface connectivity",
"type": "object"
}
IntersiteGatewayConfig (type)
{
"additionalProperties": false,
"description": "Intersite gateway configuration.",
"id": "IntersiteGatewayConfig",
"module_id": "PolicyConnectivity",
"properties": {
"fallback_sites": {
"description": "Fallback site to be used as new primary site on current primary site failure. Disaster recovery must be initiated via API/UI. Fallback site configuration is supported only for T0 gateway. T1 gateway will follow T0 gateway's primary site during disaster recovery.",
"items": {
"type": "string"
},
"required": false,
"title": "Fallback sites",
"type": "array"
},
"intersite_transit_subnet": {
"default": "169.254.32.0/20",
"description": "IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured. This is unused field in VRF, only applicable for stretched gateways and VRF will always use parent T0's intersite_transit_subnet.",
"format": "ip-cidr-block",
"required": false,
"title": "Transit subnet in CIDR format",
"type": "string"
},
"last_admin_active_epoch": {
"description": "Epoch(in seconds) is auto updated based on system current timestamp when primary locale service is updated. It is used for resolving conflict during site failover. If system clock not in sync then User can optionally override this. New value must be higher than the current value.",
"maximum": 4294967295,
"required": false,
"title": "Epoch of last time admin changing active LocaleServices",
"type": "integer"
},
"primary_site_path": {
"description": "Primary egress site for gateway. T0/T1 gateway in Active/Standby mode supports stateful services on primary site. In this mode primary site must be set if gateway is stretched to more than one site. For T0 gateway in Active/Active primary site is optional field. If set then secondary site prefers routes learned from primary over locally learned routes. This field is not applicable for T1 gateway with no services.",
"required": false,
"title": "Primary egress site for gateway.",
"type": "string"
}
},
"title": "Intersite gateway configuration",
"type": "object"
}
IntervalBackupSchedule (type)
{
"extends": {
"$ref": "BackupSchedule
},
"id": "IntervalBackupSchedule",
"module_id": "BackupConfiguration",
"polymorphic-type-descriptor": {
"type-identifier": "IntervalBackupSchedule"
},
"properties": {
"resource_type": {
"enum": [
"WeeklyBackupSchedule",
"IntervalBackupSchedule"
],
"required": true,
"title": "Schedule type",
"type": "string"
},
"seconds_between_backups": {
"default": 3600,
"maximum": 86400,
"minimum": 300,
"title": "Time interval in seconds between two consecutive automated backups",
"type": "integer"
}
},
"title": "Schedule to specify the interval time at which automated backups need to be taken",
"type": "object"
}
InvalidCertificateAction (type)
{
"additionalProperties": false,
"description": "If presented invalid certificates take this action.",
"enum": [
"BLOCK",
"ALLOW"
],
"help_summary": "Use of 'BLOCK' will terminate connection if the certificate is either\nexpired or untrusted.\nUse of 'ALLOW' will allow the connection to proceed.\n",
"id": "InvalidCertificateAction",
"module_id": "PolicyTlsActionProfile",
"readonly": true,
"required": false,
"title": "Action for invalid certificates",
"type": "string"
}
InvalidConfigSummary (type)
{
"additionalProperties": false,
"description": "Invalid Configuration details for a category.",
"id": "InvalidConfigSummary",
"module_id": "GmConfigOnboarding",
"properties": {
"category": {
"description": "Configuration category representing resources not supported for the federation site configuration onboarding.",
"readonly": true,
"required": true,
"title": "Configuration Category",
"type": "string"
},
"resource_count": {
"description": "Total resource count for category",
"readonly": true,
"required": true,
"title": "Resource Count",
"type": "integer"
},
"resource_summary_details": {
"description": "Represents list of resource summaries for a configuration category which are not supported for the federation site configuration onboarding.",
"items": {
"$ref": "ResourceSummaryDetail
},
"maxItems": 10,
"readonly": true,
"required": true,
"title": "Resource Summary List",
"type": "array"
}
},
"title": "Invalid Configuration Summary",
"type": "object"
}
IpAddressAllocation (type)
{
"additionalProperties": false,
"description": "Allocation parameters for the IP address (e.g. specific IP address) can be specified. Tags, display_name and description attributes are not supported in this release.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IpAddressAllocation",
"module_id": "PolicyIpam",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"allocated_ip": {
"$ref": "IPAddress,
"readonly": true,
"title": "Represents IP Address that is allocated from a pool in a NSX+ instance."
},
"allocation_ip": {
"$ref": "IPAddress,
"title": "Address that is allocated from pool"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sync_realization": {
"default": false,
"description": "Realization of intent will be called synchronously",
"title": "Synchronize realization",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Parameters for IP allocation",
"type": "object"
}
IpAddressBlock (type)
{
"additionalProperties": false,
"description": "A block of IP addresses defined by a start address and a mask/prefix (network CIDR). An IP block is typically large & allocated to a tenant for automated consumption. An IP block is always a contiguous address space, for example 192.0.0.1/8. An IP block can be further subdivided into subnets called IP block subnets. These IP block subnets can be added to IP pools and used for IP allocation.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IpAddressBlock",
"module_id": "PolicyIpam",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"available_allocation_size": {
"deprecated": true,
"description": "This size indicates available allocation size of an IpAddressBlock. Note: This field is deprecated. Please use below GET API instead. https://<policy-mgr>/policy/api/v1/infra/ip-blocks/Finance-block/usage",
"title": "Current available size of an IpAddressBlock",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cidr": {
"description": "Represents a network address and the prefix length which will be associated with a layer-2 broadcast domain. Support IPv4 and IPv6 CIDR.",
"format": "ip-cidr-block",
"required": true,
"title": "A contiguous IP address space represented by network address and prefix length",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_address_type": {
"description": "This indicates the type of IP address.",
"enum": [
"IPV4",
"IPV6"
],
"readonly": true,
"title": "Type of IP address.",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sync_realization": {
"default": false,
"description": "If this property is set to true, realization of intent will be called synchronously",
"title": "Synchronize realization",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"visibility": {
"description": "Represents visibility or scope of IpAddressBlock and expected consumption of IpAddressBlock with same scope. It is empty by default. Visibility cannot be updated once block is associated with other intents. If visibility is populated then sync_realization will be true.",
"enum": [
"PRIVATE",
"EXTERNAL"
],
"title": "Visibility of IpAddressBlock",
"type": "string"
}
},
"title": "IP address space represented by network address and prefix",
"type": "object"
}
IpAddressInfo (type)
{
"additionalProperties": false,
"id": "IpAddressInfo",
"module_id": "Inventory",
"properties": {
"ip_addresses": {
"items": {
"$ref": "IPAddress
},
"readonly": true,
"required": true,
"title": "IP Addresses of the the virtual network interface, as discovered in the source.",
"type": "array"
},
"source": {
"enum": [
"VM_TOOLS"
],
"readonly": true,
"required": true,
"title": "Source of the ipaddress information.",
"type": "string"
}
},
"title": "Ipaddress information of the fabric node.",
"type": "object"
}
IpAddressPool (type)
{
"additionalProperties": false,
"description": "IpAddressPool is a collection of subnets. The subnets can either be derived from an IpBlock or specified by the user. User can request for IP addresses to be allocated from a pool. When an IP is requested from a pool, the IP that is returned can come from any subnet that belongs to the pool.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IpAddressPool",
"module_id": "PolicyIpam",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"check_overlap_with_existing_pools": {
"default": false,
"description": "If an existing IpAddressPool is found that overlaps with the given IpAddressPool, then a validation error would be thrown while realization. It is false by default.",
"title": "Whether to perform overlap check with existing IpAddressPools while realization.",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_address_type": {
"description": "Represents the type of IP addresses present inside the pool.",
"enum": [
"IPV4",
"IPV6",
"DUAL"
],
"readonly": true,
"title": "Type of IP Address.",
"type": "string"
},
"ip_release_delay": {
"description": "Delay in milliseconds, while releasing allocated IP address from IP pool (Default is 2 mins).",
"title": "IP address release delay in milliseconds",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pool_usage": {
"$ref": "PolicyPoolUsage,
"description": "Shows Pool statistics like total IPs, allocated IPs, requested IP allocations and available IPs of an IpAddressPool.",
"readonly": true,
"title": "IpAddressPool usage statistics"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sync_realization": {
"default": false,
"description": "Realization of intent will be called synchronously",
"title": "Synchronize realization",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"visibility": {
"description": "Represents visibility or scope of IpAddressPool and expected consumption of IpAddressPool with same scope. Visibility cannot be updated once pool is created. It is empty by default.",
"enum": [
"PRIVATE",
"PUBLIC"
],
"title": "Visibility of IpAddressPool",
"type": "string"
}
},
"title": "A collection of IP subnets",
"type": "object"
}
IpAddressPoolBlockSubnet (type)
{
"additionalProperties": false,
"description": "This type of subnet allows user to dynamically carve a subnet out of a preconfigured IpAddressBlock. The user must specify the size of the subnet and the IpAddressBlock from which the subnet is to be derived. If the required amount of IP address space is available in the specified IpAddressBlock, the system automatically configures subnet range. IpAddressBlock available size is calculated based on the size of IpAddressPoolBlockSubnet intent object and not on realized. The user should delete failed IpAddressPoolBlockSubnet to utilize IpAddressBlock size correctly.",
"extends": {
"$ref": "IpAddressPoolSubnet
},
"id": "IpAddressPoolBlockSubnet",
"module_id": "PolicyIpam",
"polymorphic-type-descriptor": {
"type-identifier": "IpAddressPoolBlockSubnet"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"allocation_range": {
"description": "Allocation range is used to limit subnet range to be used for allocations of IPs from subnet. This must be less than or equal to subnet size. Instead of taking whole subnet range for allocations, user can limit the range used for allocation of IPs. This is very useful in IPv6 case where big subnets needs to be carved out from IpAddressBlock but whole subnet range will not be needed for IP allocations. Eg: subnet range is (2002:2345::0001-2002:2345::7fff:ffff): subnet_start_ip: 2002:2345::0001-2002:2345 subnet_end_ip: 2002:2345::7fff:ffff User would like to use only 128 IPs for allocations. allocation_range: 128 allocation range used (2002:2345::0001-2002:2345::7fff:007f): allocation_range_start_ip: 2002:2345::0001-2002:2345 allocation_range_end_ip: 2002:2345::7fff:007f",
"maximum": 1048576,
"minimum": 1,
"required": false,
"title": "Range used for allocation/release of IPs from subnet.",
"type": "integer"
},
"auto_assign_gateway": {
"default": true,
"description": "If this property is set to true, the first IP in the range will be reserved for gateway.",
"title": "Indicate whether default gateway is to be reserved from the range",
"type": "boolean"
},
"broadcast_address": {
"description": "Represents Broadcast address of the subnet in a NSX+ instance.",
"readonly": true,
"title": "Broadcast Address",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cidr": {
"description": "Represents network address and the prefix length in a NSX+ instance which will be associated with a layer-2 broadcast domain.",
"format": "ip-cidr-block",
"readonly": true,
"title": "A contiguous IP address space represented by network address and prefix length",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"gateway_address": {
"description": "Represents Gateway address of the subnet in a NSX+ instance.",
"readonly": true,
"title": "Gateway Address",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_block_path": {
"required": true,
"title": "The path of the IpAddressBlock from which the subnet is to be created.",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"IpAddressPoolBlockSubnet"
],
"relationshipType": "IP_BLOCK_IP_POOL_SUBNET_RELATIONSHIP",
"rightType": [
"IpAddressBlock"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"network_address": {
"description": "Represents Network address of the subnet in a NSX+ instance.",
"readonly": true,
"title": "Network Address",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "IpAddressPoolSubnetType,
"description": "Specifies whether the IpAddressPoolSubnet is to be carved out of a IpAddressBlock or will be specified by the user",
"required": true,
"title": "Represents the type of IpAddressPoolSubnet"
},
"size": {
"deprecated": true,
"description": "The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later. Please use subnet_size instead as integer type cannot hold big values needs for IPv6.",
"required": false,
"title": "Represents the size or number of IP addresses in the subnet",
"type": "integer"
},
"start_ip": {
"$ref": "IPAddress,
"description": "For internal system use Only. Represents start ip address of the subnet from IP block. Subnet ip adddress will start from this ip address.",
"required": false,
"title": "Represents start ip address of the subnet"
},
"subnet_size": {
"description": "The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later.",
"required": false,
"title": "Represents the size or number of IP addresses in the subnet",
"type": "string"
},
"sync_realization": {
"default": false,
"description": "Realization of intent will be called synchronously",
"title": "Synchronize realization",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IpAddressPoolSubnet dynamically carved out of a IpAddressBlock",
"type": "object"
}
IpAddressPoolStaticSubnet (type)
{
"additionalProperties": false,
"description": "This type of subnet is statically configured by the user. The user provides the range details and the gateway for the subnet.",
"extends": {
"$ref": "IpAddressPoolSubnet
},
"id": "IpAddressPoolStaticSubnet",
"module_id": "PolicyIpam",
"polymorphic-type-descriptor": {
"type-identifier": "IpAddressPoolStaticSubnet"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"allocation_ranges": {
"items": {
"$ref": "IpPoolRange
},
"required": true,
"title": "A collection of IPv4 or IPv6 IP Pool Ranges.",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cidr": {
"required": true,
"title": "Subnet representation is a network address and prefix length",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dns_nameservers": {
"items": {
"$ref": "IPAddress
},
"maxItems": 3,
"title": "The collection of upto 3 DNS servers for the subnet.",
"type": "array",
"uniqueItems": true
},
"dns_suffix": {
"format": "hostname",
"title": "The DNS suffix for the DNS server.",
"type": "string"
},
"gateway_ip": {
"$ref": "IPAddress,
"title": "The default gateway address on a layer-3 router."
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "IpAddressPoolSubnetType,
"description": "Specifies whether the IpAddressPoolSubnet is to be carved out of a IpAddressBlock or will be specified by the user",
"required": true,
"title": "Represents the type of IpAddressPoolSubnet"
},
"sync_realization": {
"default": false,
"description": "Realization of intent will be called synchronously",
"title": "Synchronize realization",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IpAddressPoolSubnet statically configured by a user",
"type": "object"
}
IpAddressPoolSubnet (type)
{
"abstract": true,
"additionalProperties": false,
"description": "IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified by the user. In the first case where the subnet is carved out of a IpAddressBlock, the user must specify the ID of the block from which this subnet is to be derived. This block must be pre-created. The subnet range is auto populated by the system. In the second case, the user configures the subnet range directly. No IpAddressBlock is required.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "IpAddressPoolSubnet",
"module_id": "PolicyIpam",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "IpAddressPoolSubnetType,
"description": "Specifies whether the IpAddressPoolSubnet is to be carved out of a IpAddressBlock or will be specified by the user",
"required": true,
"title": "Represents the type of IpAddressPoolSubnet"
},
"sync_realization": {
"default": false,
"description": "Realization of intent will be called synchronously",
"title": "Synchronize realization",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Abstract class for IpSubnet in a IpAddressPool",
"type": "object"
}
IpAddressPoolSubnetType (type)
{
"additionalProperties": false,
"description": "IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet",
"enum": [
"IpAddressPoolBlockSubnet",
"IpAddressPoolStaticSubnet"
],
"id": "IpAddressPoolSubnetType",
"module_id": "PolicyIpam",
"title": "Type of IpAddressPoolSubnet",
"type": "string"
}
IpInfo (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Only support IP address or subnet. Its type can be of IPv4 or IPv6. It will be converted to subnet when netmask is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24, 2008:12:12:12::2/64 => 2008:12:12:12::/64). This type is deprecated. Please use the type NetworkInfo instead.",
"id": "IpInfo",
"module_id": "LiveTrace",
"properties": {
"dst_ip": {
"$ref": "IPElement,
"description": "The destination IP can be an IP address or a subnet.",
"required": false,
"title": "The destination IP address or subnet"
},
"src_ip": {
"$ref": "IPElement,
"description": "The source IP can be an IP address or a subnet.",
"required": false,
"title": "The source IP address or subnet"
}
},
"type": "object"
}
IpPoolRange (type)
{
"additionalProperties": false,
"description": "A set of IPv4 or IPv6 addresses defined by a start and end address.",
"extends": {
"$ref": "Resource
},
"id": "IpPoolRange",
"module_id": "Ipam",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"end": {
"$ref": "IPAddress,
"required": true,
"title": "The end IP Address of the IP Range."
},
"start": {
"$ref": "IPAddress,
"required": true,
"title": "The start IP Address of the IP Range."
}
},
"type": "object"
}
Ipv4Header (type)
{
"additionalProperties": false,
"id": "Ipv4Header",
"module_id": "Traceflow",
"properties": {
"dst_ip": {
"$ref": "IPv4Address,
"required": false,
"title": "The destination ip address."
},
"flags": {
"default": 0,
"maximum": 8,
"minimum": 0,
"required": false,
"title": "IP flags",
"type": "integer"
},
"protocol": {
"default": 1,
"maximum": 255,
"minimum": 0,
"required": false,
"title": "IP protocol - defaults to ICMP",
"type": "integer"
},
"src_ip": {
"$ref": "IPv4Address,
"required": false,
"title": "The source ip address."
},
"src_subnet_prefix_len": {
"description": "This is used together with src_ip to calculate dst_ip for broadcast when dst_ip is not given; not used in all other cases.",
"maximum": 32,
"minimum": 1,
"required": false,
"title": "source subnet prefix length.",
"type": "integer"
},
"ttl": {
"default": 64,
"maximum": 255,
"minimum": 0,
"required": false,
"title": "Time to live (ttl)",
"type": "integer"
}
},
"type": "object"
}
Ipv6DadProfile (type)
{
"additionalProperties": false,
"description": "Duplicate address detection profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Ipv6DadProfile",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"dad_mode": {
"$ref": "DADMode,
"default": "LOOSE",
"required": false,
"title": "DAD Mode"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"ns_retries": {
"default": 3,
"description": "Number of Neighbor solicitation packets generated before completing the Duplicate address detection process.",
"maximum": 10,
"minimum": 0,
"required": false,
"title": "NS retries count",
"type": "integer"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"wait_time": {
"default": 1,
"description": "The time duration in seconds, to wait for Neighbor advertisement after sending the Neighbor solicitation message.",
"maximum": 60,
"minimum": 0,
"required": false,
"title": "Wait time",
"type": "integer"
}
},
"type": "object"
}
Ipv6DadProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Ipv6DadProfileListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Ipv6DadProfile
},
"required": true,
"title": "Paginated list of Ipv6DadProfile",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
Ipv6Header (type)
{
"id": "Ipv6Header",
"module_id": "Traceflow",
"properties": {
"dst_ip": {
"$ref": "IPv6Address,
"required": false,
"title": "The destination ip address."
},
"hop_limit": {
"default": 64,
"description": "Decremented by 1 by each node that forwards the packets. The packet is discarded if Hop Limit is decremented to zero.",
"maximum": 255,
"minimum": 0,
"required": false,
"title": "hop limit",
"type": "integer"
},
"next_header": {
"default": 58,
"maximum": 255,
"minimum": 0,
"required": false,
"title": "Identifies the type of header immediately following the IPv6 header.",
"type": "integer"
},
"src_ip": {
"$ref": "IPv6Address,
"required": false,
"title": "The source ip address."
}
},
"type": "object"
}
Ipv6NdraProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Ipv6NdraProfile",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dns_config": {
"$ref": "RaDNSConfig,
"required": false,
"title": "DNS Configurations"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"ndra_advertised_route": {
"description": "Route advertised in NDRAProfile.",
"items": {
"$ref": "NDRAAdvertisedRoute
},
"required": false,
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"ra_config": {
"$ref": "RAConfig,
"required": true,
"title": "RA Configuration"
},
"ra_mode": {
"$ref": "RAMode,
"default": "SLAAC_DNS_THROUGH_RA",
"required": true,
"title": "RA Mode"
},
"reachable_timer": {
"default": 0,
"description": "Neighbour reachable time duration in milliseconds. A value of 0 means unspecified.",
"maximum": 3600000,
"minimum": 0,
"required": false,
"title": "Reachable timer",
"type": "integer"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"retransmit_interval": {
"default": 1000,
"description": "The time, in milliseconds, between retransmitted neighbour solicitation messages.",
"maximum": 4294967295,
"minimum": 0,
"required": false,
"title": "Retransmission interval",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
Ipv6NdraProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Ipv6NdraProfileListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Ipv6NdraProfile
},
"required": true,
"title": "Paginated list of Ipv6NdraProfile",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
IssuerSerialNumber (type)
{
"additionalProperties": false,
"id": "IssuerSerialNumber",
"module_id": "CertificateManager",
"properties": {
"issuer": {
"description": "Issuer Distinguished Name of the revoked certificates.",
"title": "Issuer Distinguished Name (DN)",
"type": "string"
},
"serial_numbers": {
"description": "List of Certificate Serial Numbers issued by the specified issuers.",
"items": {
"type": "string"
},
"title": "Certificate Serial Numbers",
"type": "array"
}
},
"type": "object"
}
KeySize (type)
{
"id": "KeySize",
"module_id": "CertificateManager",
"title": "Crypto key size",
"type": "integer"
}
KeyStoreInfo (type)
{
"additionalProperties": false,
"description": "Key Store information about the url alias or datasource.",
"id": "KeyStoreInfo",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"keystore": {
"description": "A location of the keystor file which stores private key and identity certificates that will be presented to both parties (server or client) for verification.",
"title": "A location of the keystore file",
"type": "string"
},
"keystore_alias": {
"description": "Its an alias specified when an entity is added to the keystore.",
"title": "An alias is used to uniquely identifies the entry in keystore",
"type": "string"
},
"keystore_phrase": {
"description": "A location of the key store pass phrase file.",
"title": "A location of the key store pass phrase file.",
"type": "string"
},
"truststore": {
"description": "A location of the trust store file which stores the certificate from CA that verify the certificate presented by the server in SSL connection.",
"title": "A location of the trust store file.",
"type": "string"
}
},
"title": "KeyStoreInfo",
"type": "object"
}
KeyValue (type)
{
"additionalProperties": false,
"id": "KeyValue",
"module_id": "CertificateManager",
"properties": {
"key": {
"description": "Key name.",
"readonly": false,
"required": true,
"type": "string"
},
"value": {
"description": "Key value.",
"readonly": false,
"required": true,
"type": "string"
}
},
"type": "object"
}
KeyValuePair (type)
{
"additionalProperties": false,
"id": "KeyValuePair",
"module_id": "Common",
"properties": {
"key": {
"maxLength": 255,
"readonly": false,
"required": true,
"title": "Key",
"type": "string"
},
"value": {
"maxLength": 255,
"readonly": false,
"required": true,
"title": "Value",
"type": "string"
}
},
"title": "An arbitrary key-value pair",
"type": "object"
}
KnownHostParameter (type)
{
"additionalProperties": false,
"id": "KnownHostParameter",
"properties": {
"host": {
"$ref": "HostnameOrIPv46Address,
"required": true,
"title": "Known host hostname or IPv4/v6 address"
},
"port": {
"default": 22,
"maximum": 65535,
"minimum": 1,
"title": "Known host port",
"type": "integer"
}
},
"type": "object"
}
L2AutoRD (type)
{
"id": "L2AutoRD",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"l2_auto_rd": {
"title": "Layer 2 auto assigned route distinghusher",
"type": "string"
},
"l2_vni": {
"title": "Layer 2 Virtual Network Interface",
"type": "string"
}
},
"title": "Layer 2 Auto assigned Route Distinguisher",
"type": "object"
}
L2BridgeEndpointProfile (type)
{
"additionalProperties": false,
"description": "Used to configure L2 Bridge endpoint profile",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L2BridgeEndpointProfile",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"edge_paths": {
"description": "List of policy paths to edge nodes. Edge allocation for L2 bridging.",
"items": {
"type": "string"
},
"maxItems": 2,
"minItems": 1,
"title": "List of path of Edge nodes",
"type": "array"
},
"failover_mode": {
"default": "PREEMPTIVE",
"enum": [
"PREEMPTIVE",
"NON_PREEMPTIVE"
],
"title": "Failover mode for the edge bridge cluster",
"type": "string"
},
"ha_mode": {
"default": "ACTIVE_STANDBY",
"description": "High avaialability mode can be active-active or active-standby. High availability mode cannot be modified after realization.",
"enum": [
"ACTIVE_STANDBY"
],
"title": "High availability mode for the edge bridge cluster",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Layer 2 Bridge Endpoint Profile",
"type": "object"
}
L2BridgeEndpointProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "L2BridgeEndpointProfileListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Layer 2 bridge endpoint list request parameters",
"type": "object"
}
L2BridgeEndpointProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "L2BridgeEndpointProfileListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "L2BridgeEndpointProfile
},
"required": true,
"title": "L2BridgeEndpointProfile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of L2BridgeEndpointProfile",
"type": "object"
}
L2Extension (type)
{
"additionalProperties": false,
"id": "L2Extension",
"module_id": "PolicyConnectivity",
"properties": {
"l2vpn_path": {
"deprecated": true,
"description": "This property has been deprecated. Please use the property l2vpn_paths for setting the paths of associated L2 VPN session. This property will continue to work as expected to provide backwards compatibility. However, when both l2vpn_path and l2vpn_paths properties are specified, only l2vpn_paths is used.",
"required": false,
"title": "Policy path of associated L2 VPN session",
"type": "string"
},
"l2vpn_paths": {
"description": "Policy paths corresponding to the associated L2 VPN sessions",
"items": {
"type": "string"
},
"required": false,
"title": "Policy paths of associated L2 VPN sessions",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "SEGMENT_L2VPN_SESSION_RELATIONSHIP",
"rightType": [
"L2VPNSession"
]
}
]
},
"local_egress": {
"$ref": "LocalEgress,
"description": "Local Egress.",
"title": "Local Egress"
},
"tunnel_id": {
"maximum": 4093,
"minimum": 1,
"required": false,
"title": "Tunnel ID",
"type": "int"
}
},
"title": "Segment specific L2 VPN configuration",
"type": "object"
}
L2ForwarderRemoteMacsPerSite (type)
{
"additionalProperties": false,
"experimental": true,
"id": "L2ForwarderRemoteMacsPerSite",
"module_id": "AggSvcL2Forwarder",
"properties": {
"remote_active_ips": {
"description": "Remote active IP addresses.",
"items": {
"$ref": "IPAddress
},
"readonly": true,
"title": "Remote active IPs",
"type": "array"
},
"remote_mac_addresses": {
"description": "Remote mac addresses.",
"items": {
"type": "string"
},
"readonly": true,
"title": "Remote mac addresses",
"type": "array"
},
"remote_site": {
"$ref": "ResourceReference,
"description": "Remote site details.",
"readonly": true,
"required": true,
"title": "Remote site"
},
"remote_standby_ips": {
"description": "Remote standby IP addresses.",
"items": {
"$ref": "IPAddress
},
"readonly": true,
"title": "Remote standby IPs",
"type": "array"
},
"rtep_group_id": {
"description": "32 bit unique RTEP group id of the logical switch per site.",
"readonly": true,
"required": true,
"title": "RTEP group id of logical switch per site",
"type": "integer"
}
},
"type": "object"
}
L2ForwarderStatusPerNode (type)
{
"additionalProperties": false,
"experimental": true,
"id": "L2ForwarderStatusPerNode",
"module_id": "AggSvcL2Forwarder",
"properties": {
"high_availability_status": {
"description": "High Availability status of a service router on the edge node.",
"enum": [
"ACTIVE",
"STANDBY",
"DOWN",
"SYNC",
"UNKNOWN"
],
"readonly": true,
"required": true,
"title": "Service router's HA status",
"type": "string"
},
"transport_node": {
"$ref": "ResourceReference,
"description": "Edge node details from where the router status is being retrieved.",
"readonly": true,
"required": true,
"title": "Transport node"
}
},
"type": "object"
}
L2L3RuntimeRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "L2L3RuntimeRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"bgp_neighbor_type": {
"description": "Bgp neighbor type that can be used as filter for T0 bgp neighbor status filter.",
"enum": [
"INTER_SR",
"USER"
],
"required": false,
"title": "Bgp neighbor type",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_path": {
"description": "Policy path of edge node. Edge should be member of enforcement point.",
"title": "Policy path of edge node",
"type": "string"
},
"enforcement_point_path": {
"description": "Enforcement point path.",
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"description": "The data source can be either realtime or cached. If not provided, cached data is returned.",
"experimental": true,
"required": false,
"title": "Source of statistics data"
},
"stats_type": {
"description": "This indicates the type of statistics being requested. We support statistics from the data plane.",
"enum": [
"DATAPATH_STATS"
],
"experimental": true,
"required": false,
"title": "Segment statistics type",
"type": "string"
},
"transport_node_id": {
"description": "Identifer of the transport node. This is a UUID.",
"experimental": true,
"required": false,
"title": "Transport Node Id",
"type": "string"
}
},
"title": "L2 L3 connectivity runtime status request parameters",
"type": "object"
}
L2TcpMaxSegmentSizeClamping (type)
{
"additionalProperties": false,
"description": "TCP MSS Clamping Direction and Value.",
"id": "L2TcpMaxSegmentSizeClamping",
"module_id": "PolicyVpnLayer2VPN",
"properties": {
"direction": {
"default": "BOTH",
"description": "Specifies the traffic direction for which to apply MSS Clamping.",
"enum": [
"NONE",
"BOTH"
],
"required": false,
"title": "Maximum Segment Size Clamping Direction",
"type": "string"
},
"max_segment_size": {
"description": "MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 108 to 8852.",
"maximum": 8860,
"minimum": 108,
"required": false,
"title": "Maximum Segment Size Value",
"type": "integer"
}
},
"title": "TCP MSS Clamping",
"type": "object"
}
L2VPNService (type)
{
"additionalProperties": false,
"description": "L2VPN Service defines if service running as server or client. It also defines all the common properties for the multiple L2VPN Sessions associated with this service.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L2VPNService",
"module_id": "PolicyVpnLayer2VPN",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_hub": {
"default": false,
"description": "This property applies only in SERVER mode. If set to true, traffic from any client will be replicated to all other clients. If set to false, traffic received from clients is only replicated to the local VPN endpoint.",
"required": false,
"title": "Enable spoke to spoke (client) forwarding via hub (server)",
"type": "boolean"
},
"encap_ip_pool": {
"description": "IP Pool to allocate local and peer endpoint IPs for L2VpnSession logical tap.",
"items": {
"$ref": "IPv4CIDRBlock
},
"required": false,
"title": "IP Pool for Logical Taps",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mode": {
"default": "SERVER",
"description": "Specify an L2VPN service mode as SERVER or CLIENT.",
"enum": [
"SERVER",
"CLIENT"
],
"title": "L2VPN Service Mode",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "L2VPN Service",
"type": "object"
}
L2VPNSession (type)
{
"additionalProperties": false,
"description": "Defines the tunnel local and peer addresses along with multiple tansport tunnels for redundancy. L2VPNSession belongs to only one L2VPNService.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L2VPNSession",
"module_id": "PolicyVpnLayer2VPN",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "Enable to extend all the associated segments.",
"required": false,
"title": "Enable L2VPN session",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_mss_clamping": {
"$ref": "L2TcpMaxSegmentSizeClamping,
"description": "TCP Maximum Segment Size Clamping Direction and Value. This feature is supported for L2VPN Sessions that are Server mode only.",
"title": "TCP MSS Clamping"
},
"transport_tunnels": {
"description": "List of transport tunnels for redundancy.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "List of transport tunnels",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"L2VPNSession"
],
"relationshipType": "L2VPN_SESSION_TRANSPORT_TUNNEL_RELATIONSHIP",
"rightType": [
"IPSecVpnSession"
]
}
]
},
"tunnel_encapsulation": {
"$ref": "L2VPNTunnelEncapsulation,
"description": "Tunnel encapsulation config. This property only applies in CLIENT mode. It is auto-populated from the L2VPNSessionData.",
"readonly": true,
"required": false,
"title": "Tunnel encapsulation config"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "L2VPN Session",
"type": "object"
}
L2VPNTunnelEncapsulation (type)
{
"additionalProperties": false,
"description": "L2VPN tunnel encapsulation config.",
"id": "L2VPNTunnelEncapsulation",
"module_id": "PolicyVpnLayer2VPN",
"properties": {
"local_endpoint_address": {
"$ref": "IPv4Address,
"description": "IP Address of the local tunnel port. This property only applies in CLIENT mode.",
"readonly": true,
"required": false,
"title": "IP Address of the tunnel port"
},
"peer_endpoint_address": {
"$ref": "IPv4Address,
"description": "IP Address of the peer tunnel port. This property only applies in CLIENT mode.",
"readonly": true,
"required": false,
"title": "IP Address of the peer tunnel port"
},
"protocol": {
"default": "GRE",
"description": "Encapsulation protocol used by the tunnel.",
"enum": [
"GRE"
],
"readonly": true,
"required": false,
"title": "Encapsulation protocol",
"type": "string"
}
},
"title": "L2VPN Tunnel Encapsulation",
"type": "object"
}
L2Vpn (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Contains information necessary to configure L2Vpn.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L2Vpn",
"module_id": "PolicyL2Vpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "Enable to extend all the associated segments.",
"required": false,
"title": "Enable L2Vpn",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_tunnels": {
"description": "List of paths referencing transport tunnels.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "List of paths referencing transport tunnels",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "L2 Virtual Private Network Configuration",
"type": "object"
}
L2VpnContext (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "L2Vpn Context provides meta-data information about the parent Tier-0.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L2VpnContext",
"module_id": "PolicyL2Vpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_hub": {
"default": false,
"description": "If enabled, the tier-0 acts as a Hub and replicates traffic received from peer to all other peers. If disabled, the tier-0 acts as a Spoke and replicates only the local.",
"title": "Enable to act as hub",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "L2Vpn Context",
"type": "object"
}
L3Vpn (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Contains information necessary to configure IPSec VPN.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L3Vpn",
"module_id": "PolicyL3Vpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dh_groups": {
"description": "Diffie-Hellman group to be used if PFS is enabled. Default group is GROUP14.",
"items": {
"$ref": "PolicyDHGroup
},
"maxItems": 1,
"title": "DH group",
"type": "array",
"uniqueItems": true
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_perfect_forward_secrecy": {
"default": true,
"description": "If true, perfect forward secrecy (PFS) is enabled.",
"title": "Enable perfect forward secrecy",
"type": "boolean"
},
"enabled": {
"default": true,
"description": "Flag to enable L3Vpn. Default is enabled.",
"title": "Enable L3Vpn",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_digest_algorithms": {
"description": "Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256.",
"items": {
"$ref": "PolicyIKEDigestAlgorithm
},
"maxItems": 1,
"title": "Digest Algorithm for IKE",
"type": "array",
"uniqueItems": true
},
"ike_encryption_algorithms": {
"description": "Algorithm to be used during Internet Key Exchange(IKE) negotiation. Default is AES_128.",
"items": {
"$ref": "PolicyIKEEncryptionAlgorithm
},
"maxItems": 1,
"title": "Encryption algorithm for IKE",
"type": "array",
"uniqueItems": true
},
"ike_version": {
"$ref": "PolicyIKEVersion,
"default": "IKE_V2",
"description": "IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2.",
"title": "IKE version"
},
"l3vpn_session": {
"$ref": "L3VpnSession,
"required": true,
"title": "L3Vpn Session"
},
"local_address": {
"$ref": "IPv4Address,
"required": true,
"title": "IPv4 address of local gateway"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"passphrases": {
"description": "List of IPSec pre-shared keys used for IPSec authentication. If not specified, the older passphrase values are retained if there are any.",
"items": {
"type": "secure_string"
},
"maxItems": 1,
"sensitive": true,
"title": "List of IPSec pre-shared keys",
"type": "array",
"uniqueItems": true
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"remote_private_address": {
"description": "This field is used to resolve conflicts in case of a remote site being behind NAT as remote public ip address is not enough. If it is not the case the remote public address should be provided here. If not provided, the value of this field is set to remote_public_address.",
"title": "Identifier of the remote site",
"type": "string"
},
"remote_public_address": {
"$ref": "IPv4Address,
"required": true,
"title": "Public IPv4 address of remote gateway"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tunnel_digest_algorithms": {
"description": "Algorithm to be used for message digest during tunnel establishment. Default algorithm is empty.",
"items": {
"$ref": "PolicyTunnelDigestAlgorithm
},
"maxItems": 1,
"title": "Digest Algorithm for Tunnel Establishment",
"type": "array",
"uniqueItems": true
},
"tunnel_encryption_algorithms": {
"description": "Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128.",
"items": {
"$ref": "PolicyTunnelEncryptionAlgorithm
},
"maxItems": 1,
"title": "Encryption algorithm for Tunnel Establishement",
"type": "array",
"uniqueItems": true
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "L3 Virtual Private Network Configuration",
"type": "object"
}
L3VpnContext (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "L3Vpn Context provides the configuration context that different L3Vpns can consume.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L3VpnContext",
"module_id": "PolicyL3Vpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"available_local_addresses": {
"description": "Local gateway IPv4 addresses available for configuration of each L3Vpn.",
"items": {
"$ref": "PolicyIPAddressInfo
},
"title": "IPv4 addresses of the local gateway",
"type": "array",
"uniqueItems": true
},
"bypass_rules": {
"description": "Bypass L3Vpn rules that will be shared across L3Vpns. Only Bypass action is supported on these L3Vpn rules.",
"items": {
"$ref": "L3VpnRule
},
"title": "List of Bypass L3VpnRules",
"type": "array",
"uniqueItems": true
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "If true, enable L3Vpn Service for given tier-0. Enabling/disabling this service affects all L3Vpns under the given tier-0.",
"title": "Enable L3 Virtual Private Network (VPN) service",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_log_level": {
"default": "INFO",
"description": "Log level for internet key exchange (IKE).",
"enum": [
"DEBUG",
"INFO",
"WARN",
"ERROR",
"EMERGENCY"
],
"title": "Internet key exchange (IKE) log level",
"type": "string"
},
"label": {
"description": "Policy path referencing Label. A label is used as a mechanism to group route-based L3Vpns in order to apply edge firewall rules on members' VTIs.",
"required": false,
"title": "Policy path referencing Label",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "L3Vpn Context",
"type": "object"
}
L3VpnRule (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "For policy-based L3Vpn sessions, a rule specifies as its action the vpn tunnel to be used for transit traffic that meets the rule's match criteria.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L3VpnRule",
"module_id": "PolicyL3Vpn",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"default": "PROTECT",
"description": "Action to exchange data with or without protection. PROTECT - Allows to exchange data with ipsec protection. Protect rules are defined per L3Vpn. BYPASS - Allows to exchange data without ipsec protection. Bypass rules are defined per L3VpnContext and affects all policy based L3Vpns. Bypass rules are prioritized over protect rules.",
"enum": [
"PROTECT",
"BYPASS"
],
"title": "Action to apply to the traffic transiting through the L3Vpn",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destinations": {
"description": "List of remote subnets used in policy-based L3Vpn.",
"items": {
"$ref": "L3VpnSubnet
},
"maxItems": 128,
"minItems": 1,
"required": true,
"title": "List of remote subnets",
"type": "array",
"uniqueItems": true
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"description": "This field is used to resolve conflicts between multiple L3VpnRules associated with a single L3Vpn or L3VpnContext.",
"required": false,
"title": "Sequence number of the L3VpnRule",
"type": "int"
},
"sources": {
"description": "List of local subnets used in policy-based L3Vpn.",
"items": {
"$ref": "L3VpnSubnet
},
"maxItems": 128,
"minItems": 1,
"required": true,
"title": "List of local subnets",
"type": "array",
"uniqueItems": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "L3Vpn Rule",
"type": "object"
}
L3VpnSession (type) (Deprecated)
{
"abstract": true,
"additionalProperties": false,
"deprecated": true,
"description": "Contains information about L3Vpn session.",
"id": "L3VpnSession",
"module_id": "PolicyL3Vpn",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"$ref": "L3VpnSessionResourceType,
"required": true
}
},
"title": "L3Vpn Session",
"type": "object"
}
L3VpnSessionResourceType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "- A Policy Based L3Vpn is a configuration in which protect rules to match local and remote subnet needs to be defined. Tunnel is established for each pair of local and remote subnet defined in protect rules. - A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet (commonly known as VTI) is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn.",
"enum": [
"PolicyBasedL3VpnSession",
"RouteBasedL3VpnSession"
],
"id": "L3VpnSessionResourceType",
"module_id": "PolicyL3Vpn",
"title": "Resource type of L3Vpn Session",
"type": "string"
}
L3VpnSubnet (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Used to specify subnets in L3Vpn rule.",
"id": "L3VpnSubnet",
"module_id": "PolicyL3Vpn",
"properties": {
"subnet": {
"$ref": "IPv4CIDRBlock,
"description": "Subnet used in L3Vpn Rule.",
"required": true,
"title": "Subnet"
}
},
"title": "Subnet used in L3Vpn Rule",
"type": "object"
}
L4PortSetServiceEntry (type)
{
"additionalProperties": false,
"description": "L4PortSet can be specified in comma separated notation of parts. Parts of a L4PortSet includes single integer or range of port in hyphen notation. Example of a PortSet: \"22, 33-70, 44\".",
"extends": {
"$ref": "ServiceEntry
},
"id": "L4PortSetServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "L4PortSetServiceEntry"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_ports": {
"description": "Number of values should not exceed 15, ranges count as 2 values.",
"items": {
"$ref": "PortElement
},
"maxItems": 15,
"required": false,
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"l4_protocol": {
"enum": [
"TCP",
"UDP"
],
"required": true,
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"IPProtocolServiceEntry",
"IGMPTypeServiceEntry",
"ICMPTypeServiceEntry",
"ALGTypeServiceEntry",
"L4PortSetServiceEntry",
"EtherTypeServiceEntry",
"NestedServiceServiceEntry"
],
"required": true,
"type": "string"
},
"source_ports": {
"description": "Number of values should not exceed 15, ranges count as 2 values.",
"items": {
"$ref": "PortElement
},
"maxItems": 15,
"required": false,
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "An ServiceEntry that represents TCP or UDP protocol",
"type": "object"
}
L7AccessAttributes (type)
{
"additionalProperties": false,
"description": "Supported Attribute Keys are APP_ID, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL",
"extends": {
"$ref": "PolicyAttributes
},
"id": "L7AccessAttributes",
"module_id": "L7AccessProfile",
"properties": {
"attribute_source": {
"default": "SYSTEM",
"enum": [
"SYSTEM",
"CUSTOM"
],
"required": false,
"title": "Source of attribute value i.e whether system defined or custom value",
"type": "string"
},
"custom_url_partial_match": {
"description": "True value for this flag will be treated as a partial match for custom url",
"required": false,
"title": "true value would be treated as a partial match for custom url",
"type": "boolean"
},
"datatype": {
"enum": [
"STRING"
],
"required": true,
"title": "Datatype for attribute",
"type": "string"
},
"description": {
"required": false,
"title": "Description for attribute value",
"type": "string"
},
"isALGType": {
"description": "Describes whether the APP_ID value is ALG type or not.",
"required": false,
"title": "Is the value ALG type",
"type": "boolean"
},
"key": {
"description": "Policy Attribute Key",
"enum": [
"APP_ID",
"DOMAIN_NAME",
"URL_CATEGORY",
"URL_REPUTATION",
"CUSTOM_URL"
],
"required": true,
"title": "Key for attribute",
"type": "string"
},
"metadata": {
"description": "This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future",
"items": {
"$ref": "ContextProfileAttributesMetadata
},
"required": false,
"title": "Provide additional meta information about key/values",
"type": "array"
},
"sub_attributes": {
"items": {
"$ref": "PolicySubAttributes
},
"required": false,
"title": "Reference to sub attributes for the attribute",
"type": "array"
},
"value": {
"description": "Multiple attribute values can be specified as elements of array.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Value for attribute key",
"type": "array",
"uniqueItems": true
}
},
"title": "Policy Attributes data holder",
"type": "object"
}
L7AccessEntry (type)
{
"additionalProperties": false,
"description": "An entity that encapsulates attributes like APP_ID, CUSTOM_URL, URL_CATEGORY, URL_REPUTATION.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L7AccessEntry",
"module_id": "L7AccessProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"$ref": "L7AccessEntryAction,
"required": true
},
"attributes": {
"description": "Property containing attributes/sub-attributes for Policy L7 Access Profile. APP_ID, CUSTOM_URL, URL_CATEGORY, are system created attributes, and user can use below API to get list of valid attributes and values and consume them in L7AccessEntry: GET /policy/api/v1/infra/l7-access-profiles/attributes?attribute_source=ALL <br> CUSTOM_URL attribute value must be created explicitly by the user using below API: POST /policy/api/v1/infra/context-profiles/custom-attributes/default?action=add",
"items": {
"$ref": "L7AccessAttributes
},
"maxItems": 1,
"required": true,
"title": "Array of Policy L7 Access Profile attributes",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"disabled": {
"default": false,
"description": "Flag to deactivate the entry. Default is activated.",
"readonly": false,
"required": false,
"title": "Flag to deactivate the entry",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"logged": {
"default": false,
"description": "Flag to activate packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"description": "Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic.",
"required": false,
"title": "Policy L7 Access Entry Order",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy L7 Access entry",
"type": "object"
}
L7AccessEntryAction (type)
{
"description": "The action to be applied to all the services.",
"enum": [
"ALLOW",
"REJECT",
"REJECT_WITH_RESPONSE"
],
"id": "L7AccessEntryAction",
"module_id": "L7AccessProfile",
"required": true,
"title": "L7 acces profile entry action",
"type": "string"
}
L7AccessProfile (type)
{
"additionalProperties": false,
"description": "An entity that encapsulates multiple L7 access profile entries. The entity wil be consumed in firewall rules and can be added in new tuple called profile in firewall rules. One of either Context Profile or L7 Access Profile can be used in firewall rule.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "L7AccessProfile",
"module_id": "L7AccessProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"default_action": {
"$ref": "L7AccessEntryAction,
"required": true
},
"default_action_logged": {
"default": false,
"description": "Flag to activate packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable default logging flag",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"entry_count": {
"description": "The count of entries in the L7 profile.",
"readonly": true,
"title": "Entry count",
"type": "int"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"l7_access_entries": {
"description": "Property containing L7 access entries for Policy L7 Access Profile.",
"items": {
"$ref": "L7AccessEntry
},
"maxItems": 1000,
"required": false,
"title": "Array of Policy L7 Access Profile entries",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy L7 Acces profile",
"type": "object"
}
LBAccessListControl (type)
{
"additionalProperties": false,
"description": "LBAccessListControl is used to define how IP access list control can filter the connections from clients.",
"id": "LBAccessListControl",
"module_id": "PolicyLoadBalancer",
"properties": {
"action": {
"description": "ALLOW means connections matching grouping object IP list are allowed and requests not matching grouping object IP list are dropped. DROP means connections matching grouping object IP list are dropped and requests not matching grouping object IP list are allowed.",
"enum": [
"ALLOW",
"DROP"
],
"required": true,
"title": "IP access list control action",
"type": "string"
},
"enabled": {
"default": false,
"description": "The enabled flag indicates whether to enable access list control option. It is false by default.",
"required": false,
"title": "Whether to enable access list control option",
"type": "boolean"
},
"group_path": {
"description": "The path of grouping object which defines the IP addresses or ranges to match the client IP.",
"required": true,
"title": "Grouping object path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
}
},
"title": "IP access list control to filter the connections from clients",
"type": "object"
}
LBActiveMonitor (type) (Deprecated)
{
"abstract": true,
"additionalProperties": false,
"deprecated": true,
"description": "All the active types of LBMonitorProfile extend from this abstract class. This is present for extensibility.",
"extends": {
"$ref": "LBMonitorProfile
},
"id": "LBActiveMonitor",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBActiveMonitor"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"fall_count": {
"default": 3,
"description": "Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor fall count for active healthchecks",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"interval": {
"default": 5,
"description": "Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor interval in seconds for active healthchecks",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"monitor_port": {
"description": "Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.",
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Monitor port for active healthchecks",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBMonitorProfileType,
"required": true
},
"rise_count": {
"default": 3,
"description": "Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor rise count for active healthchecks",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 5,
"description": "Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor timeout in seconds for active healthchecks",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base class for each type of active LBMonitorProfile",
"type": "object"
}
LBAppProfile (type)
{
"abstract": true,
"additionalProperties": false,
"description": "App profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LBAppProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBApplicationProfileType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "App profile",
"type": "object"
}
LBApplicationProfileType (type)
{
"additionalProperties": false,
"description": "An application profile can be bound to a virtual server to specify the application protocol characteristics. It is used to influence how load balancing is performed. Currently, three types of application profiles are supported: LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile. LBFastTCPProfile or LBFastUDPProfile is typically used when the application is using a custom protocol or a standard protocol not supported by the load balancer. It is also used in cases where the user only wants L4 load balancing mainly because L4 load balancing has much higher performance and scalability, and/or supports connection mirroring. LBHttpProfile is used for both HTTP and HTTPS applications. Though application rules, if bound to the virtual server, can be used to accomplish the same goal, LBHttpProfile is intended to simplify enabling certain common use cases. LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.",
"enum": [
"LBHttpProfile",
"LBFastTcpProfile",
"LBFastUdpProfile"
],
"id": "LBApplicationProfileType",
"module_id": "PolicyLoadBalancer",
"title": "Application profile type",
"type": "string"
}
LBClientCertificateIssuerDnCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Match condition for client certficate issuer DN.",
"id": "LBClientCertificateIssuerDnCondition",
"module_id": "PolicyLoadBalancer",
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing issuer DN value.",
"required": false,
"title": "A case sensitive flag for issuer DN comparing",
"type": "boolean"
},
"issuer_dn": {
"description": "Value of issuer DN. The format should follow RFC 2253.",
"required": true,
"title": "Value of issuer DN",
"type": "string"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"description": "Match type of issuer DN.",
"required": false,
"title": "Match type of issuer DN"
}
},
"title": "Match condition for client certficate issuer DN",
"type": "object"
}
LBClientCertificateSubjectDnCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Match condition for client certficate subject DN.",
"id": "LBClientCertificateSubjectDnCondition",
"module_id": "PolicyLoadBalancer",
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing subject DN value.",
"required": false,
"title": "A case sensitive flag for subject DN comparing",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"description": "Match type of subject DN.",
"required": false,
"title": "Match type of subject DN"
},
"subject_dn": {
"description": "Value of subject DN. The format should follow RFC 2253.",
"required": true,
"title": "Value of subject DN",
"type": "string"
}
},
"title": "Match condition for client certficate subject DN",
"type": "object"
}
LBClientSslProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Client SSL profile. LBClientSslProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBSslProfile
},
"id": "LBClientSslProfile",
"module_id": "PolicyLoadBalancer",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cipher_group_label": {
"$ref": "SslCipherGroup,
"description": "It is a label of cipher group which is mostly consumed by GUI.",
"required": false,
"title": "Label of cipher group"
},
"ciphers": {
"description": "Supported SSL cipher list to client side.",
"items": {
"$ref": "SslCipher
},
"required": false,
"title": "Supported SSL cipher list to client side",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_fips": {
"description": "This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant..",
"readonly": true,
"title": "FIPS compliance of ciphers and protocols",
"type": "boolean"
},
"is_secure": {
"description": "This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure.",
"readonly": true,
"title": "Secure/Insecure SSL profile flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"prefer_server_ciphers": {
"default": true,
"description": "During SSL handshake as part of the SSL client Hello client sends an ordered list of ciphers that it can support (or prefers) and typically server selects the first one from the top of that list it can also support. For Perfect Forward Secrecy(PFS), server could override the client's preference.",
"required": false,
"title": "Prefer server ciphers flag",
"type": "boolean"
},
"protocols": {
"description": "SSL version TLS1.2 is supported and enabled.",
"items": {
"$ref": "SslProtocol
},
"required": false,
"title": "Supported SSL protocol list to client side",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"session_cache_enabled": {
"default": true,
"description": "SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake.",
"required": false,
"title": "Session cache Activate or deactivate flag",
"type": "boolean"
},
"session_cache_timeout": {
"default": 300,
"description": "Session cache timeout specifies how long the SSL session parameters are held on to and can be reused.",
"maximum": 86400,
"minimum": 1,
"required": false,
"title": "SSL session cache timeout value",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Client SSL profile",
"type": "object"
}
LBClientSslProfileBinding (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Client SSL profile binding. LBClientSslProfileBinding is deprecated as NSX-T Load Balancer is deprecated.",
"id": "LBClientSslProfileBinding",
"module_id": "PolicyLoadBalancer",
"properties": {
"certificate_chain_depth": {
"default": 3,
"description": "Authentication depth is used to set the verification depth in the client certificates chain.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "The maximum traversal depth of client certificate chain",
"type": "integer"
},
"client_auth": {
"$ref": "ClientAuthType,
"default": "IGNORE",
"description": "Client authentication mode.",
"required": false,
"title": "Client authentication mode",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"client_auth_ca_paths": {
"description": "If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified.",
"items": {
"type": "string"
},
"required": false,
"title": "CA path list to verify client certificate",
"type": "array"
},
"client_auth_crl_paths": {
"description": "A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates.",
"items": {
"type": "string"
},
"required": false,
"title": "CRL path list to verify client certificate",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_CLIENT_SSL_PROFILE_RELATIONSHIP",
"rightType": [
"LBClientSslProfile"
]
}
]
},
"default_certificate_path": {
"description": "A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension.",
"required": true,
"title": "Default service certificate identifier",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"sni_certificate_paths": {
"description": "Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server.",
"items": {
"type": "string"
},
"required": false,
"title": "SNI certificate path list",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"ssl_profile_path": {
"description": "Client SSL profile defines reusable, application-independent client side SSL properties.",
"required": false,
"title": "Client SSL profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_CLIENT_SSL_PROFILE_RELATIONSHIP",
"rightType": [
"LBClientSslProfile"
]
}
]
}
},
"title": "Client SSL profile binding",
"type": "object"
}
LBConnectionDropAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to drop the connections. There is no extra propery in this action. If there is no match condition specified, the connection will be always dropped. This action can be specified at HTTP_ACCESS or HTTP_FORWARDING pahse.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBConnectionDropAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBConnectionDropAction"
},
"properties": {
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to drop connections",
"type": "object"
}
LBCookiePersistenceProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. LBCookiePersistenceProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBPersistenceProfile
},
"id": "LBCookiePersistenceProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBCookiePersistenceProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cookie_domain": {
"description": "HTTP cookie domain could be configured, only available for insert mode.",
"required": false,
"title": "Cookie domain",
"type": "string"
},
"cookie_fallback": {
"default": true,
"description": "If fallback is true, once the cookie points to a server that is down (i.e. admin state DISABLED or healthcheck state is DOWN), then a new server is selected by default to handle that request. If fallback is false, it will cause the request to be rejected if cookie points to a server.",
"required": false,
"title": "Cookie persistence fallback",
"type": "boolean"
},
"cookie_garble": {
"default": true,
"description": "If garble is set to true, cookie value (server IP and port) would be encrypted. If garble is set to false, cookie value would be plain text.",
"required": false,
"title": "Cookie persistence garble",
"type": "boolean"
},
"cookie_httponly": {
"default": false,
"description": "If cookie httponly flag is true, it prevents a script running in the browser from accessing the cookie. Only available for insert mode.",
"required": false,
"title": "Cookie httponly flag",
"type": "boolean"
},
"cookie_mode": {
"$ref": "CookiePersistenceModeType,
"default": "INSERT",
"description": "Cookie persistence mode.",
"required": false,
"title": "Cookie persistence mode"
},
"cookie_name": {
"default": "NSXLB",
"description": "Cookie name.",
"required": false,
"title": "Cookie name",
"type": "string"
},
"cookie_path": {
"description": "HTTP cookie path could be set, only available for insert mode.",
"required": false,
"title": "Cookie path",
"type": "string"
},
"cookie_secure": {
"default": false,
"description": "If cookie secure flag is true, it prevents the browser from sending a cookie over http. The cookie is sent only over https. Only available for insert mode.",
"required": false,
"title": "Cookie secure flag",
"type": "boolean"
},
"cookie_time": {
"$ref": "LBCookieTime,
"description": "Both session cookie and persistence cookie are supported, if not specified, it's a session cookie. It expires when the browser is closed.",
"required": false,
"title": "Cookie time setting"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"persistence_shared": {
"default": false,
"description": "Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions.",
"required": false,
"title": "Persistence shared across LBVirtualServers",
"type": "boolean"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The resource_type property identifies persistence profile type. LBCookiePersistenceProfile and LBGenericPersistenceProfile are deprecated as NSX-T Load Balancer is deprecated.",
"enum": [
"LBSourceIpPersistenceProfile",
"LBCookiePersistenceProfile",
"LBGenericPersistenceProfile"
],
"required": true,
"title": "Persistence profile type",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "LBPersistenceProflie using Cookies for L7 LBVirtualServer",
"type": "object"
}
LBCookieTime (type) (Deprecated)
{
"abstract": true,
"additionalProperties": false,
"deprecated": true,
"description": "Cookie time.",
"id": "LBCookieTime",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "type"
},
"properties": {
"type": {
"$ref": "LBCookieTimeType,
"required": true
}
},
"title": "Cookie time",
"type": "object"
}
LBCookieTimeType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Both session cookie and persistence cookie are supported, Use LbSessionCookieTime for session cookie time setting, Use LbPersistenceCookieTime for persistence cookie time setting",
"enum": [
"LBSessionCookieTime",
"LBPersistenceCookieTime"
],
"id": "LBCookieTimeType",
"module_id": "PolicyLoadBalancer",
"title": "CookieTime type",
"type": "string"
}
LBFastTcpProfile (type)
{
"additionalProperties": false,
"description": "Fast TCP profile.",
"extends": {
"$ref": "LBAppProfile
},
"id": "LBFastTcpProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBFastTcpProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"close_timeout": {
"default": 8,
"description": "It is used to specify how long a closing TCP connection (both FINs received or a RST is received) should be kept for this application before cleaning up the connection.",
"maximum": 60,
"minimum": 1,
"required": false,
"title": "TCP connection idle timeout in seconds",
"type": "integer"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"ha_flow_mirroring_enabled": {
"default": false,
"description": "If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node.",
"required": false,
"title": "Flow mirroring enabled flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idle_timeout": {
"default": 1800,
"description": "It is used to configure how long an idle TCP connection in ESTABLISHED state should be kept for this application before cleaning up.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "TCP connection idle timeout in seconds",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBApplicationProfileType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Fast TCP profile",
"type": "object"
}
LBFastUdpProfile (type)
{
"additionalProperties": false,
"description": "Fast UDP profile.",
"extends": {
"$ref": "LBAppProfile
},
"id": "LBFastUdpProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBFastUdpProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"flow_mirroring_enabled": {
"default": false,
"description": "If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node.",
"required": false,
"title": "Flow mirroring enabled flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idle_timeout": {
"default": 300,
"description": "Though UDP is a connectionless protocol, for the purposes of load balancing, all UDP packets with the same flow signature (source and destination IP/ports and IP protocol) received within the idle timeout period are considered to belong to the same connection and are sent to the same backend server. If no packets are received for idle timeout period, the connection (association between flow signature and the selected server) is cleaned up.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "UDP idle timeout in seconds",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBApplicationProfileType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Fast UDP profile",
"type": "object"
}
LBGenericPersistenceProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. LBGenericPersistenceProfile cannot be attached to virtual server directly, it can be specified in LB rule actions. In HTTP forwarding phase, the profile can be specified in LBVariablePersistenceOnAction. In HTTP response rewriting phase, the profile can be specified in LBVariablePersistenceLearnAction. LBGenericPersistenceProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBPersistenceProfile
},
"id": "LBGenericPersistenceProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBGenericPersistenceProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"ha_persistence_mirroring_enabled": {
"default": false,
"description": "The mirroring enabled flag is to synchronize persistence entries. Persistence entries are not synchronized to the HA peer by default.",
"required": false,
"title": "Mirroring enabled flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"persistence_shared": {
"default": false,
"description": "Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions.",
"required": false,
"title": "Persistence shared across LBVirtualServers",
"type": "boolean"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The resource_type property identifies persistence profile type. LBCookiePersistenceProfile and LBGenericPersistenceProfile are deprecated as NSX-T Load Balancer is deprecated.",
"enum": [
"LBSourceIpPersistenceProfile",
"LBCookiePersistenceProfile",
"LBGenericPersistenceProfile"
],
"required": true,
"title": "Persistence profile type",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 300,
"description": "When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Persistence entry expiration time in seconds",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "LB generic persistence profile",
"type": "object"
}
LBHttpMonitorProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Active healthchecks are deactivated by default and can be activated for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over HTTP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. LBHttpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBActiveMonitor
},
"id": "LBHttpMonitorProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpMonitorProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"fall_count": {
"default": 3,
"description": "Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor fall count for active healthchecks",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"interval": {
"default": 5,
"description": "Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor interval in seconds for active healthchecks",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"monitor_port": {
"description": "Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.",
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Monitor port for active healthchecks",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"request_body": {
"description": "String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST.",
"required": false,
"title": "HTTP health check request body",
"type": "string"
},
"request_headers": {
"description": "Array of HTTP request headers.",
"items": {
"$ref": "LbHttpRequestHeader
},
"required": false,
"title": "Array of HTTP request headers",
"type": "array"
},
"request_method": {
"$ref": "HttpRequestMethodType,
"default": "GET",
"description": "The health check method for HTTP monitor type.",
"required": false,
"title": "The health check method for HTTP monitor type"
},
"request_url": {
"default": "/",
"description": "For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters.",
"required": false,
"title": "Customized HTTP request url for active health checks",
"type": "string"
},
"request_version": {
"$ref": "HttpRequestVersionType,
"default": "HTTP_VERSION_1_1",
"description": "HTTP request version.",
"required": false,
"title": "HTTP request version"
},
"resource_type": {
"$ref": "LBMonitorProfileType,
"required": true
},
"response_body": {
"description": "If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful.",
"required": false,
"title": "Response body to match",
"type": "string"
},
"response_status_codes": {
"description": "The HTTP response status code should be a valid HTTP status code.",
"items": {
"type": "int"
},
"maxItems": 64,
"required": false,
"title": "Array of single HTTP response status codes",
"type": "array"
},
"rise_count": {
"default": 3,
"description": "Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor rise count for active healthchecks",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 5,
"description": "Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor timeout in seconds for active healthchecks",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "LBMonitorProfile for active health checks over HTTP",
"type": "object"
}
LBHttpProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Http profile. LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBAppProfile
},
"id": "LBHttpProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"http_redirect_to": {
"description": "If a website is temporarily down or has moved, incoming requests for that virtual server can be temporarily redirected to a URL.",
"required": false,
"title": "Http redirect static URL",
"type": "string"
},
"http_redirect_to_https": {
"default": false,
"description": "Certain secure applications may want to force communication over SSL, but instead of rejecting non-SSL connections, they may choose to redirect the client automatically to use SSL.",
"required": false,
"title": "Flag to indicate whether enable HTTP-HTTPS redirect",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idle_timeout": {
"default": 15,
"description": "It is used to specify the HTTP application idle timeout, it means that how long the load balancer will keep the connection idle to wait for the client to send the next keep-alive request. It is not a TCP socket setting.",
"maximum": 5400,
"minimum": 1,
"required": false,
"title": "HTTP application idle timeout in seconds",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"ntlm": {
"deprecated": true,
"description": "NTLM is an authentication protocol that can be used over HTTP. If the flag is set to true, LB will use NTLM challenge/response methodology. This property is deprecated. Please use the property server_keep_alive in order to keep the backend server connection alive for the client connection. When create a new profile, if both ntlm and server_keep_alive are set as different values, ERROR will be reported. When update an existing profile, if either ntlm or server_keep_alive value is changed, both of them are updated with the changed value.",
"required": false,
"title": "NTLM support flag",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"request_body_size": {
"description": "If it is not specified, it means that request body size is unlimited.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Maximum size of the buffer used to store HTTP request body",
"type": "integer"
},
"request_header_size": {
"default": 1024,
"description": "A request with header equal to or below this size is guaranteed to be processed. A request with header larger than request_header_size will be processed up to 32K bytes on best effort basis.",
"minimum": 1,
"required": false,
"title": "Maximum size of the buffer used to store HTTP request headers",
"type": "integer"
},
"resource_type": {
"$ref": "LBApplicationProfileType,
"required": true
},
"response_buffering": {
"default": false,
"description": "When buffering is deactivated, the response is passed to a client synchronously, immediately as it is received. When buffering is activated, LB receives a response from the backend server as soon as possible, saving it into the buffers.",
"required": false,
"title": "Activate or deactivate buffering of responses",
"type": "boolean"
},
"response_header_size": {
"default": 4096,
"description": "A response with header larger than response_header_size will be dropped.",
"maximum": 65536,
"minimum": 1,
"required": false,
"title": "Maximum size of the buffer used to store HTTP response headers",
"type": "integer"
},
"response_timeout": {
"default": 60,
"description": "If server doesn\u2019t send any packet within this time, the connection is closed.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Maximum server idle time in seconds",
"type": "integer"
},
"server_keep_alive": {
"description": "If server_keep_alive is true, it means the backend connection will keep alive for the client connection. Every client connection is tied 1:1 with the corresponding server-side connection. If server_keep_alive is false, it means the backend connection won't keep alive for the client connection. If server_keep_alive is not specified for API input, its value in API output will be the same with the property ntlm.",
"required": false,
"title": "Server keep-alive flag",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"x_forwarded_for": {
"$ref": "LBXForwardedForType,
"description": "When X-Forwareded-For is configured, X-Forwarded-Proto and X-Forwarded-Port information is added automatically. The two additional header information can be also modified or deleted in load balancer rules.",
"required": false,
"title": "Insert or replace x_forwarded_for"
}
},
"title": "Http profile",
"type": "object"
}
LBHttpRedirectAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to redirect HTTP request messages to a new URL. The reply_status value specified in this action is used as the status code of HTTP response message which is sent back to client (Normally a browser). The HTTP status code for redirection is 3xx, for example, 301, 302, 303, 307, etc. The redirect_url is the new URL that the HTTP request message is redirected to. Normally browser will send another HTTP request to the new URL after receiving a redirection response message. Captured variables and built-in variables can be used in redirect_url field. For example, to redirect all HTTP requests to HTTPS requests for a virtual server. We create an LBRule without any conditions, add an LBHttpRedirectAction to the rule. Set the redirect_url field of the LBHttpRedirectAction to: https://$_host$_request_uri And set redirect_status to \"302\", which means found. This rule will redirect all HTTP requests to HTTPS server port on the same host.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBHttpRedirectAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRedirectAction"
},
"properties": {
"redirect_status": {
"description": "HTTP response status code.",
"required": true,
"title": "HTTP response status code",
"type": "string"
},
"redirect_url": {
"description": "The URL that the HTTP request is redirected to.",
"required": true,
"title": "The URL that the HTTP request is redirected to",
"type": "string"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to redirect HTTP request messages",
"type": "object"
}
LBHttpRejectAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to reject HTTP request messages. The specified reply_status value is used as the status code for the corresponding HTTP response message which is sent back to client (Normally a browser) indicating the reason it was rejected. Reference official HTTP status code list for your specific HTTP version to set the reply_status properly. LBHttpRejectAction does not support variables.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBHttpRejectAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRejectAction"
},
"properties": {
"reply_message": {
"description": "Response message.",
"required": false,
"title": "Response message",
"type": "string"
},
"reply_status": {
"description": "HTTP response status code.",
"required": true,
"title": "HTTP response status code",
"type": "string"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to reject HTTP request messages",
"type": "object"
}
LBHttpRequestBodyCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match the message body of an HTTP request. Typically, only HTTP POST, PATCH, or PUT requests have request body. The match_type field defines how body_value field is used to match the body of HTTP requests.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpRequestBodyCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestBodyCondition"
},
"properties": {
"body_value": {
"required": true,
"title": "HTTP request body",
"type": "string"
},
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing HTTP body value.",
"required": false,
"title": "A case sensitive flag for HTTP body comparing",
"type": "boolean"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"required": false,
"title": "Match type of HTTP body"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Condition to match content of HTTP request message body",
"type": "object"
}
LBHttpRequestCookieCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match HTTP request messages by cookie which is a specific type of HTTP header. The match_type and case_sensitive define how to compare cookie value.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpRequestCookieCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestCookieCondition"
},
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing cookie value.",
"required": false,
"title": "A case sensitive flag for cookie value comparing",
"type": "boolean"
},
"cookie_name": {
"description": "Cookie name.",
"required": true,
"title": "Name of cookie",
"type": "string"
},
"cookie_value": {
"description": "Cookie value.",
"required": true,
"title": "Value of cookie",
"type": "string"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"description": "Match type of cookie value.",
"required": false,
"title": "Match type of cookie value"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Condition to match HTTP request cookie",
"type": "object"
}
LBHttpRequestHeaderCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match HTTP request messages by HTTP header fields. HTTP header fields are components of the header section of HTTP request and response messages. They define the operating parameters of an HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One condition can be used to match one header field, to match multiple header fields, multiple conditions must be specified. The match_type field defines how header_value field is used to match HTTP requests. The header_name field does not support match types.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpRequestHeaderCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestHeaderCondition"
},
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing HTTP header value.",
"required": false,
"title": "A case sensitive flag for HTTP header value comparing",
"type": "boolean"
},
"header_name": {
"default": "Host",
"required": false,
"title": "Name of HTTP header",
"type": "string"
},
"header_value": {
"required": true,
"title": "Value of HTTP header",
"type": "string"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"required": false,
"title": "Match type of HTTP header value"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Condition to match HTTP request header",
"type": "object"
}
LBHttpRequestHeaderDeleteAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to delete header fields of HTTP request messages at HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers with same header name. To delete headers with different header names, multiple actions must be defined.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBHttpRequestHeaderDeleteAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestHeaderDeleteAction"
},
"properties": {
"header_name": {
"description": "Name of a header field of HTTP request message.",
"required": true,
"title": "Name of a header field of HTTP request message",
"type": "string"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to delete HTTP request header fields",
"type": "object"
}
LBHttpRequestHeaderRewriteAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to rewrite header fields of matched HTTP request messages to specified new values. One action can be used to rewrite one header field. To rewrite multiple header fields, multiple actions must be defined. Captured variables and built-in variables can be used in the header_value field, header_name field does not support variables.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBHttpRequestHeaderRewriteAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestHeaderRewriteAction"
},
"properties": {
"header_name": {
"description": "Name of HTTP request header.",
"required": true,
"title": "Name of HTTP request header",
"type": "string"
},
"header_value": {
"description": "Value of HTTP request header.",
"required": true,
"title": "Value of HTTP request header",
"type": "string"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to rewrite header fields of HTTP request messages",
"type": "object"
}
LBHttpRequestMethodCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match method of HTTP requests. If the method of an HTTP request is same as the method specified in this condition, the HTTP request match this condition. For example, if the method field is set to GET in this condition, any HTTP request with GET method matches the condition.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpRequestMethodCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestMethodCondition"
},
"properties": {
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"method": {
"$ref": "HttpRequestMethodType,
"required": true,
"title": "Type of HTTP request method"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Condition to match method of HTTP request messages",
"type": "object"
}
LBHttpRequestUriArgumentsCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match URI arguments aka query string of Http request messages, for example, in URI http://exaple.com?foo=1&bar=2, the \"foo=1&bar=2\" is the query string containing URI arguments. In an URI scheme, query string is indicated by the first question mark (\"?\") character and terminated by a number sign (\"#\") character or by the end of the URI. The uri_arguments field can be specified as a regular expression(Set match_type to REGEX). For example, \"foo=(?<x>\\d+)\". It matches HTTP requests whose URI arguments containing \"foo\", the value of foo contains only digits. And the value of foo is captured as $x which can be used in LBRuleAction fields which support variables.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpRequestUriArgumentsCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestUriArgumentsCondition"
},
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing URI arguments.",
"required": false,
"title": "A case sensitive flag for URI arguments comparing",
"type": "boolean"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"required": false,
"title": "Match type of URI arguments"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
},
"uri_arguments": {
"description": "URI arguments, aka query string of URI.",
"required": true,
"title": "URI arguments",
"type": "string"
}
},
"title": "Condition to match URI arguments of HTTP requests",
"type": "object"
}
LBHttpRequestUriCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match URIs(Uniform Resource Identifier) of HTTP request messages. The URI field can be specified as a regular expression. If an HTTP request message is requesting an URI which matches specified regular expression, it matches the condition. The syntax of whole URI looks like this: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] This condition matches only the path part of entire URI. When match_type field is specified as REGEX, the uri field is used as a regular expression to match URI path of HTTP requests. For example, to match any URI that has \"/image/\" or \"/images/\", uri field can be specified as: \"/image[s]?/\". Named capturing groups can be used in the uri field to capture substrings of matched URIs and store them in variables for use in LBRuleAction. For example, specify uri field as: \"/news/(?<year>\\d+)/(?<month>\\d+)/(?<article>.*)\" If the URI path is /articles/news/2017/06/xyz.html, then substring \"2017\" is captured in variable year, \"06\" is captured in variable month, and \"xyz.html\" is captured in variable article. These variables can then be used in an LBRuleAction field which supports variables, such as uri field of LBHttpRequestUriRewriteAction. For example, set the uri field of LBHttpRequestUriRewriteAction as: \"/articles/news/$year-$month-$article\" Then the URI path /articles/news/2017/06/xyz.html is rewritten to: \"/articles/news/2017-06-xyz.html\"",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpRequestUriCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestUriCondition"
},
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing URI.",
"required": false,
"title": "A case sensitive flag for URI comparing",
"type": "boolean"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"required": false,
"title": "Match type of URI"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
},
"uri": {
"required": true,
"title": "A string used to identify resource",
"type": "string"
}
},
"title": "Condition to match URIs of HTTP request messages",
"type": "object"
}
LBHttpRequestUriRewriteAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to rewrite URIs in matched HTTP request messages. Specify the uri and uri_arguments fields in this condition to rewrite the matched HTTP request message's URI and URI arguments to the new values. Full URI scheme of HTTP messages have following syntax: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] The uri field of this action is used to rewrite the /path part in above scheme. And the uri_arguments field is used to rewrite the query part. Captured variables and built-in variables can be used in the uri and uri_arguments fields. Check the example in LBRuleAction to see how to use variables in this action.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBHttpRequestUriRewriteAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestUriRewriteAction"
},
"properties": {
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
},
"uri": {
"description": "URI of HTTP request.",
"required": true,
"title": "URI of HTTP request",
"type": "string"
},
"uri_arguments": {
"description": "Query string of URI, typically contains key value pairs, for example: foo1=bar1&foo2=bar2.",
"required": false,
"title": "URI arguments",
"type": "string"
}
},
"title": "Action to rewrite HTTP request URIs.",
"type": "object"
}
LBHttpRequestVersionCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match the HTTP protocol version of the HTTP request messages.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpRequestVersionCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpRequestVersionCondition"
},
"properties": {
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
},
"version": {
"$ref": "HttpRequestVersionType,
"required": true,
"title": "HTTP version"
}
},
"title": "Condition to match HTTP protocol version of HTTP requests",
"type": "object"
}
LBHttpResponseHeaderCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match HTTP response messages from backend servers by HTTP header fields. HTTP header fields are components of the header section of HTTP request and response messages. They define the operating parameters of an HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One condition can be used to match one header field, to match multiple header fields, multiple conditions must be specified. The match_type field defines how header_value field is used to match HTTP responses. The header_name field does not support match types.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpResponseHeaderCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpResponseHeaderCondition"
},
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing HTTP header value.",
"required": false,
"title": "A case sensitive flag for HTTP header value comparing",
"type": "boolean"
},
"header_name": {
"required": true,
"title": "Name of HTTP header field",
"type": "string"
},
"header_value": {
"required": true,
"title": "Value of HTTP header field",
"type": "string"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"required": false,
"title": "Match type of HTTP header value"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Condition to match a header field of HTTP response",
"type": "object"
}
LBHttpResponseHeaderDeleteAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to delete header fields of HTTP response messages at HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers with same header name. To delete headers with different header names, multiple actions must be defined.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBHttpResponseHeaderDeleteAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpResponseHeaderDeleteAction"
},
"properties": {
"header_name": {
"description": "Name of a header field of HTTP response message.",
"required": true,
"title": "Name of a header field of HTTP response message",
"type": "string"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to delete HTTP response header fields",
"type": "object"
}
LBHttpResponseHeaderRewriteAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to rewrite header fields of HTTP response messages to specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used to rewrite one header field. To rewrite multiple header fields, multiple actions must be defined. Captured variables and built-in variables can be used in the header_value field, header_name field does not support variables.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBHttpResponseHeaderRewriteAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpResponseHeaderRewriteAction"
},
"properties": {
"header_name": {
"description": "Name of a header field of HTTP request message.",
"required": true,
"title": "Name of a header field of HTTP request message",
"type": "string"
},
"header_value": {
"description": "Value of header field",
"required": true,
"title": "Value of header field",
"type": "string"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to rewrite HTTP response header fields",
"type": "object"
}
LBHttpSslCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match SSL handshake and SSL connection at all phases.If multiple properties are configured, the rule is considered a match when all the configured properties are matched.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBHttpSslCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpSslCondition"
},
"properties": {
"client_certificate_issuer_dn": {
"$ref": "LBClientCertificateIssuerDnCondition,
"description": "The issuer DN match condition of the client certificate for an established SSL connection.",
"required": false,
"title": "The issuer DN match condition of the client certificate"
},
"client_certificate_subject_dn": {
"$ref": "LBClientCertificateSubjectDnCondition,
"description": "The subject DN match condition of the client certificate for an established SSL connection.",
"required": false,
"title": "The subject DN match condition of the client certificate"
},
"client_supported_ssl_ciphers": {
"description": "Cipher list which supported by client.",
"items": {
"$ref": "SslCipher
},
"required": false,
"title": "Cipher list which supported by client",
"type": "array"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"session_reused": {
"$ref": "LbSslSessionReusedType,
"default": "IGNORE",
"description": "The type of SSL session reused.",
"required": false,
"title": "The type of SSL session reused"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
},
"used_protocol": {
"$ref": "SslProtocol,
"description": "Protocol of an established SSL connection.",
"required": false,
"title": "Protocol of an established SSL connection"
},
"used_ssl_cipher": {
"$ref": "SslCipher,
"description": "Cipher used for an established SSL connection.",
"required": false,
"title": "Cipher used for an established SSL connection"
}
},
"title": "Condition to match SSL handshake and SSL connection",
"type": "object"
}
LBHttpsMonitorProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Active healthchecks are deactivated by default and can be activated for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over HTTPS. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. LBHttpsMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBActiveMonitor
},
"id": "LBHttpsMonitorProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBHttpsMonitorProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"fall_count": {
"default": 3,
"description": "Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor fall count for active healthchecks",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"interval": {
"default": 5,
"description": "Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor interval in seconds for active healthchecks",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"monitor_port": {
"description": "Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.",
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Monitor port for active healthchecks",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"request_body": {
"description": "String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST.",
"required": false,
"title": "HTTP health check request body",
"type": "string"
},
"request_headers": {
"description": "Array of HTTP request headers.",
"items": {
"$ref": "LbHttpRequestHeader
},
"required": false,
"title": "Array of HTTP request headers",
"type": "array"
},
"request_method": {
"$ref": "HttpRequestMethodType,
"default": "GET",
"description": "The health check method for HTTP monitor type.",
"required": false,
"title": "The health check method for HTTP monitor type"
},
"request_url": {
"default": "/",
"description": "For HTTPS active healthchecks, the HTTPS request url sent can be customized and can include query parameters.",
"required": false,
"title": "Customized HTTPS request url for active health checks",
"type": "string"
},
"request_version": {
"$ref": "HttpRequestVersionType,
"default": "HTTP_VERSION_1_1",
"description": "HTTP request version.",
"required": false,
"title": "HTTP request version"
},
"resource_type": {
"$ref": "LBMonitorProfileType,
"required": true
},
"response_body": {
"description": "If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful.",
"required": false,
"title": "Response body to match",
"type": "string"
},
"response_status_codes": {
"description": "The HTTP response status code should be a valid HTTP status code.",
"items": {
"type": "int"
},
"maxItems": 64,
"required": false,
"title": "Array of single HTTP response status codes",
"type": "array"
},
"rise_count": {
"default": 3,
"description": "Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor rise count for active healthchecks",
"type": "integer"
},
"server_ssl_profile_binding": {
"$ref": "LBServerSslProfileBinding,
"description": "The setting is used when the monitor acts as an SSL client and establishing a connection to the backend server.",
"required": false,
"title": "Pool side SSL binding setting"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 5,
"description": "Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor timeout in seconds for active healthchecks",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "LBMonitorProfile for active health checks over HTTPS",
"type": "object"
}
LBIcmpMonitorProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Active healthchecks are deactivated by default and can be activated for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over ICMP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healt hchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. LBIcmpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBActiveMonitor
},
"id": "LBIcmpMonitorProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBIcmpMonitorProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"data_length": {
"default": 56,
"maximum": 65507,
"minimum": 0,
"required": false,
"title": "The data size (in byte) of the ICMP healthcheck packet",
"type": "integer"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"fall_count": {
"default": 3,
"description": "Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor fall count for active healthchecks",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"interval": {
"default": 5,
"description": "Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor interval in seconds for active healthchecks",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"monitor_port": {
"description": "Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.",
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Monitor port for active healthchecks",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBMonitorProfileType,
"required": true
},
"rise_count": {
"default": 3,
"description": "Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor rise count for active healthchecks",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 5,
"description": "Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor timeout in seconds for active healthchecks",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "LBMonitorProfile for active health checks over ICMP",
"type": "object"
}
LBIpHeaderCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match IP header fields of HTTP messages. Either source_address or group_id should be specified.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBIpHeaderCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBIpHeaderCondition"
},
"properties": {
"group_path": {
"description": "Source IP address of HTTP message should match IP addresses which are configured in Group in order to perform actions.",
"required": false,
"title": "Grouping object path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"source_address": {
"$ref": "IPElement,
"description": "Source IP address of HTTP message. IP Address can be expressed as a single IP address like 10.1.1.1, or a range of IP addresses like 10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported.",
"required": false,
"title": "Source IP address of HTTP message"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Condition to match IP header fields",
"type": "object"
}
LBJwtAuthAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to control access to backend server resources using JSON Web Token(JWT) authentication. The JWT authentication is done before any HTTP manipulation if the HTTP request matches the given condition in LBRule. Any verification failed, the HTTP process will be terminated, and HTTP response with 401 status code and WWW-Authentication header will be returned to client.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBJwtAuthAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBJwtAuthAction"
},
"properties": {
"key": {
"$ref": "LBJwtKey,
"descrption": "Keys are used for verifying the signature of JWT token. In current\nversion, only symmetric (HMAC SHA256) key and asymmetric (RS256) key\nare supported. It is optional, in case no key specified, the jwt\nsignature won't be verified.\n",
"required": false,
"title": "LBJwtKey used for verifying the signature of JWT token"
},
"pass_jwt_to_pool": {
"default": false,
"description": "Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers.",
"required": false,
"title": "Whether to pass the JWT to backend server or remove it",
"type": "boolean"
},
"realm": {
"description": "A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be \"WWW-Authentication: Bearer realm=<realm>\".",
"required": false,
"title": "JWT realm",
"type": "string"
},
"tokens": {
"description": "JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request \"Authorization: Bearer <token>\".",
"items": {
"type": "string"
},
"required": false,
"title": "JWT tokens",
"type": "array"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to control access using JWT authentication",
"type": "object"
}
LBJwtCertificateKey (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "The key is used to specify certificate which is used to verify the signature of JWT tokens.",
"extends": {
"$ref": "LBJwtKey
},
"id": "LBJwtCertificateKey",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBJwtCertificateKey"
},
"properties": {
"certificate_path": {
"required": true,
"title": "Certificate identifier",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"type": {
"$ref": "LBJwtKeyType,
"description": "The property is used to identify JWT key type.",
"required": true,
"title": "Type of load balancer JWT key"
}
},
"title": "Specifies certificate used to verify the signature of JWT tokens",
"type": "object"
}
LBJwtKey (type) (Deprecated)
{
"abstract": true,
"additionalProperties": false,
"deprecated": true,
"description": "LBJwtKey specifies the symmetric key or asymmetric public key used to decrypt the data in JWT.",
"id": "LBJwtKey",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "type"
},
"properties": {
"type": {
"$ref": "LBJwtKeyType,
"description": "The property is used to identify JWT key type.",
"required": true,
"title": "Type of load balancer JWT key"
}
},
"title": "Load balancer JWT key",
"type": "object"
}
LBJwtKeyType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "It is used to identify JWT key type.",
"enum": [
"LBJwtCertificateKey",
"LBJwtSymmetricKey",
"LBJwtPublicKey"
],
"id": "LBJwtKeyType",
"module_id": "PolicyLoadBalancer",
"title": "Type of load balancer JWT key",
"type": "string"
}
LBJwtPublicKey (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "The key is used to specify the public key content which is used to verify the signature of JWT tokens.",
"extends": {
"$ref": "LBJwtKey
},
"id": "LBJwtPublicKey",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBJwtPublicKey"
},
"properties": {
"public_key_content": {
"required": true,
"title": "Content of public key",
"type": "string"
},
"type": {
"$ref": "LBJwtKeyType,
"description": "The property is used to identify JWT key type.",
"required": true,
"title": "Type of load balancer JWT key"
}
},
"title": "Specifies public key content used to verify the signature of JWT tokens",
"type": "object"
}
LBJwtSymmetricKey (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "The key is used to specify the symmetric key which is used to verify the signature of JWT tokens.",
"extends": {
"$ref": "LBJwtKey
},
"id": "LBJwtSymmetricKey",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBJwtSymmetricKey"
},
"properties": {
"type": {
"$ref": "LBJwtKeyType,
"description": "The property is used to identify JWT key type.",
"required": true,
"title": "Type of load balancer JWT key"
}
},
"title": "Specifies the symmetric key used to verify the signature of JWT tokens",
"type": "object"
}
LBMonitorProfile (type) (Deprecated)
{
"abstract": true,
"additionalProperties": false,
"deprecated": true,
"description": "The object is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LBMonitorProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBMonitorProfileType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
LBMonitorProfileType (type) (Deprecated)
{
"deprecated": true,
"description": "There are two types of healthchecks: active and passive. Passive healthchecks depend on failures in actual client traffic (e.g. RST from server in response to a client connection) to detect that the server or the application is down. In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP and ICMP protocols.",
"enum": [
"LBTcpMonitorProfile",
"LBUdpMonitorProfile",
"LBIcmpMonitorProfile",
"LBHttpMonitorProfile",
"LBHttpsMonitorProfile",
"LBPassiveMonitorProfile"
],
"id": "LBMonitorProfileType",
"module_id": "PolicyLoadBalancer",
"title": "Monitor type",
"type": "string"
}
LBPassiveMonitorProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "The passive type of LBMonitorProfile. LBPassiveMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBMonitorProfile
},
"id": "LBPassiveMonitorProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBPassiveMonitorProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"max_fails": {
"default": 5,
"description": "When the consecutive failures reach this value, then the member is considered temporarily unavailable for a configurable period",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Number of consecutive connection failures",
"type": "integer"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBMonitorProfileType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 5,
"description": "After this timeout period, the member is tried again for a new connection to see if it is available.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Timeout in seconds before it is selected again for a new connection",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base class for each type of active LBMonitorProfile",
"type": "object"
}
LBPersistenceCookieTime (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Persistence cookie time.",
"extends": {
"$ref": "LBCookieTime
},
"id": "LBPersistenceCookieTime",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBPersistenceCookieTime"
},
"properties": {
"cookie_max_idle": {
"description": "HTTP cookie max-age to expire cookie, only available for insert mode.",
"maximum": 2147483647,
"minimum": 1,
"required": true,
"title": "Persistence cookie max idle time in seconds",
"type": "integer"
},
"type": {
"$ref": "LBCookieTimeType,
"required": true
}
},
"title": "Persistence cookie time",
"type": "object"
}
LBPersistenceProfile (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. LBGenericPersistenceProfile cannot be attached to LBVirtualServer directly, it can be specified in LBVariablePersistenceOnAction or LBVariablePersistenceLearnAction in LBRule. If a user attaches a LBGenericPersistenceProfile directly to a virtual server, the operation is rejected.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LBPersistenceProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"persistence_shared": {
"default": false,
"description": "Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions.",
"required": false,
"title": "Persistence shared across LBVirtualServers",
"type": "boolean"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The resource_type property identifies persistence profile type. LBCookiePersistenceProfile and LBGenericPersistenceProfile are deprecated as NSX-T Load Balancer is deprecated.",
"enum": [
"LBSourceIpPersistenceProfile",
"LBCookiePersistenceProfile",
"LBGenericPersistenceProfile"
],
"required": true,
"title": "Persistence profile type",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains the information related to load balancer persistence options",
"type": "object"
}
LBPool (type)
{
"additionalProperties": false,
"description": "Defining access of a Group from a LBVirtualServer and binding to LBMonitorProfile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LBPool",
"module_id": "PolicyLoadBalancer",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"active_monitor_paths": {
"deprecated": true,
"description": "In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Active healthchecks are deactivated by default and can be activated for a server pool by binding a health monitor to the pool. If multiple active monitors are configured, the pool member status is UP only when the health check status for all the monitors are UP. The property is deprecated as NSX-T Load Balancer is deprecated.",
"items": {
"type": "string"
},
"required": false,
"title": "Active monitor path list",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"LBPool"
],
"relationshipType": "LB_POOL_LB_MONITOR_PROFILE_RELATIONSHIP",
"rightType": [
"LBMonitorProfile"
]
}
]
},
"algorithm": {
"default": "ROUND_ROBIN",
"description": "Load Balancing algorithm chooses a server for each new connection by going through the list of servers in the pool. Currently, following load balancing algorithms are supported with ROUND_ROBIN as the default. ROUND_ROBIN means that a server is selected in a round-robin fashion. The weight would be ignored even if it is configured. WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted round-robin fashion. Default weight of 1 is used if weight is not configured. LEAST_CONNECTION means that a server is selected when it has the least number of connections. The weight would be ignored even if it is configured. Slow start would be enabled by default. WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted least connection fashion. Default weight of 1 is used if weight is not configured. Slow start would be enabled by default. IP_HASH means that consistent hash is performed on the source IP address of the incoming connection. This ensures that the same client IP address will always reach the same server as long as no server goes down or up. It may be used on the Internet to provide a best-effort stickiness to clients which refuse session cookies.",
"enum": [
"ROUND_ROBIN",
"WEIGHTED_ROUND_ROBIN",
"LEAST_CONNECTION",
"WEIGHTED_LEAST_CONNECTION",
"IP_HASH"
],
"required": false,
"title": "Load balancing algorithm",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"member_group": {
"$ref": "LBPoolMemberGroup,
"description": "Load balancer pool support grouping object as dynamic pool members. When member group is defined, members setting should not be specified.",
"required": false,
"title": "Load balancer member setting with grouping object"
},
"members": {
"description": "Server pool consists of one or more pool members. Each pool member is identified, typically, by an IP address and a port.",
"items": {
"$ref": "LBPoolMember
},
"required": false,
"title": "Load balancer pool members",
"type": "array"
},
"min_active_members": {
"default": 1,
"description": "A pool is considered active if there are at least certain minimum number of members.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Minimum number of active pool members to consider pool as active",
"type": "integer"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"passive_monitor_path": {
"deprecated": true,
"description": "Passive healthchecks are deactivated by default and can be activated by attaching a passive health monitor to a server pool. Each time a client connection to a pool member fails, its failed count is incremented. For pools bound to L7 virtual servers, a connection is considered to be failed and failed count is incremented if any TCP connection errors (e.g. TCP RST or failure to send data) or SSL handshake failures occur. For pools bound to L4 virtual servers, if no response is received to a TCP SYN sent to the pool member or if a TCP RST is received in response to a TCP SYN, then the pool member is considered to have failed and the failed count is incremented. The property is deprecated as NSX-T Load Balancer is deprecated.",
"required": false,
"title": "Passive monitor path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBPool"
],
"relationshipType": "LB_POOL_LB_MONITOR_PROFILE_RELATIONSHIP",
"rightType": [
"LBMonitorProfile"
]
}
]
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"snat_translation": {
"$ref": "LBSnatTranslation,
"description": "Depending on the topology, Source NAT (SNAT) may be required to ensure traffic from the server destined to the client is received by the load balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool, then load balancer uses the client IP and port (spoofing) while establishing connections to the servers. This is referred to as no-SNAT or TRANSPARENT mode. By default Source NAT is enabled as LBSnatAutoMap.",
"required": false,
"title": "Snat translation configuration"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_multiplexing_enabled": {
"default": false,
"deprecated": true,
"description": "TCP multiplexing allows the same TCP connection between load balancer and the backend server to be used for sending multiple client requests from different client TCP connections. The property is deprecated as NSX-T Load Balancer is deprecated.",
"required": false,
"title": "TCP multiplexing enable flag",
"type": "boolean"
},
"tcp_multiplexing_number": {
"default": 6,
"deprecated": true,
"description": "The maximum number of TCP connections per pool that are idly kept alive for sending future client requests. The property is deprecated as NSX-T Load Balancer is deprecated.",
"maximum": 2147483647,
"minimum": 0,
"required": false,
"title": "Maximum number of TCP connections for multiplexing",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Defining access a Group from a LBVirtualServer and binding to LBMonitorProfile",
"type": "object"
}
LBPoolMember (type)
{
"additionalProperties": false,
"description": "Pool member.",
"id": "LBPoolMember",
"module_id": "PolicyLoadBalancer",
"properties": {
"admin_state": {
"$ref": "PoolMemberAdminStateType,
"default": "ENABLED",
"description": "Member admin state.",
"required": false,
"title": "Member admin state"
},
"backup_member": {
"default": false,
"description": "Backup servers are typically configured with a sorry page indicating to the user that the application is currently unavailable. While the pool is active (a specified minimum number of pool members are active) BACKUP members are skipped during server selection. When the pool is inactive, incoming connections are sent to only the BACKUP member(s).",
"required": false,
"title": "Determine whether the pool member is for backup usage",
"type": "boolean"
},
"display_name": {
"description": "Pool member name.",
"required": false,
"title": "Pool member name",
"type": "string"
},
"ip_address": {
"$ref": "IPAddress,
"description": "Pool member IP address.",
"required": true,
"title": "Pool member IP address"
},
"max_concurrent_connections": {
"description": "To ensure members are not overloaded, connections to a member can be capped by the load balancer. When a member reaches this limit, it is skipped during server selection. If it is not specified, it means that connections are unlimited.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Maximum concurrent connection number",
"type": "integer"
},
"port": {
"$ref": "PortElement,
"description": "If port is specified, all connections will be sent to this port. Only single port is supported. If unset, the same port the client connected to will be used, it could be overrode by default_pool_member_port setting in virtual server. The port should not specified for port range case.",
"required": false,
"title": "Pool member port number"
},
"weight": {
"default": 1,
"description": "Pool member weight is used for WEIGHTED_ROUND_ROBIN balancing algorithm. The weight value would be ignored in other algorithms.",
"maximum": 256,
"minimum": 1,
"required": false,
"title": "Pool member weight",
"type": "integer"
}
},
"title": "Pool member",
"type": "object"
}
LBPoolMemberGroup (type)
{
"additionalProperties": false,
"description": "Pool member group.",
"id": "LBPoolMemberGroup",
"module_id": "PolicyLoadBalancer",
"properties": {
"customized_members": {
"description": "The list is used to show the customized pool member settings. User can only user pool member action API to update the admin state for a specific IP address.",
"items": {
"$ref": "PoolMemberSetting
},
"readonly": false,
"title": "List of customized pool member settings",
"type": "array"
},
"group_path": {
"description": "Load balancer pool support Group as dynamic pool members. The IP list of the Group would be used as pool member IP setting.",
"required": true,
"title": "Grouping object path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBPool"
],
"relationshipType": "LB_POOL_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
},
"ip_revision_filter": {
"default": "IPV4",
"description": "Ip revision filter is used to filter IPv4 or IPv6 addresses from the grouping object. If the filter is not specified, both IPv4 and IPv6 addresses would be used as server IPs. The link local and loopback addresses would be always filtered out.",
"enum": [
"IPV4",
"IPV6",
"IPV4_IPV6"
],
"required": false,
"title": "Filter of ipv4 or ipv6 address of grouping object IP list",
"type": "string"
},
"max_ip_list_size": {
"description": "The size is used to define the maximum number of grouping object IP address list. These IP addresses would be used as pool members. If the grouping object includes more than certain number of IP addresses, the redundant parts would be ignored and those IP addresses would not be treated as pool members. If the size is not specified, one member is budgeted for this dynamic pool so that the pool has at least one member even if some other dynamic pools grow beyond the capacity of load balancer service. Other members are picked according to available dynamic capacity. The unused members would be set to DISABLED so that the load balancer system itself is not overloaded during runtime.",
"maximum": 2147483647,
"minimum": 0,
"required": false,
"title": "Maximum number of grouping object IP address list",
"type": "integer"
},
"port": {
"description": "If port is specified, all connections will be sent to this port. If unset, the same port the client connected to will be used, it could be overridden by default_pool_member_ports setting in virtual server. The port should not specified for multiple ports case.",
"maximum": 65535,
"minimum": 1,
"required": false,
"title": "Pool member port for all IP addresses of the grouping object",
"type": "int"
}
},
"title": "Pool member group",
"type": "object"
}
LBRule (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Binding of a LBPool and Group to a LBVirtualServer used to route application traffic passing through load balancers. LBRule uses match conditions to match application traffic passing through a LBVirtualServer using HTTP or HTTPS. Can bind multiple LBVirtualServers to a Group. Each LBRule consists of two optional match conditions, each match contidion defines a criterion for application traffic. If no match conditions are specified, then the LBRule will always match and it is used typically to define default rules. If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LBRule to be considered a match. A match indicates that the LBVirtualServer should route the request to the Group (parent of LBRule). LBRule is deprecated as NSX-T Load Balancer is deprecated.",
"id": "LBRule",
"module_id": "PolicyLoadBalancer",
"properties": {
"actions": {
"description": "A list of actions to be executed at specified phase when load balancer rule matches. The actions are used to manipulate application traffic, such as rewrite URI of HTTP messages, redirect HTTP messages, etc.",
"items": {
"$ref": "LBRuleAction
},
"maxItems": 60,
"required": true,
"title": "Actions to be executed",
"type": "array"
},
"display_name": {
"description": "A display name useful for identifying an LBRule.",
"required": false,
"title": "Display name for LBRule",
"type": "string"
},
"match_conditions": {
"description": "A list of match conditions used to match application traffic. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion to match application traffic. If no match conditions are specified, then the load balancer rule will always match and it is used typically to define default rules. If more than one match condition is specified, then match strategy determines if all conditions should match or any one condition should match for the load balancer rule to considered a match.",
"items": {
"$ref": "LBRuleCondition
},
"maxItems": 60,
"required": false,
"title": "Conditions to match application traffic",
"type": "array"
},
"match_strategy": {
"default": "ANY",
"description": "If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this LBRule to be considered a match. - ANY indicates that either host_match or patch match may match for this LBRule to be considered a match.",
"enum": [
"ALL",
"ANY"
],
"required": false,
"title": "Match strategy for determining match of multiple conditions",
"type": "string"
},
"phase": {
"default": "HTTP_FORWARDING",
"description": "Each load balancer rule is used at a specific phase of load balancer processing. Currently five phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT. When an HTTP request message is received by load balancer, all HTTP_REQUEST_REWRITE rules, if present are executed in the order they are applied to virtual server. And then if HTTP_FORWARDING rules present, only first matching rule's action is executed, remaining rules are not checked. HTTP_FORWARDING rules can have only one action. If the request is forwarded to a backend server and the response goes back to load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed in the order they are applied to the virtual server. In HTTP_ACCESS phase, user can define action to control access using JWT authentication. In TRANSPORT phase, user can define the condition to match SNI in TLS client hello and define the action to do SSL end-to-end, SSL offloading or SSL passthrough using a specific load balancer server pool.",
"enum": [
"HTTP_REQUEST_REWRITE",
"HTTP_FORWARDING",
"HTTP_RESPONSE_REWRITE",
"HTTP_ACCESS",
"TRANSPORT"
],
"required": false,
"title": "Load balancer processing phase",
"type": "string"
}
},
"title": "Binding of a LBPool and Group to a LBVirtualServer",
"type": "object"
}
LBRuleAction (type) (Deprecated)
{
"abstract": true,
"additionalProperties": false,
"deprecated": true,
"description": "Load balancer rule actions are used to manipulate application traffic. Currently load balancer rules can be used at three load balancer processing phases. Each phase has its own supported type of actions. Supported actions in HTTP_REQUST_REWRITE phase are: LBHttpRequestUriRewriteAction LBHttpRequestHeaderRewriteAction LBHttpRequestHeaderDeleteAction LBVariableAssignmentAction Supported actions in HTTP_FORWARDING phase are: LBHttpRejectAction LBHttpRedirectAction LBSelectPoolAction LBVariablePersistenceOnAction LBConnectionDropAction Supported action in HTTP_RESPONSE_REWRITE phase is: LBHttpResponseHeaderRewriteAction LBHttpResponseHeaderDeleteAction LBVariablePersistenceLearnAction Supported action in HTTP_ACCESS phase is: LBJwtAuthAction LBConnectionDropAction LBVariableAssignmentAction Supported action in TRANSPORT phase is: LBSslModeSelectionAction LBSelectPoolAction If the match type of an LBRuleCondition field is specified as REGEX and named capturing groups are used in the specified regular expression. The groups can be used as variables in LBRuleAction fields. For example, define a rule with LBHttpRequestUriCondition as match condition and LBHttpRequestUriRewriteAction as action. Set match_type field of LBHttpRequestUriCondition to REGEX, and set uri field to \"/news/(?<year>\\d+)/(?<month>\\d+)/(?<article>.*)\". Set uri field of LBHttpRequestUriRewriteAction to: \"/news/$year-$month/$article\" In uri field of LBHttpRequestUriCondition, the (?<year>\\d+), (?<month>\\d+) and (?<article>.*) are named capturing groups, they define variables named $year, $month and $article respectively. The defined variables are used in LBHttpRequestUriRewriteAction. For a matched HTTP request with URI \"/news/2017/06/xyz.html\", the substring \"2017\" is captured in variable $year, \"06\" is captured in variable $month, and \"xyz.html\" is captured in variable $article. The LBHttpRequestUriRewriteAction will rewrite the URI to: \"/news/2017-06/xyz.html\" A set of built-in variables can be used in LBRuleAction as well. The name of built-in variables start with underscore, the name of user defined variables is not allowed to start with underscore. Following are some of the built-in variables: $_scheme: Reference the scheme part of matched HTTP messages, could be \"http\" or \"https\". $_host: Host of matched HTTP messages, for example \"www.example.com\". $_server_port: Port part of URI, it is also the port of the server which accepted a request. Default port is 80 for http and 443 for https. $_uri: The URI path, for example \"/products/sample.html\". $_request_uri: Full original request URI with arguments, for example, \"/products/sample.html?a=b&c=d\". $_args: URI arguments, for instance \"a=b&c=d\" $_is_args: \"?\" if a request has URI arguments, or an empty string otherwise. For the full list of built-in variables, please reference the NSX-T Administrator's Guide.",
"id": "LBRuleAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "type"
},
"properties": {
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Load balancer rule action",
"type": "object"
}
LBRuleActionType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Types of load balancer rule actions.",
"enum": [
"LBSelectPoolAction",
"LBHttpRequestUriRewriteAction",
"LBHttpRequestHeaderRewriteAction",
"LBHttpRejectAction",
"LBHttpRedirectAction",
"LBHttpResponseHeaderRewriteAction",
"LBHttpRequestHeaderDeleteAction",
"LBHttpResponseHeaderDeleteAction",
"LBVariableAssignmentAction",
"LBVariablePersistenceOnAction",
"LBVariablePersistenceLearnAction",
"LBJwtAuthAction",
"LBSslModeSelectionAction",
"LBConnectionDropAction"
],
"id": "LBRuleActionType",
"module_id": "PolicyLoadBalancer",
"title": "Types of load balancer rule actions",
"type": "string"
}
LBRuleCondition (type) (Deprecated)
{
"abstract": true,
"additionalProperties": false,
"deprecated": true,
"description": "Match conditions are used to match application traffic passing through load balancers. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion for application traffic. If inverse field is set to true, the match result of the condition is inverted. If more than one match condition is specified, match strategy determines if all conditions should match or any one condition should match for the load balancer rule to be considered a match. Currently only HTTP messages are supported by load balancer rules. Each load balancer rule is used at a specific phase of load balancer processing. Currently three phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING and HTTP_RESPONSE_REWRITE. Each phase supports certain types of match conditions, supported match conditions in HTTP_REQUEST_REWRITE phase are: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match conditions in HTTP_FORWARDING phase are: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition LBSslSniCondition Supported match conditions in HTTP_RESPONSE_REWRITE phase are: LBHttpResponseHeaderCondition LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match condition in HTTP_ACCESS phase is: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match condition in TRANSPORT phase is: LBSslSniCondition",
"id": "LBRuleCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "type"
},
"properties": {
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Match condition of load balancer rule",
"type": "object"
}
LBRuleConditionType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Type of load balancer rule match condition.",
"enum": [
"LBHttpRequestUriCondition",
"LBHttpRequestHeaderCondition",
"LBHttpRequestMethodCondition",
"LBHttpRequestUriArgumentsCondition",
"LBHttpRequestVersionCondition",
"LBHttpRequestCookieCondition",
"LBHttpRequestBodyCondition",
"LBHttpResponseHeaderCondition",
"LBTcpHeaderCondition",
"LBIpHeaderCondition",
"LBVariableCondition",
"LBHttpSslCondition",
"LBSslSniCondition"
],
"id": "LBRuleConditionType",
"module_id": "PolicyLoadBalancer",
"title": "Type of load balancer rule match condition",
"type": "string"
}
LBSelectPoolAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to select a pool for matched HTTP request messages. The pool is specified by path. The matched HTTP request messages are forwarded to the specified pool.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBSelectPoolAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBSelectPoolAction"
},
"properties": {
"pool_id": {
"description": "Path of load balancer pool.",
"required": true,
"title": "Path of load balancer pool",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_POOL_RELATIONSHIP",
"rightType": [
"LBPool"
]
}
]
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to select a pool for HTTP request messages",
"type": "object"
}
LBServerAuthType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to specify if the server certificate presented to the load balancer during handshake should be actually validated or not. Validation is automatic by default when server_auth_ca_certificate_paths are configured and IGNORED when they are not configured. If validation is REQUIRED, then to be accepted, server certificate must be signed by one of the trusted CAs whose self signed certificates are specified in the same server-side SSL profile binding.",
"enum": [
"REQUIRED",
"IGNORE",
"AUTO_APPLY"
],
"id": "LBServerAuthType",
"module_id": "PolicyLoadBalancer",
"title": "server authentication mode",
"type": "string"
}
LBServerSslProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Server SSL profile. LBServerSslProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBSslProfile
},
"id": "LBServerSslProfile",
"module_id": "PolicyLoadBalancer",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cipher_group_label": {
"$ref": "SslCipherGroup,
"description": "It is a label of cipher group which is mostly consumed by GUI.",
"required": false,
"title": "Label of cipher group"
},
"ciphers": {
"description": "Supported SSL cipher list to client side.",
"items": {
"$ref": "SslCipher
},
"required": false,
"title": "Supported SSL cipher list to client side",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_fips": {
"description": "This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant.",
"readonly": true,
"title": "FIPS compliance of ciphers and protocols",
"type": "boolean"
},
"is_secure": {
"description": "This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure.",
"readonly": true,
"title": "Secure/Insecure SSL profile flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"protocols": {
"description": "SSL version TLS1.2 is supported and enabled.",
"items": {
"$ref": "SslProtocol
},
"required": false,
"title": "Supported SSL protocol list to client side",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"session_cache_enabled": {
"default": true,
"description": "SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake.",
"required": false,
"title": "Session cache activate/deactivate falg",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Server SSL profile",
"type": "object"
}
LBServerSslProfileBinding (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Server SSL profile binding. LBServerSslProfileBinding is deprecated as NSX-T Load Balancer is deprecated.",
"id": "LBServerSslProfileBinding",
"module_id": "PolicyLoadBalancer",
"properties": {
"certificate_chain_depth": {
"default": 3,
"description": "Authentication depth is used to set the verification depth in the server certificates chain.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "The maximum traversal depth of server certificate chain",
"type": "integer"
},
"client_certificate_path": {
"description": "To support client authentication (load balancer acting as a client authenticating to the backend server), client certificate can be specified in the server-side SSL profile binding",
"required": false,
"title": "Client certificate path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"server_auth": {
"$ref": "LBServerAuthType,
"default": "AUTO_APPLY",
"description": "Server authentication mode.",
"title": "Server authentication mode"
},
"server_auth_ca_paths": {
"description": "If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified.",
"items": {
"type": "string"
},
"required": false,
"title": "CA path list to verify server certificate",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"server_auth_crl_paths": {
"description": "A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates.",
"items": {
"type": "string"
},
"required": false,
"title": "CRL path list to verify server certificate",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_TLS_CRL_RELATIONSHIP",
"rightType": [
"TlsCrl"
]
}
]
},
"ssl_profile_path": {
"description": "Server SSL profile defines reusable, application-independent server side SSL properties.",
"required": false,
"title": "Server SSL profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_SERVER_SSL_PROFILE_RELATIONSHIP",
"rightType": [
"LBServerSslProfile"
]
},
{
"leftType": [
"LBMonitorProfile"
],
"relationshipType": "LB_MONTOR_PROFILE_LB_SERVER_SSL_PROFILE_RELATIONSHIP",
"rightType": [
"LBServerSslProfile"
]
}
]
}
},
"title": "Server SSL profile binding",
"type": "object"
}
LBService (type)
{
"additionalProperties": false,
"description": "Loadbalancer Service.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LBService",
"module_id": "PolicyLoadBalancer",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"access_log_enabled": {
"deprecated": true,
"details": "This is a deprecated property, please use 'access_log_enabled' in\nLBVirtualServer. If both virtual server and load balancer service have\nthe setting, the setting in virtual server layer would override it and\ntake effect.\nIf access log is enabled, all HTTP requests sent to a L7 virtual server\nare logged to the access log file. L4 virtual server connections are\nnot currently logged to the access log.\n",
"required": false,
"title": "Flag to enable access log",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"connectivity_path": {
"description": "LBS could be instantiated (or created) on the Tier-1, etc. For now, only the Tier-1 object is supported.",
"required": false,
"title": "The connectivity target used to instantiate the LBService",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBService"
],
"relationshipType": "LB_SERVICE_NETWORK_RELATIONSHIP",
"rightType": [
"Tier1"
]
},
{
"leftType": [
"LBService"
],
"relationshipType": "LB_SERVICE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "Flag to enable the load balancer service.",
"required": false,
"title": "Flag to enable the load balancer service",
"type": "boolean"
},
"error_log_level": {
"$ref": "LbLogLevel,
"default": "INFO",
"description": "Load balancer engine writes information about encountered issues of different severity levels to the error log. This setting is used to define the severity level of the error log.",
"required": false,
"title": "Error log level of load balancer service"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"relax_scale_validation": {
"default": false,
"deprecated": true,
"description": "If relax_scale_validation is true, the scale validations for virtual servers/pools/pool members/rules are relaxed for load balancer service. When load balancer service is deployed on edge nodes, the scale of virtual servers/pools/pool members for the load balancer service should not exceed the scale number of the largest load balancer size which could be configured on a certain edge form factor. For example, the largest load balancer size supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer deployed on MEDIUM edge nodes can support the scale number of MEDIUM load balancer. It is not recommended to enable active monitors if relax_scale_validation is true due to performance consideration. If relax_scale_validation is false, scale numbers should be validated for load balancer service. The property is deprecated as NSX-T Load Balancer is deprecated.",
"required": false,
"title": "Whether scale validation is relaxed",
"type": "boolean"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"size": {
"$ref": "LbServiceSize,
"default": "SMALL",
"description": "Load balancer service size. The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all deprecated. Customers who are using this set of features are advised to migrate to NSX Advanced Load Balancer (Avi) which provides a superset of the NSX-T load balancing functionality.",
"required": false,
"title": "Load balancer service size"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Loadbalancer Service",
"type": "object"
}
LBSessionCookieTime (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Session cookie time.",
"extends": {
"$ref": "LBCookieTime
},
"id": "LBSessionCookieTime",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBSessionCookieTime"
},
"properties": {
"cookie_max_idle": {
"description": "Instead of using HTTP Cookie max-age and relying on client to expire the cookie, max idle time and/or max lifetime of the cookie can be used. Max idle time, if configured, specifies the maximum interval the cookie is valid for from the last time it was seen in a request. It is available for insert mode.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Session cookie max idle time in seconds",
"type": "integer"
},
"cookie_max_life": {
"description": "Max life time, if configured, specifies the maximum interval the cookie is valid for from the first time the cookie was seen in a request. It is available for insert mode.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Session cookie max lifetime in seconds",
"type": "integer"
},
"type": {
"$ref": "LBCookieTimeType,
"required": true
}
},
"title": "Session cookie time",
"type": "object"
}
LBSnatAutoMap (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Snat auto map.",
"extends": {
"$ref": "LBSnatTranslation
},
"id": "LBSnatAutoMap",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBSnatAutoMap"
},
"properties": {
"type": {
"$ref": "LBSnatTranslationType,
"description": "Snat translation type.",
"required": true,
"title": "Snat translation type"
}
},
"title": "Snat auto map",
"type": "object"
}
LBSnatDisabled (type)
{
"additionalProperties": false,
"description": "Snat disabled.",
"extends": {
"$ref": "LBSnatTranslation
},
"id": "LBSnatDisabled",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBSnatDisabled"
},
"properties": {
"type": {
"$ref": "LBSnatTranslationType,
"description": "Snat translation type.",
"required": true,
"title": "Snat translation type"
}
},
"title": "Snat disabled",
"type": "object"
}
LBSnatIpElement (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Snat Ip element.",
"id": "LBSnatIpElement",
"module_id": "PolicyLoadBalancer",
"properties": {
"ip_address": {
"$ref": "IPElement,
"description": "Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160.",
"required": true,
"title": "Ip address or ip range"
},
"prefix_length": {
"description": "Subnet prefix length should be not specified if there is only one single IP address or IP range.",
"required": false,
"title": "Subnet prefix length",
"type": "integer"
}
},
"title": "Snat Ip element",
"type": "object"
}
LBSnatIpPool (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Snat Ip pool.",
"extends": {
"$ref": "LBSnatTranslation
},
"id": "LBSnatIpPool",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBSnatIpPool"
},
"properties": {
"ip_addresses": {
"description": "If an IP range is specified, the range may contain no more than 64 IP addresses.",
"items": {
"$ref": "LBSnatIpElement
},
"maxItems": 64,
"required": true,
"title": "List of Ip address or ip range",
"type": "array"
},
"type": {
"$ref": "LBSnatTranslationType,
"description": "Snat translation type.",
"required": true,
"title": "Snat translation type"
}
},
"title": "Snat Ip pool",
"type": "object"
}
LBSnatTranslation (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Snat Translation.",
"id": "LBSnatTranslation",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "type"
},
"properties": {
"type": {
"$ref": "LBSnatTranslationType,
"description": "Snat translation type.",
"required": true,
"title": "Snat translation type"
}
},
"title": "Snat Translation",
"type": "object"
}
LBSnatTranslationType (type)
{
"additionalProperties": false,
"description": "Load balancers may need to perform SNAT to ensure reverse traffic from the server can be received and processed by them. There are three modes: LBSnatAutoMap uses the load balancer interface IP and an ephemeral port as the source IP and port of the server side connection. LBSnatIpPool allows user to specify one or more IP addresses along with their subnet masks that should be used for SNAT while connecting to any of the servers in the pool. LBSnatDisabled deactivates Source NAT. This is referred to as no-SNAT or TRANSPARENT mode. LBSnatAutoMap and LBSnatIpPool are deprecated as NSX-T Load Balancer is deprecated.",
"enum": [
"LBSnatAutoMap",
"LBSnatIpPool",
"LBSnatDisabled"
],
"id": "LBSnatTranslationType",
"module_id": "PolicyLoadBalancer",
"title": "Snat translation type",
"type": "string"
}
LBSourceIpPersistenceProfile (type)
{
"additionalProperties": false,
"description": "Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it.",
"extends": {
"$ref": "LBPersistenceProfile
},
"id": "LBSourceIpPersistenceProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBSourceIpPersistenceProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"ha_persistence_mirroring_enabled": {
"default": false,
"deprecated": true,
"description": "Persistence entries are not synchronized to the HA peer by default. The property is deprecated as NSX-T Load Balancer is deprecated.",
"required": false,
"title": "Mirroring enabled flag to synchronize persistence entries",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"persistence_shared": {
"default": false,
"description": "Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions.",
"required": false,
"title": "Persistence shared across LBVirtualServers",
"type": "boolean"
},
"purge": {
"$ref": "SourceIpPersistencePurge,
"default": "FULL",
"description": "Persistence purge setting.",
"required": false,
"title": "Persistence purge setting"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The resource_type property identifies persistence profile type. LBCookiePersistenceProfile and LBGenericPersistenceProfile are deprecated as NSX-T Load Balancer is deprecated.",
"enum": [
"LBSourceIpPersistenceProfile",
"LBCookiePersistenceProfile",
"LBGenericPersistenceProfile"
],
"required": true,
"title": "Persistence profile type",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 300,
"description": "When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Persistence entry expiration time in seconds",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "LBPersistenceProflie using SourceIP",
"type": "object"
}
LBSslModeSelectionAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to select SSL mode. Three types of SSL mode actions can be specified in Transport phase, ssl passthrough, ssl offloading and ssl end-to-end.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBSslModeSelectionAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBSslModeSelectionAction"
},
"properties": {
"ssl_mode": {
"description": "SSL Passthrough: LB establishes a TCP connection with client and another connection with selected backend server. LB won't inspect the stream data between client and backend server, but just pass it through. Backend server exchanges SSL connection with client. SSL Offloading: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTP without SSL. LB estalishes new connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. SSL End-to-End: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTPS. LB estalishes new SSL connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured.",
"enum": [
"SSL_PASSTHROUGH",
"SSL_END_TO_END",
"SSL_OFFLOAD"
],
"required": true,
"title": "Type of SSL mode",
"type": "string"
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
}
},
"title": "Action to select SSL mode",
"type": "object"
}
LBSslProfile (type) (Deprecated)
{
"abstract": true,
"additionalProperties": false,
"deprecated": true,
"description": "Load balancer abstract SSL profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LBSslProfile",
"module_id": "PolicyLoadBalancer",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Load balancer abstract SSL profile",
"type": "object"
}
LBSslSniCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match SSL SNI in client hello. This condition is only supported in TRANSPORT phase and HTTP_FORWARDING.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBSslSniCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBSslSniCondition"
},
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing SNI value.",
"required": false,
"title": "A case sensitive flag for SNI comparing",
"type": "boolean"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"required": false,
"title": "Match type of SNI"
},
"sni": {
"description": "The SNI(Server Name indication) in client hello message.",
"required": true,
"title": "The server name indication",
"type": "string"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Condition to match SSL SNI in client hello",
"type": "object"
}
LBTcpHeaderCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match TCP header fields of HTTP messages. Currently, only the TCP source port is supported. Ports can be expressed as a single port number like 80, or a port range like 1024-1030.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBTcpHeaderCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBTcpHeaderCondition"
},
"properties": {
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"source_port": {
"$ref": "PortElement,
"required": true,
"title": "TCP source port of HTTP message"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
}
},
"title": "Condition to match TCP header fields",
"type": "object"
}
LBTcpMonitorProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Active healthchecks are deactivated by default and can be activated for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over TCP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. LBTcpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBActiveMonitor
},
"id": "LBTcpMonitorProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBTcpMonitorProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"fall_count": {
"default": 3,
"description": "Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor fall count for active healthchecks",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"interval": {
"default": 5,
"description": "Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor interval in seconds for active healthchecks",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"monitor_port": {
"description": "Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.",
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Monitor port for active healthchecks",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"receive": {
"description": "Expected data, if specified, can be anywhere in the response and it has to be a string, regular expressions are not supported.",
"required": false,
"title": "Expected data received from server",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBMonitorProfileType,
"required": true
},
"rise_count": {
"default": 3,
"description": "Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor rise count for active healthchecks",
"type": "integer"
},
"send": {
"description": "If both send and receive are not specified, then just a TCP connection is established (3-way handshake) to validate server is healthy, no data is sent.",
"required": false,
"title": "Data to send",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 5,
"description": "Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor timeout in seconds for active healthchecks",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "LBMonitorProfile for active health checks over TCP",
"type": "object"
}
LBUdpMonitorProfile (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Active healthchecks are deactivated by default and can be activated for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over UDP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. LBUdpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.",
"extends": {
"$ref": "LBActiveMonitor
},
"id": "LBUdpMonitorProfile",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBUdpMonitorProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"fall_count": {
"default": 3,
"description": "Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor fall count for active healthchecks",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"interval": {
"default": 5,
"description": "Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor interval in seconds for active healthchecks",
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"monitor_port": {
"description": "Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.",
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Monitor port for active healthchecks",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"receive": {
"description": "Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period.",
"required": true,
"title": "Expected data received from server",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "LBMonitorProfileType,
"required": true
},
"rise_count": {
"default": 3,
"description": "Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor rise count for active healthchecks",
"type": "integer"
},
"send": {
"description": "The data to be sent to the monitored server.",
"required": true,
"title": "Data to send",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 5,
"description": "Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Monitor timeout in seconds for active healthchecks",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "LBMonitorProfile for active health checks over UDP",
"type": "object"
}
LBVariableAssignmentAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is used to create a new variable and assign value to it. One action can be used to create one variable. To create multiple variables, multiple actions must be defined. The variables can be used by LBVariableCondition, etc.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBVariableAssignmentAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBVariableAssignmentAction"
},
"properties": {
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
},
"variable_name": {
"description": "Name of the variable to be assigned.",
"required": true,
"title": "Name of the variable to be assigned",
"type": "string"
},
"variable_value": {
"description": "Value of variable.",
"required": true,
"title": "Value of variable",
"type": "string"
}
},
"title": "Action to create variable and assign value to it",
"type": "object"
}
LBVariableCondition (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This condition is used to match variable's name and value at all phases. The variables could be captured from REGEX or assigned by LBVariableAssignmentAction or system embedded variable. Varialbe_name and variable_value should be matched at the same time.",
"extends": {
"$ref": "LBRuleCondition
},
"id": "LBVariableCondition",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBVariableCondition"
},
"properties": {
"case_sensitive": {
"default": true,
"description": "If true, case is significant when comparing variable value.",
"required": false,
"title": "A case sensitive flag for variable value comparing",
"type": "boolean"
},
"inverse": {
"default": false,
"required": false,
"title": "A flag to indicate whether reverse the match result of this condition",
"type": "boolean"
},
"match_type": {
"$ref": "LbRuleMatchType,
"default": "REGEX",
"required": false,
"title": "Match type of variable value"
},
"type": {
"$ref": "LBRuleConditionType,
"required": true,
"title": "Type of load balancer rule condition"
},
"variable_name": {
"required": true,
"title": "Name of the variable to be matched",
"type": "string"
},
"variable_value": {
"required": true,
"title": "Value of variable to be matched",
"type": "string"
}
},
"title": "Condition to match IP header fields",
"type": "object"
}
LBVariablePersistenceLearnAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is performed in HTTP response rewrite phase. It is used to learn the value of variable from the HTTP response, and insert an entry into the persistence table if the entry doesn't exist.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBVariablePersistenceLearnAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBVariablePersistenceLearnAction"
},
"properties": {
"persistence_profile_path": {
"description": "If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported.",
"required": false,
"title": "Path to LBPersistenceProfile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_PERSISTENCE_PROFILE_RELATIONSHIP",
"rightType": [
"LBPersistenceProfile"
]
}
]
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
},
"variable_hash_enabled": {
"default": false,
"description": "The property is used to enable a hash operation for variable value when composing the persistence key.",
"required": false,
"title": "Whether to enable a hash operation for variable value",
"type": "boolean"
},
"variable_name": {
"description": "The property is the name of variable to be learnt. It is used to identify which variable's value is learnt from HTTP response. The variable can be a built-in variable such as \"_cookie_JSESSIONID\", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as \"article\". For the full list of built-in variables, please reference the NSX-T Administrator's Guide.",
"required": true,
"title": "Variable name",
"type": "string"
}
},
"title": "Action to learn the variable value",
"type": "object"
}
LBVariablePersistenceOnAction (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "This action is performed in HTTP forwarding phase. It is used to inspect the variable of HTTP request, and look up the persistence entry with its value and pool uuid as key. If the persistence entry is found, the HTTP request is forwarded to the recorded backend server according to the persistence entry. If the persistence entry is not found, a new entry is created in the table after backend server is selected.",
"extends": {
"$ref": "LBRuleAction
},
"id": "LBVariablePersistenceOnAction",
"module_id": "PolicyLoadBalancer",
"polymorphic-type-descriptor": {
"type-identifier": "LBVariablePersistenceOnAction"
},
"properties": {
"persistence_profile_path": {
"description": "If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported.",
"required": false,
"title": "Path to LBPersistenceProfile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_PERSISTENCE_PROFILE_RELATIONSHIP",
"rightType": [
"LBPersistenceProfile"
]
}
]
},
"type": {
"$ref": "LBRuleActionType,
"description": "The property identifies the load balancer rule action type.",
"required": true,
"title": "Type of load balancer rule action"
},
"variable_hash_enabled": {
"default": false,
"description": "The property is used to enable a hash operation for variable value when composing the persistence key.",
"required": false,
"title": "Whether to enable a hash operation for variable value",
"type": "boolean"
},
"variable_name": {
"description": "The property is the name of variable to be used. It specifies which variable's value of a HTTP Request will be used in the key of persistence entry. The variable can be a built-in variable such as \"_cookie_JSESSIONID\", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as \"article\". For the full list of built-in variables, please reference the NSX-T Administrator's Guide.",
"required": true,
"title": "Variable name",
"type": "string"
}
},
"title": "Action to persist the variable value",
"type": "object"
}
LBVirtualServer (type)
{
"additionalProperties": false,
"description": "All the types of LBVirtualServer extend from this abstract class. This is present for extensibility.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LBVirtualServer",
"module_id": "PolicyLoadBalancer",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"access_list_control": {
"$ref": "LBAccessListControl,
"description": "Specifies the access list control to define how to filter the connections from clients.",
"required": false,
"title": "IP access list control to filter the connections"
},
"access_log_enabled": {
"default": false,
"description": "If access log is enabled, all HTTP requests sent to L7 virtual server are logged to the access log file. Both successful returns information responses(1xx), successful responses(2xx), redirection messages(3xx) and unsuccessful requests, backend server returns 4xx or 5xx, are logged to access log, if enabled. All L4 virtual server connections are also logged to the access log if enabled. The non-significant events such as successful requests are not logged if log_significant_event_only is set to true.",
"required": false,
"title": "Access log enabled setting",
"type": "boolean"
},
"application_profile_path": {
"description": "The application profile defines the application protocol characteristics. It is used to influence how load balancing is performed. Currently, LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile, etc are supported.",
"required": true,
"title": "Application profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_APP_PROFILE_RELATIONSHIP",
"rightType": [
"LBAppProfile"
]
}
]
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"client_ssl_profile_binding": {
"$ref": "LBClientSslProfileBinding,
"deprecated": true,
"description": "The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. The property is deprecated as NSX-T Load Balancer is deprecated.",
"required": false,
"title": "Virtual server side SSL binding setting"
},
"default_pool_member_ports": {
"description": "Default pool member ports when member port is not defined.",
"items": {
"$ref": "PortElement
},
"maxItems": 14,
"required": false,
"title": "Default pool member ports when member port is not defined.",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "Flag to enable the load balancer virtual server.",
"required": false,
"title": "whether the virtual server is enabled",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_address": {
"$ref": "IPAddress,
"description": "Configures the IP address of the LBVirtualServer where it receives all client connections and distributes them among the backend servers.",
"required": true,
"title": "IP address of the LBVirtualServer"
},
"lb_persistence_profile_path": {
"description": "Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is deactivated by default.",
"required": false,
"title": "Persistence Profile used by LBVirtualServer",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_PERSISTENCE_PROFILE_RELATIONSHIP",
"rightType": [
"LBPersistenceProfile"
]
}
]
},
"lb_service_path": {
"description": "virtual servers can be associated to LBService(which is similar to physical/virtual load balancer), LB virtual servers, pools and other entities could be defined independently, the LBService identifier list here would be used to maintain the relationship of LBService and other LB entities.",
"required": false,
"title": "Path to LBService object for LBVirtualServer",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_SERVICE_RELATIONSHIP",
"rightType": [
"LBService"
]
}
]
},
"log_significant_event_only": {
"default": false,
"description": "The property log_significant_event_only can take effect only when access_log_enabled is true. If log_significant_event_only is true, significant events are logged in access log. For L4 virtual server, significant event means unsuccessful(error or dropped) TCP/UDP connections. For L7 virtual server, significant event means unsuccessful connections or HTTP/HTTPS requests which have error response code(e.g. 4xx, 5xx).",
"required": false,
"title": "Log only significant event in access log",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"max_concurrent_connections": {
"deprecated": true,
"description": "To ensure one virtual server does not over consume resources, affecting other applications hosted on the same LBS, connections to a virtual server can be capped. If it is not specified, it means that connections are unlimited. The property is deprecated as NSX-T Load Balancer is deprecated.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Maximum concurrent connection number",
"type": "integer"
},
"max_new_connection_rate": {
"deprecated": true,
"description": "To ensure one virtual server does not over consume resources, connections to a member can be rate limited. If it is not specified, it means that connection rate is unlimited. The property is deprecated as NSX-T Load Balancer is deprecated.",
"maximum": 2147483647,
"minimum": 1,
"required": false,
"title": "Maximum new connection rate in connections per second",
"type": "integer"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pool_path": {
"description": "The server pool(LBPool) contains backend servers. Server pool consists of one or more servers, also referred to as pool members, that are similarly configured and are running the same application.",
"required": false,
"title": "Default server pool path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_POOL_RELATIONSHIP",
"rightType": [
"LBPool"
]
}
]
},
"ports": {
"description": "Ports contains a list of at least one port or port range such as \"80\", \"1234-1236\". Each port element in the list should be a single port or a single port range.",
"items": {
"$ref": "PortElement
},
"required": true,
"title": "Virtual server port number(s) or port range(s)",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rules": {
"deprecated": true,
"description": "Load balancer rules allow customization of load balancing behavior using match/action rules. Currently, load balancer rules are supported for only layer 7 virtual servers with LBHttpProfile. The property is deprecated as NSX-T Load Balancer is deprecated.",
"items": {
"$ref": "LBRule
},
"maxItems": 4000,
"required": false,
"title": "List of load balancer rules",
"type": "array"
},
"server_ssl_profile_binding": {
"$ref": "LBServerSslProfileBinding,
"deprecated": true,
"description": "The setting is used when load balancer acts as an SSL client and establishing a connection to the backend server. The property is deprecated as NSX-T Load Balancer is deprecated.",
"required": false,
"title": "Pool side SSL binding setting"
},
"sorry_pool_path": {
"deprecated": true,
"description": "When load balancer can not select a backend server to serve the request in default pool or pool in rules, the request would be served by sorry server pool. The property is deprecated as NSX-T Load Balancer is deprecated.",
"required": false,
"title": "Sorry server pool path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LBVirtualServer"
],
"relationshipType": "LB_VIRTUAL_SERVER_LB_POOL_RELATIONSHIP",
"rightType": [
"LBPool"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base class for each type of LBVirtualServer",
"type": "object"
}
LBXForwardedForType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "X-forwarded-for type.",
"enum": [
"INSERT",
"REPLACE"
],
"id": "LBXForwardedForType",
"module_id": "PolicyLoadBalancer",
"title": "X-forwarded-for type",
"type": "string"
}
Label (type)
{
"additionalProperties": false,
"description": "Label that will be displayed for a UI element.",
"id": "Label",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"condition": {
"description": "If the condition is met then the label will be applied. Examples of expression syntax are provided under example_request section of CreateWidgetConfiguration API.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"hover": {
"default": false,
"description": "If true, displays the label only on hover",
"title": "Show label only on hover",
"type": "boolean"
},
"icons": {
"description": "Icons to be applied at dashboard for the label",
"items": {
"$ref": "Icon
},
"minItems": 0,
"title": "Icons",
"type": "array"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"text": {
"description": "Text to be displayed at the label.",
"maxLength": 255,
"required": true,
"title": "Label text",
"type": "string"
}
},
"title": "Label",
"type": "object"
}
LabelValueConfiguration (type)
{
"additionalProperties": false,
"description": "Represents a Label-Value widget configuration",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "LabelValueConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "LabelValueConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"layout": {
"$ref": "Layout,
"description": "Layout of properties can be vertical or grid. If layout is not specified a default vertical layout is applied.",
"title": "Layout of properties inside widget"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"properties": {
"description": "An array of label-value properties.",
"items": {
"$ref": "PropertyItem
},
"required": true,
"title": "Rows",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"sub_type": {
"description": "A sub-type of LabelValueConfiguration. If sub-type is not specified the parent type is rendered. For VERTICALLY_ALIGNED sub_type, the value is placed below the label. For HORIZONTALLY_ALIGNED sub_type, the value is placed right hand side of the label.",
"enum": [
"VERTICALLY_ALIGNED",
"HORIZONTALLY_ALIGNED"
],
"title": "Sub-type of the LabelValueConfiguration",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Label Value Dashboard Widget Configuration",
"type": "object"
}
Layout (type)
{
"additionalProperties": false,
"description": "Represents layout of a container or widget",
"id": "Layout",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"properties": {
"$ref": "LayoutProperties
},
"type": {
"default": "HORIZONTAL",
"description": "Describes layout of a container or widget. Layout describes how individual widgets are placed inside the container. For example, if HORIZONTAL is chosen widgets are placed side by side inside the container. If VERTICAL is chosen then widgets are placed one below the other. If GRID is chosen then the container or widget display area is divided into a grid of m rows and n columns, as specified in the properties, and the widgets are placed inside the grid. If AUTO is chosen then container or widgets display area will be automatically calculated depending upon the required width.",
"enum": [
"HORIZONTAL",
"VERTICAL",
"GRID",
"AUTO"
],
"title": "Type of layout of a container or widget",
"type": "string"
}
},
"title": "Layout of a container or widget",
"type": "object"
}
LayoutProperties (type)
{
"additionalProperties": false,
"description": "Properties of the layout of a container or widget",
"id": "LayoutProperties",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"num_columns": {
"description": "Describes the number of columns of grid layout of a container or widget. This property is applicable for grid layout only.",
"title": "Number of columns of grid",
"type": "int"
},
"num_rows": {
"description": "Describes the number of rows of grid layout of a container or widget. This property is applicable for grid layout only.",
"title": "Number of rows of grid",
"type": "int"
}
},
"title": "Layout properties of a container or widget",
"type": "object"
}
LbHttpRequestHeader (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"id": "LbHttpRequestHeader",
"module_id": "LoadBalancer",
"properties": {
"header_name": {
"required": true,
"title": "Name of HTTP request header",
"type": "string"
},
"header_value": {
"required": true,
"title": "Value of HTTP request header",
"type": "string"
}
},
"type": "object"
}
LbLogLevel (type)
{
"additionalProperties": false,
"enum": [
"DEBUG",
"INFO",
"WARNING",
"ERROR",
"CRITICAL",
"ALERT",
"EMERGENCY"
],
"id": "LbLogLevel",
"module_id": "LoadBalancer",
"title": "the log level of load balancer service",
"type": "string"
}
LbRuleMatchType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "LbRuleMatchType is used to determine how a specified string value is used to match a specified LbRuleCondition field. STARTS_WITH: If the LbRuleCondition field starts with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. ENDS_WITH: If the LbRuleCondition field ends with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. EQUALS: If the LbRuleCondition field is same as the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. CONTAINS: If the LbRuleCondition field contains the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. REGEX: If the LbRuleCondition field matches specified regular expression, the condition matches. The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the restrictions. If named capturing groups are used in the regular expression, when a match succeeds, the substrings of the subject string that match named capturing groups are stored (captured) in variables with specific names which can be used in the fields of LbRuleAction which support variables. Named capturing group are defined in the format (?<name>subpattern), such as (?<year>\\d{4}). For example, in the regular expression: \"/news/(?<year>\\d+)/(?<month>\\d+)/(?<article>.*)\", for subject string \"/news/2017/06/xyz.html\", the substring \"2017\" is captured in variable year, \"06\" is captured in variable month, and \"xyz.html\" is captured in variable article. These variables can be used in LbRuleAction fields which support variables in form of $name, such as $year, $month, $article. Please note, when regular expressions are used in JSON(JavaScript Object Notation) string, every backslash character (\\) needs to be escaped by one additional backslash character.",
"enum": [
"STARTS_WITH",
"ENDS_WITH",
"EQUALS",
"CONTAINS",
"REGEX"
],
"id": "LbRuleMatchType",
"module_id": "LoadBalancer",
"title": "Match type for LbRule conditions",
"type": "string"
}
LbServiceSize (type)
{
"additionalProperties": false,
"description": "The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or DLB. The first four sizes are realized on Edge node as a centralized load balancer. DLB is realized on each ESXi hypervisor as a distributed load balancer. DLB is supported for k8s cluster IPs managed by vSphere with Kubernetes. DLB is NOT supported for any other workload types. The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all deprecated. Customers who are using this set of features are advised to migrate to NSX Advanced Load Balancer (Avi) which provides a superset of the NSX-T load balancing functionality.",
"enum": [
"SMALL",
"MEDIUM",
"LARGE",
"XLARGE",
"DLB"
],
"id": "LbServiceSize",
"module_id": "LoadBalancer",
"title": "the size of load balancer service",
"type": "string"
}
LbSslSessionReusedType (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"enum": [
"IGNORE",
"REUSED",
"NEW"
],
"id": "LbSslSessionReusedType",
"module_id": "LoadBalancer",
"title": "Type of SSL session reused",
"type": "string"
}
LdapIdentitySource (type)
{
"abstract": true,
"description": "This is the base type for all identity sources that use LDAP for authentication and group membership.",
"extends": {
"$ref": "ManagedResource
},
"id": "LdapIdentitySource",
"module_id": "LdapIdentitySources",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alternative_domain_names": {
"description": "After parsing the \"user@domain\", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.",
"items": {
"type": "string"
},
"title": "Additional domains to be directed to this identity source",
"type": "array"
},
"base_dn": {
"description": "The subtree of the LDAP identity source to search when locating users and groups.",
"required": true,
"title": "DN of subtree for user and group searches",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"domain_name": {
"description": "The name of the authentication domain. When users log into NSX using an identity of the form \"user@domain\", NSX uses the domain portion to determine which LDAP identity source to use.",
"required": true,
"title": "Authentication domain name",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ldap_servers": {
"description": "The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.",
"items": {
"$ref": "IdentitySourceLdapServer
},
"maxItems": 3,
"title": "LDAP servers for this identity source",
"type": "array"
},
"resource_type": {
"enum": [
"ActiveDirectoryIdentitySource",
"OpenLdapIdentitySource"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "An LDAP identity source",
"type": "object"
}
LdapIdentitySourceListResult (type)
{
"description": "The results of listing LDAP identity sources.",
"extends": {
"$ref": "ListResult
},
"id": "LdapIdentitySourceListResult",
"module_id": "LdapIdentitySources",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "LdapIdentitySource
},
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List results containing LDAP identity sources",
"type": "object"
}
LdapIdentitySourceProbeResults (type)
{
"description": "Results from probing all LDAP servers in an LDAP identity source configuration.",
"extends": {
"$ref": "Resource
},
"id": "LdapIdentitySourceProbeResults",
"module_id": "LdapIdentitySources",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"results": {
"description": "Probe results for all probed LDAP servers.",
"items": {
"$ref": "IdentitySourceLdapServerProbeResult
},
"title": "Probe results",
"type": "array"
}
},
"title": "Results from probing all LDAP servers",
"type": "object"
}
LdapIdentitySourceSearchRequestParameters (type)
{
"additionalProperties": false,
"description": "To search for a user or group in an LDAP identity source, provide a filter_value. The directory will be searched for users and groups that match the search string. User searches: For Active Directory sources, the directory will be searched for users whose commonName (CN) property contains the given string and for users whose samAccountName property contains the given string. For OpenLDAP sources, the directory will be searched for users whose commonName (CN) property contains the given string and for users whose uid property contains the given string. Group searches: For both Active Directory and OpenLDAP sources, the directory will be searched for groups whose commonName (CN) property contains the the given string. The LDAP server may impose a limit on the number of returned entries.",
"id": "LdapIdentitySourceSearchRequestParameters",
"module_id": "LdapIdentitySources",
"properties": {
"filter_value": {
"description": "A string to use when searching for users and groups in the LDAP identity source.",
"required": true,
"title": "Search filter value",
"type": "string"
}
},
"title": "Arguments for searching users and groups",
"type": "object"
}
LdapIdentitySourceSearchResultItem (type)
{
"id": "LdapIdentitySourceSearchResultItem",
"module_id": "LdapIdentitySources",
"properties": {
"common_name": {
"description": "The Common Name (CN) of the entry, if available.",
"title": "Common Name (CN) of entry",
"type": "string"
},
"dn": {
"description": "Distinguished name (DN) of the entry.",
"title": "DN of the entry",
"type": "string"
},
"principal_name": {
"description": "For Active Directory (AD) users, this will be the user principal name (UPN), in the format user@domain. For non-AD users, this will be the user's uid property, followed by \"@\" and the domain of the directory. For groups, this will be the group's common name, followed by \"@\" and the domain of the directory.",
"title": "The principal name of the user or group, if available",
"type": "string"
},
"type": {
"description": "Describes the type of the entry",
"enum": [
"USER",
"GROUP"
],
"title": "Type of the entry",
"type": "string"
}
},
"type": "object"
}
LdapIdentitySourceSearchResultList (type)
{
"description": "A list of LDAP entries returned from a search of an LDAP identity source.",
"extends": {
"$ref": "Resource
},
"id": "LdapIdentitySourceSearchResultList",
"module_id": "LdapIdentitySources",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"results": {
"items": {
"$ref": "LdapIdentitySourceSearchResultItem
},
"type": "array"
}
},
"title": "A list of LDAP search results",
"type": "object"
}
LdapProbeError (type)
{
"description": "Detail about one error encountered during a probe.",
"id": "LdapProbeError",
"module_id": "LdapIdentitySources",
"properties": {
"error_type": {
"description": "The cause of the error. BASE_DN_NOT_FOUND: The configured base DN does not exist on the LDAP server or is not readable. BIND_DN_AND_PASSWORD_REQUIRED: This server is configured to require a bind DN and password. Please add these to your LDAP server configuration. BIND_DN_INVALID: The bind DN or username provided is not valid on the LDAP server. Check that the bind DN is correct. This error may also indicate that the base DN in your configuration is incorrect. CERTIFICATE_HOSTNAME_MISMATCH_ERROR: The hostname configured for the LDAP server does not match the hostname in the server's certificate subject or alternative subject names. Be sure that the hostname you configure in NSX Manager matches one of those names. CERTIFICATE_MISMATCH_ERROR: The certificate presented by the LDAP server did not match the certificate in the configuration on the NSX Manager. CONNECTION_REFUSED: The connection was refused when contacting the LDAP server. Ensure that the LDAP server is running and that you are using the correct ip/hostname. CONNECTION_TIMEOUT: The connection timed out when contacting the LDAP server. Check the hostname/ip and any firewalls between the NSX Manager and the LDAP server. GENERAL_ERROR: An undetermined error occurred. INVALID_CONFIGURED_CERTIFICATE: The certificate configured for this LDAP server is invalid and could not be decoded. Check that the PEM-formatted certificate you provided is correct. INVALID_CREDENTIALS: The username and/or password are incorrect. SSL_HANDSHAKE_ERROR: An error occurred while establishing a secure connection with the LDAP server. Check that the LDAP server's certificate is correct, and that it is using an SSL/TLS cipher suite that is compatible with the NSX Manager. This error can also occur if the hostname you have configured for the LDAP server does not match any of the hostnames in the Subject Alternative Name records in the server certificate. STARTTLS_FAILED: Unable to use StartTLS to upgrade the connection to use TLS. Ensure that the LDAP server supports TLS and if not, use LDAP or LDAPS as the protocol. UNKNOWN_HOST: The hostname of the LDAP server could not be resolved. NO_ROUTE_TO_HOST: There is no network route to the host. BIND_EXCEPTION: A socket to the remote host could not be opened. PORT_UNREACHABLE: The LDAP port is not open on the remote host. BASE_DN_NOT_WITHIN_DOMAIN: For Active Directory, the base DN is not a subtree of the Domain Component tree corresponding to the LDAP domain. For example, if the domain is \"example.com\", the baseDN should be \"dc=example, dc=com\" or a subtree like \"ou=Users,dc=example,dc=com\". LDAP_SERVER_DISABLED: The LDAP server is marked as disabled in the NSX configuration and will not be used.",
"enum": [
"BASE_DN_NOT_FOUND",
"BIND_DN_AND_PASSWORD_REQUIRED",
"BIND_DN_INVALID",
"CERTIFICATE_HOSTNAME_MISMATCH_ERROR",
"CERTIFICATE_MISMATCH_ERROR",
"CONNECTION_REFUSED",
"CONNECTION_TIMEOUT",
"GENERAL_ERROR",
"INVALID_CONFIGURED_CERTIFICATE",
"INVALID_CREDENTIALS",
"SSL_HANDSHAKE_ERROR",
"STARTTLS_FAILED",
"UNKNOWN_HOST",
"NO_ROUTE_TO_HOST",
"BIND_EXCEPTION",
"PORT_UNREACHABLE",
"BASE_DN_NOT_WITHIN_DOMAIN",
"LDAP_SERVER_DISABLED"
],
"title": "Error type",
"type": "string"
}
},
"title": "Error detail from probe",
"type": "object"
}
Legend (type)
{
"additionalProperties": false,
"description": "Represents legend that describes the entities of the widget.",
"id": "Legend",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"alignment": {
"default": "VERTICAL",
"description": "Describes the alignment of legend. Alignment of a legend denotes how individual items of the legend are aligned in a container. For example, if VERTICAL is chosen then the items of the legend will appear one below the other and if HORIZONTAL is chosen then the items will appear side by side.",
"enum": [
"HORIZONTAL",
"VERTICAL"
],
"title": "Alignment of the legend",
"type": "string"
},
"display_count": {
"default": true,
"description": "If set to true, it will display the counts in legend. If set to false, counts of entities are not displayed in the legend.",
"title": "Show count of entities in the legend",
"type": "boolean"
},
"display_mode": {
"default": "SHOW_ALL_LEGENDS",
"description": "Display mode for legends.",
"enum": [
"SHOW_ALL_LEGENDS",
"SHOW_MIN_NO_OF_LEGENDS",
"SHOW_OTHER_GROUP_WITH_LEGENDS"
],
"title": "Display mode for legends.",
"type": "string"
},
"filterable": {
"default": false,
"description": "Show checkbox along with legends if value is set to true. Widget filtering capability can be enable based on legend checkbox selection. for 'display_mode' SHOW_OTHER_GROUP_WITH_LEGENDS filterable property is not supported.",
"title": "Show checkbox along with legends if value is set to true",
"type": "boolean"
},
"min_legends_display_count": {
"default": 3,
"description": "A minimum number of legends to be displayed upfront. if 'display_mode' is set to SHOW_MIN_NO_OF_LEGENDS then this property value will be used to display number of legends upfront in the UI.",
"maximum": 12,
"minimum": 1,
"title": "A minimum number of legends to be displayed.",
"type": "int"
},
"other_group_legend_label": {
"default": "WIDGET_LABEL_OTHER_LEGEND_LABEL",
"description": "A translated label for showing other category label in legends.",
"title": "A label for showing other category in legends.",
"type": "string"
},
"position": {
"default": "RIGHT",
"description": "Describes the relative placement of legend. The legend of a widget can be placed either to the TOP or BOTTOM or LEFT or RIGHT relative to the widget. For example, if RIGHT is chosen then legend is placed to the right of the widget.",
"enum": [
"TOP",
"BOTTOM",
"LEFT",
"RIGHT",
"TOP_RIGHT"
],
"title": "Placement of legend",
"type": "string"
},
"type": {
"default": "CIRCLE",
"description": "Describes the render type for the legend. The legend for an entity describes the entity in the widget. The supported legend type is a circle against which the entity's details such as display_name are shown. The color of the circle denotes the color of the entity shown inside the widget.",
"enum": [
"CIRCLE"
],
"title": "Type of the legend",
"type": "string"
},
"unit": {
"description": "Show unit of entities in the legend.",
"title": "Show unit of entities in the legend",
"type": "string"
}
},
"title": "Legend for the widget",
"type": "object"
}
LegendWidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration for Legend widget. For this widget the data source is not applicable. This widget can be use to add the Legend inside the dashboard container.",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "LegendWidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "LegendWidgetConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"layout": {
"$ref": "Legend,
"description": "Defines the layout for the legend widget",
"required": true,
"title": "A layout for legend widget."
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"source_widget_id": {
"description": "Id of source widget, if any. Id should be a valid id of an existing widget. This property can be used to identify the source of the data for this legend widget.",
"maxLength": 255,
"required": true,
"title": "Id of source widget for this legend widget",
"type": "string"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Legend widget Configuration",
"type": "object"
}
LineChartPlotConfiguration (type)
{
"additionalProperties": false,
"description": "A line chart plotting configuration.",
"extends": {
"$ref": "WidgetPlotConfiguration
},
"id": "LineChartPlotConfiguration",
"module_id": "NsxDashboard",
"properties": {
"allow_maximize": {
"description": "Allow maximize capability for this widget",
"title": "Allow maximize capability for this widget",
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the given chart config is applied to the widget configuration.",
"maxLength": 1024,
"title": "Expression for evaluating condition for this chart config",
"type": "string"
},
"fill_gradient_area": {
"description": "Fill the line chart area with a gradient series color.",
"title": "Fill the line chart area with a gradient series color.",
"type": "boolean"
},
"num_of_series_to_display": {
"description": "Specifies the number of series to be displayed in a line chart. If no value is provided all the series will be displayed.",
"maximum": 16,
"minimum": 1,
"title": "A number of series to be displayed upfront.",
"type": "int"
},
"show_curved_lines": {
"default": true,
"description": "Used for displaying the curved lines for a series in a line chart. By default, straight line is used to for a series in a line chart.",
"title": "Show curved lines for series",
"type": "boolean"
},
"show_data_in_tooltip": {
"default": false,
"description": "Show the data in tooltip.",
"title": "Show data in tooltip.",
"type": "boolean"
},
"show_data_points": {
"default": true,
"description": "Controls the visiblity of the data points on the line chart. If value is set to false data points wont be high- lighted on the lines.",
"title": "Show the Data point highlighting in line chart",
"type": "boolean"
},
"show_grid_lines": {
"default": true,
"description": "Controls the visiblity of the grid lines in line chart.",
"title": "Show grid lines",
"type": "boolean"
},
"show_grouped_tooltip": {
"default": false,
"description": "Controls the visiblity of the grouped tooltip in a line chart across all series.",
"title": "Derives to show the grouped tooltip",
"type": "boolean"
},
"show_min_max_on_series": {
"default": false,
"description": "Controls the visiblity of the min and max value across line series in line chart.",
"title": "Show min and max value on line series",
"type": "boolean"
},
"show_unit_in_tooltip": {
"default": false,
"description": "Show the data unit in tooltip.",
"title": "Show data unit in tooltip.",
"type": "boolean"
},
"sort_data_in_grouped_tooltip": {
"default": false,
"description": "Sort the data in grouped tooltip.",
"title": "Sort the data in grouped tooltip",
"type": "boolean"
},
"sort_series": {
"default": false,
"description": "Specifies whether the series should be sorted by the latest data point.",
"title": "Perform sorting on series using the latest data point",
"type": "boolean"
}
},
"title": "A line chart plotting configuration",
"type": "object"
}
ListByNodeIdParameters (type)
{
"extends": {
"$ref": "ListWithDataSourceParameters
},
"id": "ListByNodeIdParameters",
"module_id": "AggSvcL2Types",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
},
"transport_node_id": {
"required": false,
"title": "TransportNode Id",
"type": "string"
}
},
"type": "object"
}
ListByOptionalTransportNodeParameters (type)
{
"extends": {
"$ref": "ListRequestParameters
},
"id": "ListByOptionalTransportNodeParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_path": {
"required": false,
"title": "Transport node",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
ListCertParameter (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "ListCertParameter",
"module_id": "CertificateManager",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"details": {
"default": false,
"required": false,
"title": "whether to expand the pem data and show all its details",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"node_id": {
"description": "Provide this parameter to limit the list of returned certificates to those matching a particular node ID.",
"required": false,
"title": "Node ID of certificate to return",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"type": {
"description": "Provide this parameter to limit the list of returned certificates to those matching a particular usage. Passing cluster_certificate will return the certificate used for the cluster wide API service.",
"enum": [
"cluster_api_certificate",
"api_certificate"
],
"required": false,
"title": "Type of certificate to return",
"type": "string"
}
},
"type": "object"
}
ListRequestParameters (type)
{
"additionalProperties": {},
"extends": {
"$ref": "IncludedFieldsParameters
},
"id": "ListRequestParameters",
"module_id": "Common",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
ListResult (type)
{
"abstract": true,
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "ListResult",
"module_id": "Common",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Base class for list results from collections",
"type": "object"
}
ListResultQueryParameters (type)
{
"id": "ListResultQueryParameters",
"module_id": "Common",
"properties": {
"fields": {
"description": "Comma-separated field names to include in query result",
"title": "Fields to include in query results",
"type": "string"
}
},
"title": "Parameters that affect how list results are processed",
"type": "object"
}
ListWithDataSourceParameters (type)
{
"extends": {
"$ref": "ListRequestParameters
},
"id": "ListWithDataSourceParameters",
"module_id": "Types",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
}
},
"type": "object"
}
LiveTraceConfig (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LiveTraceConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"actions": {
"$ref": "PolicyLiveTraceActionConfig,
"description": "Configuration of actions on the filtered packets.",
"required": true,
"title": "Livetrace actions"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"filter": {
"$ref": "LiveTraceFilterData,
"description": "Filter for flows of interest.",
"required": false,
"title": "Packet filter"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ipsec_vpn_config": {
"$ref": "PolicyLiveTraceIpsecVpnConfig,
"description": "IPSec VPN configuration for starting livetrace on IPSec tunnel interface",
"required": false,
"title": "IPSec VPN configuration for starting livetrace on IPSec tunnel interface"
},
"is_transient": {
"default": true,
"description": "This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 1 hour of inactivity.",
"required": false,
"title": "Marker to indicate if the intent is transient",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"src_port_path": {
"description": "Policy path of logical port to start a livetrace session.",
"required": false,
"title": "Policy path of logical port",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 10,
"description": "The duration for observing live traffic on the specified source logical port.",
"maximum": 600,
"minimum": 5,
"required": false,
"title": "Timeout in seconds for livetrace session",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Livetrace configuration",
"type": "object"
}
LiveTraceFilterData (type)
{
"abstract": true,
"id": "LiveTraceFilterData",
"module_id": "LiveTrace",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"default": "FieldsFilterData",
"enum": [
"FieldsFilterData",
"PlainFilterData"
],
"required": true,
"title": "Filter type",
"type": "string"
}
},
"type": "object"
}
LiveTracePacketGranularActionConfig (type)
{
"additionalProperties": false,
"id": "LiveTracePacketGranularActionConfig",
"module_id": "PolicyConnectivity",
"properties": {
"dest_ipsec_vpn_config": {
"$ref": "PolicyLiveTraceIpsecVpnConfig,
"description": "It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same IPSec VPN config specified for the reverse direction.",
"required": false,
"title": "IPSec VPN configuration for the reverse direction of a livetrace session."
},
"dest_port_path": {
"description": "Policy path of logical port for the reverse direction of a livetrace session. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same port specified for the reverse direction.",
"required": false,
"title": "Policy path of logical port",
"type": "string"
},
"reverse_filter": {
"$ref": "LiveTraceFilterData,
"description": "Filter for flows of interest at the reverse direction. It takes effect only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same filter specified for the reverse direction.",
"required": false,
"title": "Packet filter"
},
"sampling": {
"$ref": "LiveTraceSamplingConfig,
"description": "Sampling parameter for the action. Trace action, packet capture action, and datapath statistics action only support first-N sampling. Count action will sample all packets that match the filter criteria, so there is no need to provide sampling for count action.",
"required": false,
"title": "Sampling parameter for the action"
},
"trace_type": {
"enum": [
"UNI_DIRECTIONAL",
"BI_DIRECTIONAL"
],
"required": true,
"title": "Type of trace",
"type": "string"
}
},
"title": "Configuration of livetrace packet granular action",
"type": "object"
}
LiveTraceSamplingConfig (type)
{
"additionalProperties": false,
"id": "LiveTraceSamplingConfig",
"module_id": "PolicyConnectivity",
"properties": {
"match_number": {
"customValidation": {
"OPTION_1_TRACE": {
"code": 1,
"maximum": 50,
"minimum": 1,
"validator": "range"
},
"OPTION_2_PKT_CAP": {
"code": 2,
"maximum": 500,
"minimum": 1,
"validator": "range"
},
"key": "code",
"keyType": "int",
"namespace": "LiveTraceSamplingConfigMatchNumber"
},
"description": "First N packets are sampled. The upper limits of sampling number for livetrace actions are listed as below: - trace action: 50 - packet capture action: 500 - datapath statistics action: 65535",
"maximum": 65535,
"minimum": 1,
"required": false,
"title": "Parameter for first-N sampling.",
"type": "integer"
},
"sampling_interval": {
"description": "A packet is sampled for every given time interval in ms.",
"maximum": 30000,
"minimum": 1,
"required": false,
"title": "Parameter for interval based sampling",
"type": "integer"
},
"sampling_rate": {
"description": "1 out of N packets is sampled on average.",
"maximum": 65535,
"minimum": 1,
"required": false,
"title": "Parameter for packet number based sampling",
"type": "integer"
}
},
"title": "Sampling parameter for a livetrace action",
"type": "object"
}
LoadBalancerVPCEndpoint (type)
{
"description": "Load Balancer for VPC",
"id": "LoadBalancerVPCEndpoint",
"module_id": "PolicyVpc",
"properties": {
"enabled": {
"default": false,
"description": "Flag to enable load balancer for VPC.",
"required": false,
"title": "Flag to indicate whether support for load balancing is needed. Setting this flag to true causes allocation of private IPs from the private block associated with this VPC tobe used by the load balancer.",
"type": "boolean"
}
},
"title": "Load Balancer configuration",
"type": "object"
}
LocalEgress (type)
{
"additionalProperties": false,
"description": "Local Egress is used on both server and client sites so that the gateway is used for N-S traffic and overhead on L2VPN tunnel is reduced.",
"id": "LocalEgress",
"module_id": "PolicyConnectivity",
"properties": {
"optimized_ips": {
"description": "Gateway IP for Local Egress. Local egress is enabled only when this list is not empty.",
"items": {
"$ref": "IPAddress
},
"maxItems": 1,
"minItems": 1,
"title": "Gateway IP for Local Egress",
"type": "array"
}
},
"title": "Local Egress",
"type": "object"
}
LocalEgressRoutingEntry (type)
{
"additionalProperties": false,
"id": "LocalEgressRoutingEntry",
"module_id": "PolicyConnectivity",
"properties": {
"nexthop_address": {
"description": "Next hop address for proximity routing.",
"required": true,
"title": "Next hop address",
"type": "string"
},
"prefix_list_paths": {
"description": "The destination address of traffic matching a prefix-list is forwarded to the nexthop_address. Traffic matching a prefix list with Action DENY will be dropped. Individual prefix-lists specified could have different actions.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": true,
"title": "Policy path to prefix lists",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "SEGMENT_PREFIX_LIST_RELATIONSHIP",
"rightType": [
"PrefixList"
]
}
]
}
},
"title": "Local egress routing policy",
"type": "object"
}
LocalSiteConfiguration (type)
{
"additionalProperties": false,
"description": "Local site with federation id and epoch.",
"id": "LocalSiteConfiguration",
"module_id": "SiteManagerModule",
"properties": {
"epoch": {
"required": true,
"title": "Epoch",
"type": "integer"
},
"id": {
"required": true,
"title": "Federation id",
"type": "string"
},
"site": {
"$ref": "FederationSite,
"required": true,
"title": "Site"
}
},
"title": "Local site information",
"type": "object"
}
LocaleServices (type)
{
"additionalProperties": false,
"description": "Site specific configuration of Tier0 in multi-site scenario",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "LocaleServices",
"module_id": "PolicyConnectivity",
"policy_hierarchical_children": [
"ChildTier1Interface"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"bfd_profile_path": {
"description": "This profile is applied to all static route peers in this locale. BFD profile configured on static route peers takes precedence over global configuration. If this field is empty, a default profile is applied to all peers.",
"required": false,
"title": "Policy path of BFD profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LocaleServices"
],
"relationshipType": "NESTED_SERVICE_RELATIONSHIP",
"rightType": [
"BfdProfile"
]
}
]
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"edge_cluster_path": {
"description": "The reference to the edge cluster using the policy path of the edge cluster or label of type PolicyEdgeCluster. Auto assigned on Tier0 if the associated enforcement point has only one edge cluster. For Tier1 ACTIVE-ACTIVE, edge cluster can not be removed and Edge Cluster will be defaulted to edge cluster from connected Tier0.",
"required": false,
"title": "policy path of Edge cluster or label of type PolicyEdgeCluster.",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"LocaleServices"
],
"relationshipType": "_UNOPTIMIZED_RELATIONSHIP_",
"rightType": [
"PolicyEdgeCluster"
]
},
{
"leftType": [
"LocaleServices"
],
"relationshipType": "LOCALE_SERVICE_LABEL_RELATIONSHIP",
"rightType": [
"Label"
]
}
]
},
"ha_vip_configs": {
"description": "This configuration can be defined only for Active-Standby Tier0 gateway to provide redundancy. For mulitple external interfaces, multiple HA VIP configs must be defined and each config will pair exactly two external interfaces. The VIP will move and will always be owned by the Active node. When this property is configured, configuration of dynamic-routing is not allowed.",
"items": {
"$ref": "Tier0HaVipConfig
},
"title": "Array of HA VIP Config.",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"preferred_edge_paths": {
"description": "Policy paths to edge nodes. For Tier1 gateway, the field is used to statically assign the ordered list of up to two edge nodes for stateful services. To enable auto allocation of nodes from the specified edge cluster the field must be left unset. The auto allocation of nodes is supported only for the Tier1 gateway. For Tier0 gateway specified edge is used as a preferred edge node when failover mode is set to PREEMPTIVE, not applicable otherwise.",
"items": {
"type": "string"
},
"maxItems": 2,
"required": false,
"title": "Edge node path",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"route_redistribution_config": {
"$ref": "Tier0RouteRedistributionConfig,
"description": "Configure all route redistribution properties like enable/disable redistributon, redistribution rule and so on.",
"required": false,
"title": "Route Redistribution configuration"
},
"route_redistribution_types": {
"deprecated": true,
"description": "Enable redistribution of different types of routes on Tier-0. This property is only valid for locale-service under Tier-0. This property is deprecated, please use \"route_redistribution_config\" property to configure redistribution rules.",
"items": {
"$ref": "Tier0RouteRedistributionTypes
},
"required": false,
"title": "Enable redistribution of different types of routes on Tier-0",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_name": [
"gateway configuration"
],
"title": "Locale-services configuration",
"type": "object"
}
LocaleServicesListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "LocaleServicesListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "LocaleServices
},
"required": true,
"title": "LocaleServices results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of LocaleServices",
"type": "object"
}
LoggingServiceProperties (type)
{
"additionalProperties": false,
"id": "LoggingServiceProperties",
"properties": {
"logging_level": {
"enum": [
"OFF",
"FATAL",
"ERROR",
"WARN",
"INFO",
"DEBUG",
"TRACE"
],
"required": true,
"title": "Service logging level",
"type": "string"
},
"modified_package_logging_levels": {
"required": false,
"title": "Modified package logging levels",
"type": "string"
},
"package_logging_level": {
"items": {
"$ref": "PackageLoggingLevels
},
"title": "Package logging levels",
"type": "array"
}
},
"title": "Service properties",
"type": "object"
}
LogicalPortOperationalStatus (type)
{
"id": "LogicalPortOperationalStatus",
"module_id": "AggSvcLogicalPort",
"properties": {
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"logical_port_id": {
"readonly": true,
"required": true,
"title": "The id of the logical port",
"type": "string"
},
"status": {
"enum": [
"UP",
"DOWN",
"UNKNOWN"
],
"required": true,
"title": "The Operational status of the logical port",
"type": "string"
}
},
"type": "object"
}
LogicalPortStatistics (type)
{
"extends": {
"$ref": "AggregatedDataCounterEx
},
"id": "LogicalPortStatistics",
"module_id": "AggSvcLogicalPort",
"properties": {
"dropped_by_firewall_packets": {
"$ref": "DfwDropCounters,
"readonly": true,
"required": false
},
"dropped_by_security_packets": {
"$ref": "PacketsDroppedBySecurity,
"readonly": true,
"required": false
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"logical_port_id": {
"readonly": true,
"required": true,
"title": "The id of the logical port",
"type": "string"
},
"mac_learning": {
"$ref": "MacLearningCounters,
"readonly": true,
"required": false
},
"rx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"rx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
}
},
"type": "object"
}
LogicalRouterPortCounters (type)
{
"description": "Provides the statistics for a logical router port since the time it was created. The statistics will be reset on edge reboot or edge dataplane restart. It includes the following counters for the port: - Incoming packet count. - Outgoing packet count. - Dropped packet count. - Error/Failure reason for the dropped packet.",
"id": "LogicalRouterPortCounters",
"module_id": "AggSvcLogicalRouterPort",
"properties": {
"blocked_packets": {
"description": "The total number of packets blocked on the port. This could be due to either port is operatively down or blocked. The port can be blocked due to admin-down, backplane port is in standby SR (internal operational state is down) etc. It also includes drops when a tunnel port receives packet with local VTEP which is not the assigned one. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Packets blocked",
"type": "integer"
},
"dad_dropped_packets": {
"description": "The total number of packets dropped because source IP is not assigned to the logical port. For IPv6 address, it could be due to DAD (Duplicate Address Detection) status of the IP is not in ASSIGNED state. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "DAD packets dropped",
"type": "integer"
},
"destination_unsupported_dropped_packets": {
"description": "The total number of packets dropped because the destination address in the packet - broadcast, multicast, loopback or reserved address - is not supported on the port. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Destination unsupported packets dropped",
"type": "integer"
},
"dropped_packets": {
"description": "The total number of packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Packets dropped",
"type": "integer"
},
"firewall_dropped_packets": {
"description": "The total number of packets dropped due to firewall rules or firewall state mismatch (For example, the expected sequence number in TCP window was not received). The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Firewall packets dropped",
"type": "integer"
},
"frag_needed_dropped_packets": {
"description": "The total number of packets dropped because they could not be fragmented when their size was larger than the port MTU due to DF bit set in them. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Fragmentation needed packets dropped",
"type": "integer"
},
"ipsec_dropped_packets": {
"description": "The total number of IPSec packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec packets dropped",
"type": "integer"
},
"ipsec_no_sa_dropped_packets": {
"description": "The total number of IPSec packets dropped due to missing security association. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec no security association packets dropped",
"type": "integer"
},
"ipsec_no_vti_dropped_packets": {
"description": "The total number of IPSec packets dropped due to missing Virtual tunnel interface (VTI) in the security association. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec no VTI packets dropped",
"type": "integer"
},
"ipsec_pol_block_dropped_packets": {
"description": "The total number of IPSec packets dropped due to a discard policy configured for the traffic. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec policy block packets dropped",
"type": "integer"
},
"ipsec_pol_err_dropped_packets": {
"description": "The total number of IPSec packets dropped due to policy lookup failure for the packets in the security policy database. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPSec policy error packets dropped",
"type": "integer"
},
"ipv6_dropped_packets": {
"description": "The total number of IPv6 packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "IPv6 packets dropped",
"type": "integer"
},
"kni_dropped_packets": {
"description": "The total number of packets that the DPDK kernel NIC interface failed to send to the linux kernel. For example BGP packets, Load balancer etc. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Kernel NIC interface packets dropped",
"type": "integer"
},
"l4port_unsupported_dropped_packets": {
"description": "The total number of packets dropped for having an unknown/unsupported L4 port (TCP or UDP) and destination IP which is owned by the logical router ports including the loopback port. For example, if we receive a UDP packet whose port does not map to the expected port of BFD, AppHA, IPSec or DHCP, then we drop it. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "L4 port unsupported packets dropped",
"type": "integer"
},
"malformed_dropped_packets": {
"description": "The total number of malformed packets dropped on the port due to IP checksum error by IP checksum verification or the physical NIC (vmxnet3 for VM or other NIC for BM) marks the IP checksum error. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Malformed packets dropped",
"type": "integer"
},
"no_arp_dropped_packets": {
"description": "The total number of packets dropped due to incomplete ARP resolution of the next-hop. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No ARP packets dropped",
"type": "integer"
},
"no_linked_dropped_packets": {
"description": "The total number of packets dropped because the port did not have a linked peer port. For example, the logical router port is not connected to a segment port. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No linked packets dropped",
"type": "integer"
},
"no_mem_dropped_packets": {
"description": "The total number of packets dropped due to insufficient memory. One such example is the mBuf pool memory. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No memory packets dropped",
"type": "integer"
},
"no_receiver_dropped_packets": {
"description": "The total number of packets dropped due to absence of the receiver. This could happen when the protocol is not supported by the logical router, or the corresponding tunnel does not exist. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No receiver packets dropped",
"type": "integer"
},
"no_route_dropped_packets": {
"description": "The total number of packets dropped because no route exists for the IP destination of the packets. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "No route packets dropped",
"type": "integer"
},
"non_ip_dropped_packets": {
"description": "The total number of non-IP packets dropped because only IP packets are allowed on the port. For example spanning tree BPDU packets. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Non IP packets dropped",
"type": "integer"
},
"proto_unsupported_dropped_packets": {
"description": "The total number of packets dropped because the known protocols such as ARP, ICMP, DHCP cannot be decoded/fully supported. Also, when the ether-type is MPLS but the IP version is not 4 nor 6. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Protocol unsupported packets dropped",
"type": "integer"
},
"redirect_dropped_packets": {
"description": "The total number of packets dropped due to redirection of packet to Kernel NIC Interface(KNI) failed. This could be due to either the redirected interface is a non-KNI interface or we could not fetch the mapping KNI interface for the UUID of the redirected interface. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Redirect packets dropped",
"type": "integer"
},
"rpf_check_dropped_packets": {
"description": "The total number of packets dropped due to RPF check failure. It is applicable to both unicast and multicast. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Reverse-path forwarding check packets dropped",
"type": "integer"
},
"service_insert_dropped_packets": {
"description": "Total number of service insertion packets dropped.",
"required": false,
"title": "Service insert packets dropped",
"type": "integer"
},
"total_bytes": {
"description": "The total number of bytes transferred since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Bytes transferred",
"type": "integer"
},
"total_packets": {
"description": "The total number of packets transferred since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Packets transferred",
"type": "integer"
},
"ttl_exceeded_dropped_packets": {
"description": "The total number of packets dropped due to exceeded TTL. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.",
"required": false,
"title": "Time to live exceeded packets dropped",
"type": "integer"
}
},
"title": "Logical router port statistics",
"type": "object"
}
LogicalRouterPortStatistics (type)
{
"description": "Provides the statistics of a logical router port across all transport nodes. It includes the following information: - Logical router port ID. - For each transport node, it includes the number of incoming, outgoing and dropped packet counters. It also provides details of errors and failures causing the drops since the time the interface was created. The logical router port statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. - For each transport node, it includes subcluster IP and transport node ID.",
"id": "LogicalRouterPortStatistics",
"module_id": "AggSvcLogicalRouterPort",
"properties": {
"logical_router_port_id": {
"required": true,
"title": "The ID of the logical router port",
"type": "string"
},
"per_node_statistics": {
"additionalProperties": false,
"description": "Lists the subcluster ID, transport node ID, incoming, outgoing and dropped packet counters for each transport node since the time the logical router port was created. The packet counters will be reset on edge reboot or edge dataplane restart.",
"items": {
"$ref": "LogicalRouterPortStatisticsPerNode
},
"readonly": true,
"required": false,
"title": "Per node statistics",
"type": "array"
}
},
"title": "Logical router port statistics",
"type": "object"
}
LogicalRouterPortStatisticsPerNode (type)
{
"description": "Provides the following information about a logical router port in a given transport node: - The subcluster ID of the logical port. - Transport node ID. - <b>Incoming packet counters</b> on the logical router port in a given transport node. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The packet counters will be reset on edge reboot or edge dataplane restart. - <b>Outgoing packet counters</b> on the logical router port in a given transport node. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The packet counters will be reset on edge reboot or edge dataplane restart. - Some of the packet drop reasons include, the DAD (Duplicate Address Detection) status of the IP is not in ASSIGNED state, firewall rules, failed to fragment the packet, receive malformed packet, could not find route to destination, absence of the receiver, insufficient memory, incomplete ARP resolution of the next-hop, RPF check failure, failed to redirect packet to KNI interface, TTL exceeded, port does not have a linked peer port and and unsupported - destination, protocol or L4 port. - Some of the IPSec packet drop reasons include the missing security association or VTI interface. It also includes packets dropped due to policy lookup error or block policy. - Provides the total number of service-insertion, KNI, non-IP and IPv6 packets dropped.",
"extends": {
"$ref": "AggregatedLogicalRouterPortCounters
},
"id": "LogicalRouterPortStatisticsPerNode",
"module_id": "AggSvcLogicalRouterPort",
"properties": {
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Timestamp when the data was last updated; unset if data source has never updated the data."
},
"rx": {
"$ref": "LogicalRouterPortCounters,
"description": "Provides the aggregated incoming packet counters on the logical router port. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"required": false,
"title": "Packets in statistics"
},
"sub_cluster_id": {
"description": "The subcluster ID of logical router port. Active-Active service router cluster forms pariwise sub cluster of nodes and syncs states among them.",
"readonly": true,
"required": false,
"title": "The ID of the Pairwise subcluster in Active-Active service router cluster",
"type": "string"
},
"transport_node_id": {
"readonly": true,
"required": true,
"title": "The ID of the TransportNode",
"type": "string"
},
"tx": {
"$ref": "LogicalRouterPortCounters,
"description": "Provides the aggregated outcoming packet counters on the logical router port. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"required": false,
"title": "Packets out statistics"
}
},
"title": "Logical router port statistics for a transport node.",
"type": "object"
}
LogicalRouterPortStatisticsSummary (type)
{
"description": "Provides the aggregated statistics of a logical router port across all transport nodes on a specific enforcement point since the time the logical router port was created. The logical router port statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. It includes the following information: - Logical router port ID. - <b>Aggregated incoming packet counters</b> on the logical router port across all transport nodes. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The logical router port statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. - <b>Aggregated outgoing packet counters</b> on the logical router port across all transport nodes. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The logical router port statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. - Some of the packet drop reasons include, the DAD (Duplicate Address Detection) status of the IP is not in ASSIGNED state, firewall rules, failed to fragment the packet, receive malformed packet, could not find route to destination, absence of the receiver, insufficient memory, incomplete ARP resolution of the next-hop, RPF check failure, failed to redirect packet to KNI interface, TTL exceeded, port does not have a linked peer port and and unsupported - destination, protocol or L4 port. - Some of the IPSec packet drop reasons include the missing security association or VTI interface. It also includes packets dropped due to policy lookup error or block policy. - Provides the total number of service-insertion, KNI, non-IP and IPv6 packets dropped.",
"extends": {
"$ref": "AggregatedLogicalRouterPortCounters
},
"id": "LogicalRouterPortStatisticsSummary",
"module_id": "AggSvcLogicalRouterPort",
"properties": {
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Timestamp when the data was last updated; unset if data source has never updated the data."
},
"logical_router_port_id": {
"required": true,
"title": "The ID of the logical router port",
"type": "string"
},
"rx": {
"$ref": "LogicalRouterPortCounters,
"description": "Provides the aggregated incoming packet counters on the logical router port. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"required": false,
"title": "Packets in statistics"
},
"tx": {
"$ref": "LogicalRouterPortCounters,
"description": "Provides the aggregated outcoming packet counters on the logical router port. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"required": false,
"title": "Packets out statistics"
}
},
"title": "Summary of logical router port statistics",
"type": "object"
}
LogicalRouterState (type)
{
"description": "This holds the state of Logical Router. If there are errors in realizing LR outside of MP, it gives details of the components and specific errors.",
"extends": {
"$ref": "EdgeConfigurationState
},
"id": "LogicalRouterState",
"module_id": "LogicalRouter",
"properties": {
"details": {
"items": {
"$ref": "ConfigurationStateElement
},
"readonly": true,
"required": false,
"title": "Array of configuration state of various sub systems",
"type": "array"
},
"failure_code": {
"readonly": true,
"required": false,
"title": "Error code",
"type": "integer"
},
"failure_message": {
"readonly": true,
"required": false,
"title": "Error message in case of failure",
"type": "string"
},
"pending_change_list": {
"description": "Request identifier of the API which modified the entity.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of pending changes",
"type": "array"
},
"state": {
"description": "Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. \"in_sync\" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to \"success\". Please note, failed state is deprecated.",
"enum": [
"pending",
"in_progress",
"success",
"failed",
"partial_success",
"orphaned",
"unknown",
"error",
"in_sync",
"NOT_AVAILABLE",
"VM_DEPLOYMENT_QUEUED",
"VM_DEPLOYMENT_IN_PROGRESS",
"VM_DEPLOYMENT_FAILED",
"VM_POWER_ON_IN_PROGRESS",
"VM_POWER_ON_FAILED",
"REGISTRATION_PENDING",
"NODE_NOT_READY",
"NODE_READY",
"VM_POWER_OFF_IN_PROGRESS",
"VM_POWER_OFF_FAILED",
"VM_UNDEPLOY_IN_PROGRESS",
"VM_UNDEPLOY_FAILED",
"VM_UNDEPLOY_SUCCESSFUL",
"EDGE_CONFIG_ERROR",
"VM_DEPLOYMENT_RESTARTED",
"REGISTRATION_FAILED",
"TRANSPORT_NODE_SYNC_PENDING",
"TRANSPORT_NODE_CONFIGURATION_MISSING",
"EDGE_HARDWARE_NOT_SUPPORTED",
"MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED",
"TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER",
"TZ_ENDPOINTS_NOT_SPECIFIED",
"NO_PNIC_PREPARED_IN_EDGE",
"APPLIANCE_INTERNAL_ERROR",
"VTEP_DHCP_NOT_SUPPORTED",
"UNSUPPORTED_HOST_SWITCH_PROFILE",
"UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED",
"HOSTSWITCH_PROFILE_NOT_FOUND",
"LLDP_SEND_ENABLED_NOT_SUPPORTED",
"UNSUPPORTED_NAMED_TEAMING_POLICY",
"LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM",
"LACP_NOT_SUPPORTED_FOR_EDGE_VM",
"STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM",
"MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE",
"UNSUPPORTED_LACP_LB_ALGO_FOR_NODE",
"EDGE_NODE_VERSION_NOT_SUPPORTED",
"NO_PNIC_SPECIFIED_IN_TN",
"INVALID_PNIC_DEVICE_NAME",
"TRANSPORT_NODE_READY",
"VM_NETWORK_EDIT_PENDING",
"UNSUPPORTED_DEFAULT_TEAMING_POLICY",
"MPA_DISCONNECTED",
"VM_RENAME_PENDING",
"VM_CONFIG_EDIT_PENDING",
"VM_NETWORK_EDIT_FAILED",
"VM_RENAME_FAILED",
"VM_CONFIG_EDIT_FAILED",
"VM_CONFIG_DISCREPANCY",
"VM_NODE_REFRESH_FAILED",
"VM_PLACEMENT_REFRESH_FAILED",
"REGISTRATION_TIMEDOUT",
"REPLACE_FAILED",
"UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED",
"LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING",
"DELETE_VM_IN_REDEPLOY_FAILED",
"DEPLOY_VM_IN_REDEPLOY_FAILED",
"INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE",
"VM_RESOURCE_RESERVATION_FAILED",
"DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER",
"DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"EDGE_NODE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE",
"EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE",
"COMPUTE_MANAGER_NOT_FOUND",
"DELETE_IN_PROGRESS",
"ADVANCED_CONFIG_EDIT_FAILED",
"UPT_MODE_REALIZATION_POLL_TIMED_OUT",
"DATAPATH_CONFIGURATION_EDIT_FAILED",
"MAINTENANCE_MODE_ENABLED",
"ERROR_IN_ENABLE_MAINTENANCE_MODE",
"ERROR_IN_DISABLE_MAINTENANCE_MODE",
"CONFIGURE_UPT_ON_VM_FAILED",
"VM_VERSION_IS_UPT_INCOMPATIBLE",
"DELETE_FAILED_FOR_DIFFERENT_MOREF_ID",
"DELETE_FAILED_ON_VM_NOT_FOUND",
"DELETE_FAILED_FOR_NON_LCM_EDGE",
"ADVANCED_CONFIG_EDIT_PENDING",
"DUPLICATE_VLANS_SHARING_SAME_PNIC",
"MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"REDEPLOY_ACTIVITY_FAILED",
"REDEPLOY_ACTIVITY_IN_PROGRESS",
"REDEPLOY_ACTIVITY_SCHEDULED",
"REDEPLOY_ACTIVITY_SUCCESSFUL",
"REPLACE_ACTIVITY_FAILED",
"REPLACE_ACTIVITY_IN_PROGRESS",
"REPLACE_ACTIVITY_SCHEDULED",
"REPLACE_ACTIVITY_SUCCESSFUL",
"REPLACED_RPC_CLIENT_OF_TN",
"RETRYING_REPLACE",
"UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR",
"VM_REDEPLOY_FAILED",
"VM_RESOURCE_RESERVATION_EDIT_PENDING",
"REDEPLOYED_VM_REGISTRATION_PENDING"
],
"readonly": true,
"required": true,
"title": "Overall state of desired configuration",
"type": "string"
}
},
"title": "Realization State of Logical Router.",
"type": "object"
}
LogicalRouterStatus (type)
{
"additionalProperties": false,
"id": "LogicalRouterStatus",
"module_id": "AggSvcLogicalRouter",
"properties": {
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Timestamp when the data was last updated; unset if data source has never updated the data."
},
"locale_operation_mode": {
"description": "Egress mode for the logical router at given mode",
"enum": [
"PRIMARY_LOCATION",
"SECONDARY_LOCATION"
],
"readonly": true,
"title": "Location mode for logical router",
"type": "string"
},
"logical_router_id": {
"required": true,
"title": "The id of the logical router",
"type": "string"
},
"per_node_status": {
"items": {
"$ref": "LogicalRouterStatusPerNode
},
"readonly": true,
"title": "Per Node Status",
"type": "array"
}
},
"type": "object"
}
LogicalRouterStatusPerNode (type)
{
"id": "LogicalRouterStatusPerNode",
"module_id": "AggSvcLogicalRouter",
"properties": {
"edge_path": {
"description": "Only populated by Policy APIs",
"required": false,
"title": "edge transport node path.",
"type": "string"
},
"high_availability_status": {
"enum": [
"ACTIVE",
"STANDBY",
"DOWN",
"SYNC",
"UNKNOWN",
"ADMIN_DOWN"
],
"required": true,
"title": "A service router's HA status on an edge node",
"type": "string"
},
"is_default_sub_cluster": {
"default": false,
"description": "True if edge transport node is a member of default sub cluster",
"required": false,
"title": "Is edge transport node in default sub cluster.",
"type": "boolean"
},
"service_group_ha_status": {
"description": "Service High availability status of service group linked with sub cluster.",
"enum": [
"UNKNOWN",
"ACTIVE",
"STANDBY"
],
"required": false,
"title": "Service High Availability status",
"type": "string"
},
"service_router_id": {
"required": false,
"title": "id of the service router where the router status is retrieved.",
"type": "string"
},
"sub_cluster_id": {
"description": "This field is populated for sateful active-active mode. Runtime state is only synced among nodes in the same sub cluster.",
"required": false,
"title": "Sub cluster id for the node.",
"type": "string"
},
"traffic_group_id": {
"description": "This field is populated only for VMC on AWS. It is the ID of the traffic group associated with the edge node.",
"required": false,
"title": "Traffic Group ID of the edge node",
"type": "string"
},
"transport_node_id": {
"required": true,
"title": "id of the transport node where the router status is retrieved.",
"type": "string"
}
},
"type": "object"
}
LogicalSwitchStatistics (type)
{
"extends": {
"$ref": "AggregatedDataCounterEx
},
"id": "LogicalSwitchStatistics",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"dropped_by_firewall_packets": {
"$ref": "DfwDropCounters,
"readonly": true,
"required": false
},
"dropped_by_security_packets": {
"$ref": "PacketsDroppedBySecurity,
"readonly": true,
"required": false
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"logical_switch_id": {
"readonly": true,
"required": true,
"title": "The id of the logical Switch",
"type": "string"
},
"mac_learning": {
"$ref": "MacLearningCounters,
"readonly": true,
"required": false
},
"nsxt_fp": {
"$ref": "FpCounters,
"description": "ENS/FC module for DP packet processing",
"readonly": true,
"required": false
},
"nsxt_swsec": {
"$ref": "SwsecCounters,
"description": "Switch Security provides stateless L2 and L3 security by checking, traffic to the logical switch and dropping unauthorized packets sent, from VMs",
"readonly": true,
"required": false
},
"nsxt_vdl2": {
"$ref": "Vdl2Counters,
"description": "Overlay Layer-2 module responsible for workload connectivity",
"readonly": true,
"required": false
},
"nsxt_vdrb": {
"$ref": "VdrbCounters,
"description": "Virtual Distributed Routing (VDR) routes packets on every ESX",
"readonly": true,
"required": false
},
"nsxt_vsip": {
"$ref": "VsipCounters,
"description": "VSIP provides Distributed Firewall capability",
"readonly": true,
"required": false
},
"nsxt_vswitch": {
"$ref": "VswitchCounters,
"description": "Virtual Switch is responsible for providing switching functionality",
"readonly": true,
"required": false
},
"rx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"rx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
}
},
"type": "object"
}
LoginCredential (type)
{
"id": "LoginCredential",
"module_id": "Types",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "credential_type"
},
"properties": {
"credential_type": {
"description": "Possible values are 'UsernamePasswordLoginCredential', 'VerifiableAsymmetricLoginCredential', 'SessionLoginCredential'.",
"required": true,
"title": "Login credential, for example username-password-thumbprint, certificate or session based, etc",
"type": "string"
}
},
"title": "Base type for various login credential types",
"type": "object"
}
MACAddress (type)
{
"description": "A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB.",
"format": "mac-address",
"id": "MACAddress",
"module_id": "Common",
"title": "MAC Address",
"type": "string"
}
MACAddressExpression (type)
{
"additionalProperties": false,
"description": "Represents MAC address expressions in the form of an array, to support addition of MAC addresses in a group. Avoid creating groups with multiple MACAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression. To group MAC addresses, use nested groups instead of multiple MACAddressExpression.",
"extends": {
"$ref": "Expression
},
"id": "MACAddressExpression",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "MACAddressExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mac_addresses": {
"description": "This array can consist of one or more MAC addresses. Max limit of 4000 MAC addresses applies across all the expressions.",
"items": {
"$ref": "MACAddress
},
"maxItems": 4000,
"minItems": 1,
"required": true,
"title": "Array of MAC addresses",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "MAC address expression node",
"type": "object"
}
MACAddressList (type)
{
"additionalProperties": false,
"description": "List of MAC Addresses.",
"id": "MACAddressList",
"module_id": "Policy",
"properties": {
"mac_addresses": {
"description": "The array contains MAC addresses.",
"items": {
"$ref": "MACAddress
},
"maxItems": 4000,
"minItems": 1,
"required": true,
"title": "Array of MAC addresses",
"type": "array"
}
},
"title": "MAC Address members.",
"type": "object"
}
MacAddressCsvListResult (type)
{
"extends": {
"$ref": "CsvListResult
},
"id": "MacAddressCsvListResult",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"results": {
"items": {
"$ref": "MacTableCsvRecord
},
"required": false,
"type": "array"
}
},
"type": "object"
}
MacAddressType (type)
{
"enum": [
"STATIC",
"LEARNED"
],
"id": "MacAddressType",
"module_id": "AggSvcLogicalPort",
"title": "The type of the MAC address",
"type": "string"
}
MacDiscoveryProfile (type)
{
"additionalProperties": false,
"description": "Mac Discovery Profile",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "MacDiscoveryProfile",
"module_id": "PolicyMacDiscovery",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"mac_change_enabled": {
"default": false,
"description": "Allowing source MAC address change",
"required": false,
"title": "Is rule enabled or not",
"type": "boolean"
},
"mac_learning_aging_time": {
"default": 600,
"description": "Indicates how long learned MAC address remain.",
"readonly": true,
"required": false,
"title": "Aging time in seconds for learned MAC address",
"type": "int"
},
"mac_learning_enabled": {
"description": "Allowing source MAC address learning",
"required": true,
"title": "Is MAC learning enabled or not",
"type": "boolean"
},
"mac_limit": {
"default": 4096,
"description": "The maximum number of mac addresses that can be learnt on this port when mac learning is enabled.",
"maximum": 4096,
"minimum": 0,
"required": false,
"title": "Maximum number of MAC addresses learnt",
"type": "int"
},
"mac_limit_policy": {
"default": "ALLOW",
"description": "The policy after MAC Limit is exceeded",
"enum": [
"ALLOW",
"DROP"
],
"title": "Mac Limit Policy",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_overlay_mac_limit": {
"default": 2048,
"description": "The maximum number of mac addresses learnt on an overlay logical switch, irrespective of whether mac learning is enabled on the segment ports. When this limit is reached, traffic for mac addresses that are not learnt will be flooded.",
"maximum": 8192,
"minimum": 2048,
"title": "The maximum number of MAC addresses learned on an overlay Logical Switch",
"type": "int"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"unknown_unicast_flooding_enabled": {
"description": "Allowing flooding for unlearned MAC for ingress traffic",
"required": false,
"title": "Is unknown unicast flooding rule enabled or not",
"type": "boolean"
}
},
"search_dsl_name": [
"mac discovery segment profile"
],
"title": "Mac Discovery Profile",
"type": "object"
}
MacDiscoveryProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "MacDiscoveryProfileListRequestParameters",
"module_id": "PolicyMacDiscovery",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Mac Discovery Profile request parameters",
"type": "object"
}
MacDiscoveryProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "MacDiscoveryProfileListResult",
"module_id": "PolicyMacDiscovery",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "MacDiscoveryProfile
},
"required": true,
"title": "Mac Discovery profile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Mac Discovery Profiles",
"type": "object"
}
MacLearningCounters (type)
{
"id": "MacLearningCounters",
"module_id": "AggSvcL2Types",
"properties": {
"mac_not_learned_packets_allowed": {
"description": "The number of packets with unknown source MAC address that are dispatched without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_ALLOW.",
"required": false,
"title": "Number of dispatched packets with unknown source MAC address.",
"type": "integer"
},
"mac_not_learned_packets_dropped": {
"description": "The number of packets with unknown source MAC address that are dropped without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_DROP.",
"required": false,
"title": "Number of dropped packets with unknown source MAC address.",
"type": "integer"
},
"macs_learned": {
"required": false,
"title": "Number of MACs learned",
"type": "integer"
}
},
"type": "object"
}
MacTableCsvRecord (type)
{
"extends": {
"$ref": "CsvRecord
},
"id": "MacTableCsvRecord",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"mac_address": {
"required": true,
"title": "The MAC address",
"type": "string"
},
"rtep_group_id": {
"description": "RTEP group id is applicable when the logical switch is stretched across multiple sites. When rtep_group_id is set, mac_address represents remote mac_address.",
"title": "Remote tunnel endpoint(RTEP) group id",
"type": "integer"
},
"vtep_group_id": {
"description": "VTEP group id is applicable when the logical switch is stretched across multiple sites. When vtep_group_id is set, mac_address represents remote mac_address.",
"title": "Virtual tunnel endpoint(VTEP) group id",
"type": "integer"
},
"vtep_ip": {
"$ref": "IPAddress,
"required": false,
"title": "The virtual tunnel endpoint IPv4 address"
},
"vtep_ipv6": {
"$ref": "IPv6Address,
"required": false,
"title": "The virtual tunnel endpoint IPv6 address"
},
"vtep_mac_address": {
"required": false,
"title": "The virtual tunnel endpoint MAC address",
"type": "string"
}
},
"type": "object"
}
MacTableEntry (type)
{
"id": "MacTableEntry",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"mac_address": {
"required": true,
"title": "The MAC address",
"type": "string"
},
"rtep_group_id": {
"description": "RTEP group id is applicable when the logical switch is stretched across multiple sites. When rtep_group_id is set, mac_address represents remote mac_address.",
"title": "Remote tunnel endpoint(RTEP) group id",
"type": "integer"
},
"vtep_group_id": {
"description": "VTEP group id is applicable when the logical switch is stretched across multiple sites. When vtep_group_id is set, mac_address represents remote mac_address.",
"title": "Virtual tunnel endpoint(VTEP) group id",
"type": "integer"
},
"vtep_ip": {
"$ref": "IPAddress,
"required": false,
"title": "The virtual tunnel endpoint IPv4 address"
},
"vtep_ipv6": {
"$ref": "IPv6Address,
"required": false,
"title": "The virtual tunnel endpoint IPv6 address"
},
"vtep_mac_address": {
"required": false,
"title": "The virtual tunnel endpoint MAC address",
"type": "string"
}
},
"type": "object"
}
MalwarePreventionProfile (type)
{
"additionalProperties": false,
"description": "MalwarePrevention Profile which contains the criteria to include Malware Prevention signatures.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "MalwarePreventionProfile",
"module_id": "PolicyAntiMalware",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"detection_type": {
"description": "Represents how the Malware Prevention detection works.",
"enum": [
"SIGNATURE_BASED",
"SIGNATURE_AND_SANDBOXING_BASED"
],
"required": true,
"title": "Detection Types",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"file_type": {
"description": "Represents different type of files extensions supported in Malware Prevention.",
"items": {
"$ref": "FileType
},
"required": true,
"title": "File Type",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Malware Prevention Profile",
"type": "object"
}
MalwarePreventionSignature (type)
{
"additionalProperties": false,
"description": "Malware Prevention Signature .",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "MalwarePreventionSignature",
"module_id": "PolicyAntiMalware",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"file_type": {
"description": "File type of Signature.",
"required": false,
"title": "File Type",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"signature_id": {
"description": "Represents the Signature's id.",
"required": false,
"title": "Signature ID",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Malware Prevention Signature",
"type": "object"
}
ManagedResource (type)
{
"abstract": true,
"extends": {
"$ref": "RevisionedResource
},
"id": "ManagedResource",
"module_id": "Common",
"polymorphic-type-descriptor": {
"mode": "force",
"property-name": "resource_type"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Base type for resources that are managed by API clients",
"type": "object"
}
ManagementConfig (type)
{
"additionalProperties": false,
"extends": {
"$ref": "RevisionedResource
},
"id": "ManagementConfig",
"module_id": "ConfigManagement",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"publish_fqdns": {
"required": true,
"title": "True if Management nodes publish their fqdns(instead of default IP addresses) across NSX for its reachability.",
"type": "boolean"
}
},
"type": "object"
}
MandatoryAccessControlProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "MandatoryAccessControlProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"enabled": {
"description": "Enabled can be True/False",
"type": "boolean"
},
"status": {
"description": "current status of Mandatory Access Control",
"enum": [
"ENABLED",
"DISABLED",
"ENABLED_PENDING_REBOOT"
],
"readonly": true,
"type": "string"
}
},
"title": "Information about mandatory access control",
"type": "object"
}
MetadataProxyConfig (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "MetadataProxyConfig",
"module_id": "PolicyMetadataProxy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"crypto_protocols": {
"description": "The cryptographic protocols listed here are supported by the metadata proxy. TLSv1.1 and TLSv1.2 are supported by default",
"items": {
"$ref": "MetadataProxyCryptoProtocols
},
"title": "Metadata proxy supported cryptographic protocols",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"edge_cluster_path": {
"description": "Edge clusters configured on MP are auto-discovered by Policy and create corresponding read-only intent objects.",
"required": true,
"title": "Poilcy path to Edge Cluster",
"type": "string"
},
"enable_standby_relocation": {
"default": false,
"description": "Only auto-placed metadata proxies are considered for relocation. Must be FALSE, when the preferred_edge_paths property is configured.",
"title": "Flag to enable standby relocation",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"preferred_edge_paths": {
"description": "Edge nodes should be members of edge cluster configured in edge_cluster_path.",
"items": {
"type": "string"
},
"maxItems": 2,
"title": "Preferred Edge Paths",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"secret": {
"description": "Secret word or phrase to access metadata server.",
"required": false,
"sensitive": true,
"title": "Secret",
"type": "secure_string"
},
"server_address": {
"description": "This field is a URL. Example formats - http://1.2.3.4:3888/path, http://text-md-proxy:5001/. Port number should be between 3000-9000.",
"required": true,
"title": "Server Address",
"type": "string"
},
"server_certificates": {
"description": "Valid certificates should be configured. The validity of certificates is not checked. Certificates are managed through /infra/certificates API on Policy.",
"items": {
"type": "string"
},
"title": "Policy paths to Certificate Authority (CA) certificates",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"MetadataProxyConfig"
],
"relationshipType": "METADATA_PROXY_TLS_CERTIFICATE_RELATIONSHIP",
"rightType": [
"TlsCertificate"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Metadata Proxy Configuration",
"type": "object"
}
MetadataProxyCryptoProtocols (type)
{
"additionalProperties": false,
"default": "TLS_V1_2",
"enum": [
"TLS_V1",
"TLS_V1_1",
"TLS_V1_2"
],
"id": "MetadataProxyCryptoProtocols",
"module_id": "PolicyMetadataProxy",
"title": "Metadata proxy supported cryptographic protocol",
"type": "string"
}
MetadataProxyRuntimeRequestParameters (type)
{
"additionalProperties": false,
"description": "Request parameters that represents a segment path and enforcement_point_path.",
"extends": {
"$ref": "PolicyRuntimeRequestParameters
},
"id": "MetadataProxyRuntimeRequestParameters",
"module_id": "PolicyMetadataProxy",
"properties": {
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"segment_path": {
"required": false,
"title": "String Path of the segment which is associated with this metadata proxy",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
}
},
"title": "Request Parameters for Metadata Proxy Runtime Information",
"type": "object"
}
MetadataProxyStatisticsPerSegment (type)
{
"id": "MetadataProxyStatisticsPerSegment",
"module_id": "PolicyMetadataProxy",
"properties": {
"error_responses_from_nova_server": {
"required": true,
"title": "error responses from nova server",
"type": "integer"
},
"requests_from_clients": {
"required": true,
"title": "requests from clients",
"type": "integer"
},
"requests_to_nova_server": {
"required": true,
"title": "requests to nova server",
"type": "integer"
},
"responses_to_clients": {
"required": true,
"title": "responses to clients",
"type": "integer"
},
"segment_path": {
"required": true,
"title": "Policy path of the attached segment",
"type": "string"
},
"succeeded_responses_from_nova_server": {
"required": true,
"title": "succeeded responses from nova server",
"type": "integer"
}
},
"type": "object"
}
MitreAttack (type)
{
"additionalProperties": false,
"description": "Contain Mitre attack details like tacticName, tacticUrl, techniqueName and techniqueUrl.",
"id": "MitreAttack",
"module_id": "PolicyIDSMetrics",
"properties": {
"tactic_name": {
"description": "Represents tactic name of attack.",
"title": "Tactic Name",
"type": "string"
},
"tactic_url": {
"description": "Represents tactic url of attack.",
"title": "Tactic Url",
"type": "string"
},
"technique_name": {
"description": "Represents technique name of attack.",
"title": "Technique Name",
"type": "string"
},
"technique_url": {
"description": "Represents technique url of attack.",
"title": "Technique Url",
"type": "string"
}
},
"title": "Mitre Attack",
"type": "object"
}
MonitoringError (type)
{
"description": "Monitoring information is gathered from multiple sub-systems/components, using REST or RPC calls internally. It is quite possible for a component or sub-system fail, in which case it is captured as an error and reported.",
"id": "MonitoringError",
"module_id": "FederationObservability",
"properties": {
"error_code": {
"read_only": true,
"title": "NSX error code if available",
"type": "integer"
},
"error_message": {
"read_only": true,
"title": "Error mesage",
"type": "string"
},
"params": {
"items": {
"type": "object"
},
"read_only": true,
"title": "Parameters for construcing error details",
"type": "array"
}
},
"title": "Represents an error that occurred while gathering information",
"type": "object"
}
MonitoringInfo (type)
{
"description": "Provides monitoring information for all flows in federation from the given site where the API is invoked. For example - monitoring information from Global Manager doesn't provide details of Local Manager to Local Manager flows. Similary, LocalManager will not provide Global Manager ACTIVE to Global Manager STANDBY flow details.",
"id": "MonitoringInfo",
"module_id": "FederationObservability",
"properties": {
"errors": {
"items": {
"$ref": "MonitoringError
},
"read_only": true,
"title": "All errors occurred while gathering monitoring info",
"type": "array"
},
"flow_info": {
"items": {
"$ref": "FlowInfo
},
"read_only": true,
"title": "Monitoring information of flows in federation",
"type": "array"
}
},
"title": "Provides details of all flows in federation",
"type": "object"
}
MonitoringProfileBindingMap (type)
{
"abstract": true,
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "MonitoringProfileBindingMap",
"module_id": "PolicyMonitoringProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base Monitoring Profile Binding Map",
"type": "object"
}
MultiWidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Combines two or more widgetconfigurations into a multi-widget",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "MultiWidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "MultiWidgetConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
},
"widgets": {
"description": "Array of widgets that are part of the multi-widget.",
"items": {
"$ref": "WidgetItem
},
"maxItems": 2,
"minItems": 1,
"required": true,
"title": "Widgets",
"type": "array"
}
},
"title": "Multi-Widget",
"type": "object"
}
NAPILogLevelValue (type)
{
"additionalProperties": false,
"id": "NAPILogLevelValue",
"properties": {
"log_level": {
"enum": [
"critical",
"error",
"warn",
"info",
"debug",
"off"
],
"required": true,
"title": "Log Level",
"type": "string"
}
},
"title": "Log Level Value",
"type": "object"
}
NDRAAdvertisedRoute (type)
{
"additionalProperties": false,
"id": "NDRAAdvertisedRoute",
"module_id": "Routing",
"properties": {
"route_lifetime": {
"default": 1800,
"description": "Lifetime of advertised route in seconds.",
"maximum": 65520,
"minimum": 0,
"required": false,
"title": "Lifetime of advertised route",
"type": "integer"
},
"route_preference": {
"$ref": "NDRAPreference,
"default": "MEDIUM",
"description": "NDRA Route preference. Indicates preference of the router associated with a prefix over others, when multiple identical prefixes (for different routers) have been received.",
"required": false,
"title": "Route preference"
},
"subnet": {
"$ref": "IPv6CIDRBlock,
"description": "Advertised route subnet",
"required": true,
"title": "Advertised route subnet"
}
},
"type": "object"
}
NDRAPreference (type)
{
"additionalProperties": false,
"description": "For an NDRA router, indicates preference of this router over other default routers. For an NDRA route, indicates preference of the router associated with this prefix over others, when multiple identical prefixes (for different routers) have been received. Preference values are LOW, MEDIUM (default) and HIGH. RESERVED value is not to be used and is treated as MEDIUM.",
"enum": [
"LOW",
"MEDIUM",
"HIGH",
"RESERVED"
],
"id": "NDRAPreference",
"module_id": "Routing",
"title": "NDRA Router and route preference",
"type": "string"
}
NSXRelease (type)
{
"additionalProperties": false,
"id": "NSXRelease",
"module_id": "Upgrade",
"properties": {
"downloaded": {
"readonly": true,
"required": false,
"title": "Hint whether this bundle is downloaded or not.",
"type": "boolean"
},
"readiness_checked": {
"readonly": true,
"required": false,
"title": "Hint whether readiness is checked for the current system for this version",
"type": "boolean"
},
"release_date": {
"description": "Release date",
"readonly": true,
"required": false,
"title": "Release date",
"type": "string"
},
"release_notes": {
"description": "Release notes of the release.",
"readonly": true,
"required": false,
"title": "Release notes.",
"type": "string"
},
"type": {
"description": "The purpose of the release.",
"enum": [
"PATCH_UPDATE",
"MAINTENANCE_UPDATE",
"SECURITY_PATCH",
"HOT_PATCH"
],
"readonly": true,
"required": false,
"title": "Version type",
"type": "string"
},
"version": {
"description": "Version available on VMware download site.",
"readonly": true,
"required": false,
"title": "Version available on VMware download site.",
"type": "string"
}
},
"type": "object"
}
NSXReleaseRequest (type)
{
"additionalProperties": false,
"id": "NSXReleaseRequest",
"module_id": "Upgrade",
"properties": {
"source": {
"description": "Source where notification is generated",
"readonly": true,
"required": false,
"title": "Source where notification is generated",
"type": "string"
}
},
"type": "object"
}
NSXReleases (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "NSXReleases",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NSXRelease
},
"readonly": true,
"required": false,
"title": "List of NSX Releases available.",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
NSXTConnectionInfo (type)
{
"additionalProperties": false,
"description": "Credential info to connect to an NSX-T type of enforcement point.",
"extends": {
"$ref": "EnforcementPointConnectionInfo
},
"id": "NSXTConnectionInfo",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "NSXTConnectionInfo"
},
"properties": {
"edge_cluster_ids": {
"deprecated": true,
"description": "Edge Cluster UUIDs on enforcement point. Edge cluster information is required for creating logical L2, L3 constructs on enforcement point. Max 1 edge cluster ID. This is a deprecated property. The edge cluster id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/edge-clusters and GET /infra/sites/site-id/enforcement-points/enforcementpoint-1/edge-clusters/edge-cluster-id. The value passed through this property will be ignored.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "Edge Cluster IDs",
"type": "array"
},
"enforcement_point_address": {
"description": "Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be \"10.192.1.1\" - On an NSX-T MP running on custom port, the value could be \"192.168.1.1:32789\" - On an NSX-T MP in VMC deployments, the value could be \"192.168.1.1:5480/nsxapi\"",
"required": true,
"title": "Enforcement Point Address",
"type": "string"
},
"password": {
"description": "Password.",
"sensitive": true,
"title": "Password",
"type": "secure_string"
},
"resource_type": {
"description": "Resource Type of Enforcement Point Connection Info.",
"enum": [
"NSXTConnectionInfo",
"NSXVConnectionInfo",
"CvxConnectionInfo",
"AviConnectionInfo"
],
"required": true,
"title": "Connection Info Resource Type",
"type": "string"
},
"thumbprint": {
"description": "Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX.",
"title": "Thumbprint of Enforcement Point",
"type": "string"
},
"transport_zone_ids": {
"deprecated": true,
"description": "Transport Zone UUIDs on enforcement point. Transport zone information is required for creating logical L2, L3 constructs on enforcement point. Max 1 transport zone ID. This is a deprecated property. The transport zone id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones and GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones/transport-zone-id. The value passed through this property will be ignored.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "Transport Zone IDs",
"type": "array"
},
"username": {
"description": "Username.",
"title": "Username",
"type": "string"
}
},
"title": "NSX-T Connection Info",
"type": "object"
}
NSXVConnectionInfo (type)
{
"additionalProperties": false,
"description": "Credential info to connect to an NSX-V type of enforcement point.",
"extends": {
"$ref": "EnforcementPointConnectionInfo
},
"id": "NSXVConnectionInfo",
"module_id": "PolicyEnforcementPointManagement",
"polymorphic-type-descriptor": {
"type-identifier": "NSXVConnectionInfo"
},
"properties": {
"enforcement_point_address": {
"description": "Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be \"10.192.1.1\" - On an NSX-T MP running on custom port, the value could be \"192.168.1.1:32789\" - On an NSX-T MP in VMC deployments, the value could be \"192.168.1.1:5480/nsxapi\"",
"required": true,
"title": "Enforcement Point Address",
"type": "string"
},
"password": {
"description": "Password.",
"required": true,
"sensitive": true,
"title": "Password",
"type": "secure_string"
},
"resource_type": {
"description": "Resource Type of Enforcement Point Connection Info.",
"enum": [
"NSXTConnectionInfo",
"NSXVConnectionInfo",
"CvxConnectionInfo",
"AviConnectionInfo"
],
"required": true,
"title": "Connection Info Resource Type",
"type": "string"
},
"thumbprint": {
"description": "Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX.",
"required": true,
"title": "Thumbprint of Enforcement Point",
"type": "string"
},
"username": {
"description": "Username.",
"required": true,
"sensitive": true,
"title": "Username",
"type": "secure_string"
}
},
"title": "NSX-V Connection Info",
"type": "object"
}
NamespaceMemberDetails (type)
{
"additionalProperties": false,
"description": "Details of the member belonging to a Group",
"id": "NamespaceMemberDetails",
"module_id": "PolicyGroupRealization",
"properties": {
"display_name": {
"readonly": true,
"required": true,
"title": "The display name of the member on the enforcement point",
"type": "string"
},
"id": {
"readonly": true,
"required": true,
"title": "The ID of the member on the enforcement point",
"type": "string"
},
"pods": {
"items": {
"$ref": "PolicyGroupMemberDetails
},
"required": true,
"type": "array"
}
},
"title": "Group member details",
"type": "object"
}
NdSnoopingConfig (type)
{
"additionalProperties": false,
"description": "Contains Neighbor Discovery Protocol (ND) snooping related configuration.",
"id": "NdSnoopingConfig",
"module_id": "PolicyIpDiscovery",
"properties": {
"nd_snooping_enabled": {
"default": false,
"description": "Enable this method will snoop the NS (Neighbor Solicitation) and NA (Neighbor Advertisement) messages in the ND (Neighbor Discovery Protocol) family of messages which are transmitted by a VM. From the NS messages, we will learn about the source which sent this NS message. From the NA message, we will learn the resolved address in the message which the VM is a recipient of. Addresses snooped by this method are subject to TOFU (Trust on First Use) policies as enforced by the system.",
"required": false,
"title": "Is ND snooping enabled or not",
"type": "boolean"
},
"nd_snooping_limit": {
"default": 3,
"description": "Maximum number of ND (Neighbor Discovery Protocol) snooped IPv6 addresses",
"maximum": 15,
"minimum": 2,
"required": false,
"title": "Maximum number of ND (Neighbor Discovery Protocol) bindings",
"type": "int"
}
},
"title": "ND Snooping Configuration",
"type": "object"
}
NdpHeader (type)
{
"additionalProperties": false,
"id": "NdpHeader",
"module_id": "Traceflow",
"properties": {
"dst_ip": {
"$ref": "IPv6Address,
"description": "The IP address of the destination of the solicitation. It MUST NOT be a multicast address.",
"required": false,
"title": "The destination IP address"
},
"msg_type": {
"default": "NEIGHBOR_SOLICITATION",
"description": "This field specifies the type of the Neighbor discover message being sent. NEIGHBOR_SOLICITATION - Neighbor Solicitation message to discover the link-layer address of an on-link IPv6 node or to confirm a previously determined link-layer address. NEIGHBOR_ADVERTISEMENT - Neighbor Advertisement message in response to a Neighbor Solicitation message.",
"enum": [
"NEIGHBOR_SOLICITATION",
"NEIGHBOR_ADVERTISEMENT"
],
"title": "NDP message type",
"type": "string"
}
},
"title": "Neighbor discovery protocol header",
"type": "object"
}
NestedExpression (type)
{
"additionalProperties": false,
"description": "Nested expressions is a list of condition expressions that must follow the below criteria: 0. Only allowed expressions in a NestedExpression are Condition and ConjunctionOperator. 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all condition expressions must be at even indices, separated by the conjunction expressions AND at odd indices. 2. There may be at most 5 condition expressions inside a list. 3. NestedExpressions are homogeneous in nature, i.e, all expressions inside a nested expression must have the same member type.",
"extends": {
"$ref": "Expression
},
"id": "NestedExpression",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "NestedExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"expressions": {
"description": "Expression.",
"items": {
"$ref": "Expression
},
"minItems": 1,
"required": true,
"title": "Expression",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "NestedExpression",
"type": "object"
}
NestedServiceServiceEntry (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ServiceEntry
},
"id": "NestedServiceServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "NestedServiceServiceEntry"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"nested_service_path": {
"required": true,
"title": "path of nested service",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"NestedServiceServiceEntry"
],
"relationshipType": "NESTED_SERVICE_RELATIONSHIP",
"rightType": [
"ServiceEntry"
]
},
{
"leftType": [
"NestedServiceServiceEntry"
],
"relationshipType": "NESTED_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"Service"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"IPProtocolServiceEntry",
"IGMPTypeServiceEntry",
"ICMPTypeServiceEntry",
"ALGTypeServiceEntry",
"L4PortSetServiceEntry",
"EtherTypeServiceEntry",
"NestedServiceServiceEntry"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A ServiceEntry that represents nesting service",
"type": "object"
}
NetworkInfo (type)
{
"additionalProperties": false,
"description": "Only support IP address or subnet. Its type can be of IPv4 or IPv6. It will be converted to subnet when netmask is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24, 2008:12:12:12::2/64 => 2008:12:12:12::/64).",
"id": "NetworkInfo",
"module_id": "LiveTrace",
"properties": {
"dst_ip": {
"$ref": "IPElement,
"description": "The destination IP can be an IP address or a subnet.",
"required": false,
"title": "The destination IP address or subnet"
},
"src_ip": {
"$ref": "IPElement,
"description": "The source IP can be an IP address or a subnet.",
"required": false,
"title": "The source IP address or subnet"
}
},
"type": "object"
}
NetworkInterfaceRequestParameters (type)
{
"additionalProperties": false,
"description": "Request parameters to filter REST API for list network interface.",
"extends": {
"$ref": "DataSourceParameters
},
"id": "NetworkInterfaceRequestParameters",
"module_id": "ApplianceStats",
"properties": {
"admin_status": {
"description": "Defines admin status of the interface.",
"enum": [
"UP",
"DOWN"
],
"title": "Admin status of the interface",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
}
},
"title": "Node network interface request parameters",
"type": "object"
}
NetworkPolicyImportRequest (type)
{
"additional_properties": false,
"description": "This contains a list of K8s Network Policy IDs to be imported as DFW SecurityPolicy.",
"id": "NetworkPolicyImportRequest",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"network_policy_ids": {
"description": "A set of network policy UUIDs that has to be imported to NSX SecurityPolicy",
"items": {
"type": "string"
},
"maxItems": 5000,
"required": true,
"title": "Set of K8s Network policy identifiers",
"type": "array"
},
"sequence_number_lower": {
"description": "This is an optional field. If specified, the \"drop\" action policy will be placed at this position. If unspecified, the drop policy will be created after its corresponding allow policy. The default-drop policies' sequence_number = last existing policy sequence_number + 2. If you specify the sequence numbers explicitly, you must specify both sequence_number_upper and sequence_number_lower at the same time. The sequence_number_lower must be greater than sequence_number_upper.",
"required": false,
"title": "The sequence number at which the drop policy is placed",
"type": "int"
},
"sequence_number_upper": {
"description": "This is an optional field. If specified, the \"allow\" action policy will be placed at this position. If unspecified, the import API should find the lowest existing copy-span security policy applied to the original container cluster, and put the imported policies behind it. The allow policies' sequence_number=last existing copy-span policy sequence_number + 1",
"required": false,
"title": "The sequence number at which the allow policy is placed",
"type": "int"
}
},
"title": "List of K8s Network Policies to be imported",
"type": "object"
}
NetworkPolicyImportRequestParameters (type)
{
"additional_properties": false,
"description": "Request parameters while importing the network policies",
"id": "NetworkPolicyImportRequestParameters",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"on_error": {
"default": "ABORT",
"enum": [
"ABORT",
"CONTINUE"
],
"required": false,
"title": "Action to take when error occurs",
"type": "string"
}
},
"title": "Import Request Parameters",
"type": "object"
}
NetworkPolicyImportResponse (type)
{
"additional_properties": false,
"description": "The response contains the count of network policies imported. If there are any failures, then the error response is also included",
"id": "NetworkPolicyImportResponse",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"errors": {
"description": "Contains a list of errors against each of the network policy id that failed during import.",
"items": {
"$ref": "ImportErrorMessage
},
"title": "List of errors, if any specific to networkpolicy",
"type": "array"
},
"errors_general": {
"description": "contains a list of errors agains general errors",
"items": {
"$ref": "ImportErrorMessage
},
"title": "List of general errors",
"type": "array"
},
"request_count": {
"description": "This is the count of the network policies that were contained in the import request",
"title": "The total number of network policies in the import request",
"type": "int"
},
"success_count": {
"description": "The count of the successfully imported network policies.",
"required": false,
"title": "The count of successfully imported policies",
"type": "int"
}
},
"title": "Summary response of the import action",
"type": "object"
}
NewRole (type)
{
"id": "NewRole",
"module_id": "AAA",
"properties": {
"new_role_description": {
"required": false,
"title": "New role description",
"type": "string"
},
"new_role_id": {
"pattern": "^[_a-z0-9-]+$",
"required": true,
"title": "New role id",
"type": "string"
},
"new_role_name": {
"required": true,
"title": "New role name",
"type": "string"
}
},
"title": "New Role",
"type": "object"
}
NoRestRequestParameters (type)
{
"additionalProperties": false,
"description": "Parameter definition for requests that do not allow parameters.",
"id": "NoRestRequestParameters",
"module_id": "Types",
"properties": {},
"type": "object"
}
NodeAsyncReplicatorServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeAsyncReplicatorServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "LoggingServiceProperties,
"title": "Service properties"
}
},
"title": "Node service properties",
"type": "object"
}
NodeAuthProviderVidmProperties (type)
{
"additionalProperties": false,
"id": "NodeAuthProviderVidmProperties",
"properties": {
"client_id": {
"required": true,
"title": "vIDM client id",
"type": "string"
},
"client_secret": {
"required": false,
"sensitive": true,
"title": "vIDM client secret",
"type": "string"
},
"host_name": {
"required": true,
"title": "Fully Qualified Domain Name(FQDN) of vIDM",
"type": "string"
},
"lb_enable": {
"required": false,
"title": "Load Balancer enable flag",
"type": "boolean"
},
"node_host_name": {
"description": "host name to use when creating the redirect URL for clients to follow after authenticating to vIDM",
"required": true,
"title": "host name of the node redirected to",
"type": "string"
},
"thumbprint": {
"description": "Hexadecimal SHA256 hash of the vIDM server's X.509 certificate",
"required": true,
"title": "vIDM certificate thumbprint",
"type": "string"
},
"vidm_enable": {
"required": false,
"title": "vIDM enable flag",
"type": "boolean"
}
},
"title": "Node AAA provider vIDM properties",
"type": "object"
}
NodeAuthProviderVidmStatus (type)
{
"additionalProperties": false,
"id": "NodeAuthProviderVidmStatus",
"properties": {
"runtime_state": {
"required": true,
"title": "AAA provider vIDM status",
"type": "string"
},
"vidm_enable": {
"required": true,
"title": "vIDM enable flag",
"type": "boolean"
}
},
"title": "Node AAA provider vIDM status",
"type": "object"
}
NodeAuthServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeAuthServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "AuthServiceProperties,
"title": "AUTH Service properties"
}
},
"title": "Node AUTH service properties",
"type": "object"
}
NodeFileSystemProperties (type)
{
"additionalProperties": false,
"id": "NodeFileSystemProperties",
"module_id": "ApplianceStats",
"properties": {
"file_system": {
"readonly": true,
"title": "File system id",
"type": "string"
},
"mount": {
"readonly": true,
"title": "File system mount",
"type": "string"
},
"total": {
"readonly": true,
"title": "File system size in kilobytes",
"type": "integer"
},
"type": {
"readonly": true,
"title": "File system type",
"type": "string"
},
"used": {
"readonly": true,
"title": "Amount of file system used in kilobytes",
"type": "integer"
}
},
"title": "File system properties",
"type": "object"
}
NodeGlobalManagerServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeGlobalManagerServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "LoggingServiceProperties,
"title": "Service properties"
}
},
"title": "Node service properties",
"type": "object"
}
NodeGrubProperties (type)
{
"additionalProperties": false,
"id": "NodeGrubProperties",
"properties": {
"timeout": {
"maximum": 2147483647,
"minimum": 0,
"title": "GRUB menu timeout value in seconds",
"type": "integer"
},
"users": {
"items": {
"$ref": "NodeGrubUserProperties
},
"title": "List of node GRUB user properties",
"type": "array"
}
},
"title": "Node GRUB properties",
"type": "object"
}
NodeGrubUserProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeGrubUserProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"password": {
"sensitive": true,
"title": "Password for the GRUB user",
"type": "string"
},
"username": {
"title": "Username of the GRUB user",
"type": "string"
}
},
"title": "Node GRUB user properties",
"type": "object"
}
NodeHealth (type)
{
"additionalProperties": false,
"id": "NodeHealth",
"module_id": "NodeHealth",
"properties": {
"components_health": {
"title": "Comoponents health details",
"type": "string"
},
"healthy": {
"title": "Flag indicating that node is healthy or not",
"type": "boolean"
}
},
"title": "Node Health information",
"type": "object"
}
NodeHttpServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeHttpServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "HttpServiceProperties,
"title": "HTTP Service properties"
}
},
"title": "Node HTTP service properties",
"type": "object"
}
NodeIdServicesMap (type)
{
"additionalProperties": false,
"id": "NodeIdServicesMap",
"module_id": "CertificateManager",
"properties": {
"node_id": {
"maxLength": 255,
"readonly": false,
"required": true,
"title": "NodeId",
"type": "string"
},
"service_types": {
"description": "List of ServiceTypes.",
"items": {
"$ref": "ServiceType
},
"readonly": false,
"required": true,
"type": "array"
}
},
"type": "object"
}
NodeInfo (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeInfo",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"component_version": {
"readonly": true,
"required": true,
"title": "Component version of the node",
"type": "string"
},
"display_name": {
"readonly": true,
"required": true,
"title": "Name of the node",
"type": "string"
},
"id": {
"description": "Identifier of the node",
"readonly": true,
"required": true,
"title": "UUID of node",
"type": "string"
},
"type": {
"readonly": true,
"required": true,
"title": "Node type",
"type": "string"
}
},
"type": "object"
}
NodeInfoListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "NodeInfoListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": false,
"title": "Component type based on which nodes will be filtered",
"type": "string"
},
"component_version": {
"readonly": false,
"required": false,
"title": "Component version based on which nodes will be filtered",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
NodeInfoListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "NodeInfoListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeInfo
},
"required": true,
"title": "Paged Collection of Nodes",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
NodeInstallUpgradeServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeInstallUpgradeServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "InstallUpgradeServiceProperties,
"title": "install-upgrade Service properties"
}
},
"title": "Node install-upgrade service properties",
"type": "object"
}
NodeInterfaceAlias (type)
{
"additionalProperties": false,
"id": "NodeInterfaceAlias",
"module_id": "ApplianceStats",
"properties": {
"broadcast_address": {
"$ref": "IPAddress,
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$",
"title": "Interface broadcast address"
},
"ip6_address": {
"items": {
"$ref": "IPv6CIDRBlock
},
"title": "Interface IPv6 CIDR addresses",
"type": "array"
},
"ip_address": {
"$ref": "IPAddress,
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$",
"title": "Interface IP address"
},
"ip_configuration": {
"enum": [
"dhcp",
"static",
"not configured",
"autoconf"
],
"title": "Interface configuration",
"type": "string"
},
"netmask": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$",
"title": "Interface netmask",
"type": "string"
},
"physical_address": {
"$ref": "MACAddress,
"title": "Interface MAC address"
}
},
"title": "Node network interface alias",
"type": "object"
}
NodeInterfaceProperties (type)
{
"additionalProperties": false,
"id": "NodeInterfaceProperties",
"module_id": "ApplianceStats",
"properties": {
"admin_status": {
"enum": [
"UP",
"DOWN"
],
"title": "Interface administration status",
"type": "string"
},
"backing_nsx_managed": {
"title": "Indicates whether backing of VIRTUAL network interface is managed by NSX",
"type": "boolean"
},
"connected_switch": {
"title": "Connected switch",
"type": "string"
},
"connected_switch_type": {
"description": "Type of switch associated with the interface.",
"enum": [
"VSS",
"DVS",
"N-VDS"
],
"readonly": true,
"required": false,
"title": "Type of switch",
"type": "string"
},
"device": {
"description": "Device name.",
"readonly": true,
"required": false,
"title": "Device name",
"type": "string"
},
"dpu_alias": {
"description": "Specifies the Data processing unit dpu alias(device alias) if the interface is backed by a DPU.",
"readonly": true,
"required": false,
"title": "Data processing unit device alias",
"type": "string"
},
"dpu_backed": {
"description": "If interface is backed by data processing unit (DPU) and state of DPU is MANAGED, then this property is true.",
"readonly": true,
"required": false,
"title": "Flag to indicate DPU backed interface",
"type": "boolean"
},
"dpu_id": {
"description": "Data processing unit ID if the interface is backed by a DPU.",
"readonly": true,
"required": false,
"title": "Data processing unit ID",
"type": "string"
},
"driver": {
"description": "Driver name.",
"readonly": true,
"required": false,
"title": "Driver name",
"type": "string"
},
"ens_capable": {
"title": "Interface capability for Enhanced Networking Stack",
"type": "boolean"
},
"ens_enabled": {
"title": "Indicates whether interface is enabled for Enhanced Networking Stack",
"type": "boolean"
},
"ens_interrupt_capable": {
"description": "This boolean property describes if network interface is capable for Enhanced Networking Stack interrupt",
"title": "Interface capability for Enhanced Networking Stack interrupt",
"type": "boolean"
},
"ens_interrupt_enabled": {
"description": "This boolean property describes if network interface is enabled for Enhanced Networking Stack interrupt",
"title": "Indicates whether interface is enabled for Enhanced Networking Stack interrupt",
"type": "boolean"
},
"host_managed": {
"title": "Indicates whether interface is managed by the host",
"type": "boolean"
},
"interface_alias": {
"items": {
"$ref": "NodeInterfaceAlias
},
"title": "IP Alias",
"type": "array"
},
"interface_id": {
"title": "Interface ID",
"type": "string"
},
"interface_type": {
"enum": [
"PHYSICAL",
"VIRTUAL",
"BOND",
"TEAMING"
],
"title": "Interface Type",
"type": "string"
},
"interface_uuid": {
"readonly": true,
"required": false,
"title": "UUID of the interface",
"type": "string"
},
"key": {
"description": "Device key.",
"readonly": true,
"required": false,
"title": "Device key",
"type": "string"
},
"link_status": {
"enum": [
"UP",
"DOWN"
],
"title": "Interface administration status",
"type": "string"
},
"lport_attachment_id": {
"title": "LPort Attachment Id assigned to VIRTUAL network interface of a node",
"type": "string"
},
"mtu": {
"title": "Interface MTU",
"type": "integer"
},
"pci": {
"description": "PCI device.",
"readonly": true,
"required": false,
"title": "PCI device",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"title": "Source of status data"
},
"speed": {
"description": "Interface speed in Mbps.",
"readonly": true,
"required": false,
"title": "Speed",
"type": "number"
},
"state": {
"description": "This property shows the current state of virtual tunnel end point (VTEP). If not in NORMAL state, then overlay workloads using this TEP will face network outage. In those cases, check if TEP has valid IP or any other underlay connectivity issues, and enable TEP HA to failover workloads to other healthy TEPs. Note that MAINTENANCE state is triggered by user and TEP will be disabled.",
"enum": [
"INVALID_STATE",
"INIT",
"NORMAL",
"IP_WAITING",
"BFD_DOWN",
"MAINTENANCE"
],
"required": false,
"title": "Virtual tunnel end point state",
"type": "string"
}
},
"title": "Node network interface properties",
"type": "object"
}
NodeInterfacePropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "NodeInterfacePropertiesListResult",
"module_id": "ApplianceStats",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeInterfaceProperties
},
"required": true,
"title": "Node interface property results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Node network interface properties list results",
"type": "object"
}
NodeInterfaceStatisticsProperties (type)
{
"additionalProperties": false,
"description": "Provides statistics of the specified network interface on a transport node since the time the system has been UP. The statistics will be reset on transport node restart. It includes the following information: - Incoming packet count. - Outgoing packet count. - Dropped packet count. - Error/Failure reason for the dropped packet.",
"extends": {
"$ref": "Resource
},
"id": "NodeInterfaceStatisticsProperties",
"module_id": "ApplianceStats",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"interface_id": {
"title": "Interface ID",
"type": "string"
},
"rx_bytes": {
"description": "The total number of bytes received on the interface since the uptime. This will be reset on transport node restart.",
"title": "Bytes in",
"type": "integer"
},
"rx_drop_no_match": {
"description": "The total number of packets dropped on the edge transport node interface since the uptime due to one of the below reasons. - MAC lookup failure. - If logical service interface receives a packet which is not destined for the service. This will be reset on edge reboot or edge dataplane restart.",
"title": "Rx drop no match",
"type": "integer"
},
"rx_dropped": {
"title": "Total packets dropped since the uptime",
"type": "integer"
},
"rx_errors": {
"description": "The total number of erroneous incoming packets received on the interface since the uptime. This will be reset on transport node restart.",
"title": "Rx errors",
"type": "integer"
},
"rx_frame": {
"description": "Total framing error packets since the uptime. Available only for Host Transport Node.",
"title": "Total framing error packets since the uptime",
"type": "integer"
},
"rx_misses": {
"description": "The Total number of incoming packets dropped on the edge transport node interface since the uptime.For DPDK interface this could be due to Rx buffer overflow or busy Fast Path(FP) core. This will be reset on edge reboot or edge dataplane restart.",
"title": "Rx misses",
"type": "integer"
},
"rx_nombufs": {
"description": "The total number of incoming packets dropped on the edge transport node interface since the uptime due to Rx mBuf allocation failure. This will be reset on edge reboot or edge dataplane restart.",
"title": "Rx no mBufs",
"type": "integer"
},
"rx_packets": {
"description": "The total number of incoming packets on the interface since the uptime. This will be reset on transport node restart.",
"title": "Packets in",
"type": "integer"
},
"source": {
"$ref": "DataSourceType,
"title": "Source of status data."
},
"tx_bytes": {
"description": "The total number of bytes transmitted from the interface since the uptime. This will be reset on transport node restart.",
"title": "Tx Bytes",
"type": "integer"
},
"tx_carrier": {
"description": "Total packets for carrier losses detected on transmit. Available only for Host Transport Node.",
"title": "Total packets for carrier losses detected on transmit",
"type": "integer"
},
"tx_colls": {
"description": "Total packets for collisions detected on transmit. Available only for Host Transport Node.",
"title": "Total packets for collisions detected on transmit",
"type": "integer"
},
"tx_dropped": {
"title": "Total packets dropped on transmit since the uptime",
"type": "integer"
},
"tx_drops": {
"description": "The total number of outgoing packets dropped on the DPDK interface of the edge transport node due to Tx buffer overflow since the uptime. The vmxnet3 backend or physical NIC is not able to process all the packets that edge is attempting to send out. This will be reset on edge reboot or edge dataplane restart.",
"title": "Tx drops",
"type": "integer"
},
"tx_errors": {
"description": "The total number of erroneous packets failed to be transmitted since the uptime. This will be reset on transport node restart.",
"title": "Tx errors",
"type": "integer"
},
"tx_packets": {
"description": "The total number of outgoing packets transmitted from the interface since the uptime. This will be reset on transport node restart.",
"title": "Packets out",
"type": "integer"
}
},
"title": "Node network interface statistics",
"type": "object"
}
NodeLogProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeLogProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"last_modified_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Last modified time expressed in milliseconds since epoch"
},
"log_name": {
"readonly": true,
"title": "Name of log file",
"type": "string"
},
"log_size": {
"readonly": true,
"title": "Size of log file in bytes",
"type": "integer"
}
},
"title": "Node log properties",
"type": "object"
}
NodeLogPropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "NodeLogPropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeLogProperties
},
"required": true,
"title": "Node log property results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Node log property query results",
"type": "object"
}
NodeMotdProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeMotdProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"motd": {
"title": "Message of the day to display when users login to node using the NSX CLI",
"type": [
"string",
"null"
]
}
},
"title": "Node message of the day properties",
"type": "object"
}
NodeNameServersProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeNameServersProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"name_servers": {
"items": {
"type": "string"
},
"maxItems": 3,
"required": true,
"title": "Name servers",
"type": "array"
}
},
"title": "Node network name servers properties",
"type": "object"
}
NodeNetworkInterfaceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeNetworkInterfaceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"admin_status": {
"enum": [
"up",
"down"
],
"readonly": true,
"title": "Interface administration status",
"type": "string"
},
"bond_cur_active_slave": {
"readonly": true,
"title": "Bond's currently active slave device",
"type": "string"
},
"bond_lacp_rate": {
"readonly": true,
"title": "Bond's rate at which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode",
"type": "string"
},
"bond_mode": {
"enum": [
"ACTIVE_BACKUP",
"802_3AD",
"ROUND_ROBIN",
"BROADCAST",
"XOR",
"TLB",
"ALB"
],
"title": "Bond mode",
"type": "string"
},
"bond_primary": {
"title": "Bond's primary device name in active-backup bond mode",
"type": "string"
},
"bond_primary_slave": {
"readonly": true,
"title": "Bond's primary device name in active-backup bond mode",
"type": "string"
},
"bond_slaves": {
"items": {
"type": "string"
},
"title": "Bond's slave devices",
"type": "array"
},
"bond_xmit_hash_policy": {
"enum": [
"layer2",
"layer2+3",
"layer3+4",
"encap2+3",
"encap3+4"
],
"readonly": true,
"title": "Bond's transmit hash policy for balance-xor and 802.3ad modes",
"type": "string"
},
"broadcast_address": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$",
"title": "Interface broadcast address",
"type": "string"
},
"default_gateway": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$",
"title": "Interface's default gateway",
"type": "string"
},
"interface_id": {
"readonly": true,
"required": true,
"title": "Interface ID",
"type": "string"
},
"ip6_addresses": {
"items": {
"$ref": "IPv6AddressProperties
},
"title": "Interface IPv6 addresses",
"type": "array"
},
"ip_addresses": {
"items": {
"$ref": "IPv4AddressProperties
},
"maxItems": 1,
"title": "Interface IP addresses",
"type": "array"
},
"ip_configuration": {
"enum": [
"dhcp",
"static",
"not configured"
],
"required": true,
"title": "Interface configuration",
"type": "string"
},
"is_kni": {
"readonly": true,
"title": "Interface is a KNI",
"type": "boolean"
},
"link_status": {
"enum": [
"up",
"down"
],
"readonly": true,
"title": "Interface administration status",
"type": "string"
},
"mtu": {
"title": "Interface MTU",
"type": "integer"
},
"physical_address": {
"pattern": "^[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}$",
"readonly": true,
"title": "Interface MAC address",
"type": "string"
},
"plane": {
"enum": [
"mgmt",
"debug",
"none"
],
"title": "Interface plane",
"type": "string"
},
"vlan": {
"maximum": 4094,
"minimum": 1,
"readonly": true,
"title": "VLAN Id",
"type": "integer"
}
},
"title": "Node network interface properties",
"type": "object"
}
NodeNetworkInterfacePropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "NodeNetworkInterfacePropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeNetworkInterfaceProperties
},
"required": true,
"title": "Node network interface property results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Node network interface properties list results",
"type": "object"
}
NodeNetworkProperties (type)
{
"extends": {
"$ref": "Resource
},
"id": "NodeNetworkProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
}
},
"title": "Network configuration properties",
"type": "object"
}
NodeNtpServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeNtpServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "NtpServiceProperties,
"title": "NTP Service properties"
}
},
"title": "Node NTP service properties",
"type": "object"
}
NodePhonehomeCoordinatorServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodePhonehomeCoordinatorServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "PhonehomeCoordinatorServiceProperties,
"title": "Phonehome Coordinator Service properties"
}
},
"title": "Node Phonehome Coordinator service properties",
"type": "object"
}
NodeProcessProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeProcessProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cpu_time": {
"readonly": true,
"title": "CPU time (user and system) consumed by process in milliseconds",
"type": "integer"
},
"mem_resident": {
"readonly": true,
"title": "Resident set size of process in bytes",
"type": "integer"
},
"mem_used": {
"readonly": true,
"title": "Virtual memory used by process in bytes",
"type": "integer"
},
"pid": {
"readonly": true,
"title": "Process id",
"type": "integer"
},
"ppid": {
"readonly": true,
"title": "Parent process id",
"type": "integer"
},
"process_name": {
"readonly": true,
"title": "Process name",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Process start time expressed in milliseconds since epoch"
},
"uptime": {
"readonly": true,
"title": "Milliseconds since process started",
"type": "integer"
}
},
"title": "Node process properties",
"type": "object"
}
NodeProcessPropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "NodeProcessPropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeProcessProperties
},
"required": true,
"title": "Node process property results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Node process property query results",
"type": "object"
}
NodeProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cli_coredump_config": {
"$ref": "CoreDumpConfig,
"readonly": true,
"title": "NSX CLI core dump files config"
},
"cli_history_size": {
"minimum": 0,
"title": "NSX CLI command history limit, set to 0 to configure no history size limit",
"type": "integer"
},
"cli_output_datetime": {
"title": "NSX CLI display datetime stamp in command output",
"type": "boolean"
},
"cli_timeout": {
"minimum": 0,
"title": "NSX CLI inactivity timeout, set to 0 to configure no timeout",
"type": "integer"
},
"export_type": {
"enum": [
"RESTRICTED",
"UNRESTRICTED"
],
"readonly": true,
"title": "Export restrictions in effect, if any",
"type": "string"
},
"fully_qualified_domain_name": {
"readonly": true,
"title": "Fully qualified domain name",
"type": "string"
},
"hostname": {
"$ref": "SystemHostname,
"title": "Host name or fully qualified domain name of node",
"type": "string"
},
"kernel_version": {
"readonly": true,
"title": "Kernel version",
"type": "string"
},
"motd": {
"title": "Message of the day to display when users login to node using the NSX CLI",
"type": [
"string",
"null"
]
},
"node_type": {
"enum": [
"NSX Manager",
"NSX Global Manager",
"NSX Edge",
"NSX Autonomous Edge",
"NSX Cloud Service Manager",
"NSX Public Cloud Gateway",
"NSX Malware Prevention Service VM"
],
"readonly": true,
"title": "Node type",
"type": "string"
},
"node_uuid": {
"maxLength": 36,
"readonly": true,
"title": "Node Unique Identifier",
"type": "string"
},
"node_version": {
"readonly": true,
"title": "Node version",
"type": "string"
},
"product_version": {
"readonly": true,
"title": "Product version",
"type": "string"
},
"system_datetime": {
"$ref": "DatetimeUTC,
"title": "System date time in UTC"
},
"system_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Current time expressed in milliseconds since epoch"
},
"timezone": {
"title": "Timezone",
"type": "string"
}
},
"title": "Node properties",
"type": "object"
}
NodeProtonServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeProtonServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "LoggingServiceProperties,
"title": "Service properties"
}
},
"title": "Node service properties",
"type": "object"
}
NodeRouteProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeRouteProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"destination": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$",
"title": "Destination covered by route",
"type": "string"
},
"from_address": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$",
"title": "From address",
"type": "string"
},
"gateway": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$",
"title": "Address of next hop",
"type": "string"
},
"interface_id": {
"title": "Network interface id of route",
"type": "string"
},
"ipv6": {
"title": "IPv6 flag",
"type": "boolean"
},
"metric": {
"description": "Default metric value for IPv4 is 0, whereas for IPv6 default value is 1024",
"title": "Metric value of route",
"type": "string"
},
"netmask": {
"description": "For IPv4 this field expects valid IPv4 netmask address, whereas in case of IPv6 it expects valid prefix length",
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$|^[\\d]{1,3}$",
"title": "Netmask or prefix length of destination covered by route",
"type": "string"
},
"proto": {
"default": "boot",
"enum": [
"unspec",
"redirect",
"kernel",
"boot",
"static",
"gated",
"ra",
"mrt",
"zebra",
"bird",
"dnrouted",
"xorp",
"ntk",
"dhcp"
],
"title": "Routing protocol identifier of route",
"type": "string"
},
"route_id": {
"readonly": true,
"title": "Unique identifier for the route",
"type": "string"
},
"route_type": {
"enum": [
"default",
"static",
"blackhole",
"prohibit",
"throw",
"unreachable"
],
"required": true,
"title": "Route type",
"type": "string"
},
"scope": {
"title": "Scope of destinations covered by route",
"type": "string"
},
"src": {
"pattern": "^[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}\\.[\\d]{1,3}$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$",
"title": "Source address to prefer when sending to destinations of route",
"type": "string"
}
},
"title": "Node network route properties",
"type": "object"
}
NodeRoutePropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "NodeRoutePropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeRouteProperties
},
"required": true,
"title": "Node route property results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Node network route properties list results",
"type": "object"
}
NodeSearchDomainsProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeSearchDomainsProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"search_domains": {
"items": {
"type": "string"
},
"required": true,
"title": "Search domains",
"type": "array"
}
},
"title": "Node network search domains properties",
"type": "object"
}
NodeServiceProperties (type)
{
"extends": {
"$ref": "Resource
},
"id": "NodeServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
}
},
"title": "Node service properties",
"type": "object"
}
NodeServicePropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "NodeServicePropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeServiceProperties
},
"required": true,
"title": "Node service property results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Node service property query results",
"type": "object"
}
NodeServiceStatusProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeServiceStatusProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"health": {
"enum": [
"STABLE",
"DEGRADED"
],
"readonly": true,
"required": false,
"title": "Service health in addition to runtime_state",
"type": "string"
},
"monitor_pid": {
"readonly": true,
"title": "Service monitor process id",
"type": "integer"
},
"monitor_runtime_state": {
"enum": [
"running",
"stopped"
],
"readonly": true,
"title": "Service monitor runtime state",
"type": "string"
},
"pids": {
"items": {
"type": "integer"
},
"readonly": true,
"title": "Service process ids",
"type": "array"
},
"reason": {
"readonly": true,
"required": false,
"title": "Reason for service degradation",
"type": "string"
},
"runtime_state": {
"enum": [
"running",
"stopped"
],
"readonly": true,
"title": "Service runtime state",
"type": "string"
}
},
"title": "Node service status properties",
"type": "object"
}
NodeSnmpServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeSnmpServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "SnmpServiceProperties,
"required": true,
"title": "SNMP Service properties"
}
},
"title": "Node SNMP service properties",
"type": "object"
}
NodeSnmpV3EngineID (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeSnmpV3EngineID",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"v3_engine_id": {
"required": true,
"title": "SNMP v3 engine id",
"type": "string"
}
},
"title": "SNMP V3 Engine Id",
"type": "object"
}
NodeSshServiceProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "NodeServiceProperties
},
"id": "NodeSshServiceProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"service_name": {
"required": true,
"title": "Service name",
"type": "string"
},
"service_properties": {
"$ref": "SshServiceProperties,
"title": "SSH Service properties"
}
},
"title": "Node SSH service properties",
"type": "object"
}
NodeStatusProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeStatusProperties",
"module_id": "ApplianceStats",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cpu_cores": {
"readonly": true,
"title": "Number of CPU cores on the system",
"type": "integer"
},
"cpu_sockets": {
"readonly": true,
"required": false,
"title": "Number of CPU sockets on the system",
"type": "integer"
},
"cpu_usage": {
"$ref": "CpuUsage,
"description": "Highest and average usage of DPDK and non-DPDK core of Edge Node.",
"readonly": true,
"title": "CPU usage of DPDK and non-DPDK core groups"
},
"dfw_heap_memory_usage": {
"items": {
"$ref": "DfwHeapMemoryUsage,
"description": "Heap usage of dfw modules.",
"title": "Heap usage of dfw modules"
},
"readonly": true,
"type": "array"
},
"disk_space_total": {
"description": "Amount of disk space available on the system, in kilobytes.",
"readonly": true,
"title": "Amount of disk space available on the system, in kilobytes",
"type": "integer"
},
"disk_space_used": {
"descrption": "Amount of disk space in use on the system, in kilobytes.",
"readonly": true,
"title": "Amount of disk space in use on the system, in kilobytes",
"type": "integer"
},
"dpdk_cpu_cores": {
"description": "Number of DPDK cores on Edge Node which are used for packet IO processing.",
"readonly": true,
"title": "Number of DPDK CPU cores on the system",
"type": "integer"
},
"dpus": {
"items": {
"$ref": "DpuStatusProperties
},
"readonly": true,
"title": "Data processing units on the system",
"type": "array"
},
"edge_mem_usage": {
"$ref": "EdgeTransportNodeMemoryUsage,
"description": "Point in time usage of system, datapath, swap and cache memory in edge node. Valid only for Edge transport node.",
"readonly": true,
"title": "Memory usage of edge node"
},
"file_systems": {
"items": {
"$ref": "NodeFileSystemProperties
},
"readonly": true,
"title": "File systems configured on the system",
"type": "array"
},
"hostname": {
"readonly": true,
"title": "Host name of the system",
"type": "string"
},
"load_average": {
"items": {
"type": "number"
},
"readonly": true,
"title": "One, five, and fifteen minute load averages for the system",
"type": "array"
},
"mem_cache": {
"readonly": true,
"title": "Amount of RAM on the system that can be flushed out to disk, in kilobytes",
"type": "integer"
},
"mem_total": {
"readonly": true,
"title": "Amount of RAM allocated to the system, in kilobytes",
"type": "integer"
},
"mem_used": {
"readonly": true,
"title": "Amount of RAM in use on the system, in kilobytes",
"type": "integer"
},
"non_dpdk_cpu_cores": {
"description": "Number of non-DPDK cores on Edge Node.",
"readonly": true,
"title": "Number of non-DPDK CPU cores on the system",
"type": "integer"
},
"remote_logging_server_configured": {
"description": "Indicates if remote logging server is configured.",
"readonly": true,
"title": "Remote Logging Server Configured",
"type": "boolean"
},
"source": {
"$ref": "DataSourceType,
"readonly": true,
"title": "Source of status data."
},
"swap_total": {
"readonly": true,
"title": "Amount of disk available for swap, in kilobytes",
"type": "integer"
},
"swap_used": {
"readonly": true,
"title": "Amount of swap disk in use, in kilobytes",
"type": "integer"
},
"system_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Current time expressed in milliseconds since epoch"
},
"uptime": {
"readonly": true,
"title": "Milliseconds since system start",
"type": "integer"
}
},
"title": "Node status properties",
"type": "object"
}
NodeSummary (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeSummary",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"component_version": {
"readonly": true,
"required": true,
"title": "Component version",
"type": "string"
},
"node_count": {
"description": "Number of nodes of the type and at the component version",
"readonly": true,
"required": true,
"title": "Count of nodes",
"type": "int"
},
"type": {
"readonly": true,
"required": true,
"title": "Node type",
"type": "string"
},
"upgrade_unit_subtype": {
"enum": [
"RESOURCE",
"ACTION"
],
"readonly": true,
"required": false,
"title": "UpgradeUnit sub type",
"type": "string"
}
},
"type": "object"
}
NodeSummaryList (type)
{
"additionalProperties": false,
"id": "NodeSummaryList",
"module_id": "Upgrade",
"properties": {
"results": {
"items": {
"$ref": "NodeSummary
},
"required": true,
"title": "List of Node Summary",
"type": "array"
}
},
"type": "object"
}
NodeSyslogExporterProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeSyslogExporterProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"exporter_name": {
"required": true,
"title": "Syslog exporter name",
"type": "string"
},
"facilities": {
"items": {
"$ref": "SyslogFacility
},
"title": "Facilities to export",
"type": "array"
},
"level": {
"enum": [
"EMERG",
"ALERT",
"CRIT",
"ERR",
"WARNING",
"NOTICE",
"INFO",
"DEBUG"
],
"required": true,
"title": "Logging level to export",
"type": "string"
},
"msgids": {
"items": {
"pattern": "^.+$",
"type": "string"
},
"title": "MSGIDs to export",
"type": "array"
},
"port": {
"maximum": 65535,
"minimum": 1,
"title": "Port to export to, defaults to 514 for TCP, TLS, UDP protocols or 9000 for LI, LI-TLS protocols",
"type": "integer"
},
"protocol": {
"enum": [
"TCP",
"TLS",
"UDP",
"LI",
"LI-TLS"
],
"required": true,
"title": "Export protocol",
"type": "string"
},
"server": {
"$ref": "HostnameOrIPv46Address,
"required": true,
"title": "IP address or hostname of server to export to",
"type": "string"
},
"structured_data": {
"items": {
"pattern": "^(alarmId|alarmState|audit|comp|depr|entId|eReqId|errorCode|eventFeatureName|eventId|eventSev|eventState|eventType|euser|inst|level|method|nodeId|org|path|proj|security|site|subcomp|s2comp|splitId|splitIndex|tenantId|tid|tname|update|username|vpc|namespace)=.+$",
"type": "string"
},
"title": "Structured data to export",
"type": "array"
},
"tls_ca_pem": {
"title": "CA certificate PEM of TLS server to export to",
"type": "string"
},
"tls_cert_pem": {
"title": "Certificate PEM of the rsyslog client",
"type": "string"
},
"tls_client_ca_pem": {
"title": "CA certificate PEM of the rsyslog client",
"type": "string"
},
"tls_key_pem": {
"sensitive": true,
"title": "Private key PEM of the rsyslog client",
"type": "string"
}
},
"title": "Node syslog exporter properties",
"type": "object"
}
NodeSyslogExporterPropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "NodeSyslogExporterPropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeSyslogExporterProperties
},
"required": true,
"title": "Node syslog exporter results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Node syslog exporter list results",
"type": "object"
}
NodeTime (type)
{
"additionalProperties": false,
"description": "Node system time in UTC",
"id": "NodeTime",
"properties": {
"system_datetime": {
"$ref": "DatetimeUTC,
"required": true,
"title": "Datetime string in UTC"
}
},
"title": "Node system time in UTC",
"type": "object"
}
NodeType (type)
{
"id": "NodeType",
"module_id": "CertificateManager",
"title": "Node Type",
"type": "string"
}
NodeUserPasswordProperty (type)
{
"additionalProperties": false,
"id": "NodeUserPasswordProperty",
"properties": {
"password": {
"required": true,
"sensitive": true,
"title": "The new password for user",
"type": "string"
}
},
"type": "object"
}
NodeUserProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "NodeUserProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"full_name": {
"title": "Full name for the user",
"type": "string"
},
"group_id": {
"maximum": 2147483647,
"minimum": 0,
"readonly": true,
"title": "Primary group id for the user",
"type": "integer"
},
"home_dir": {
"readonly": true,
"title": "The absolute path of user home directory",
"type": "string"
},
"last_password_change": {
"maximum": 2147483647,
"minimum": 0,
"readonly": true,
"title": "Number of days since password was last changed",
"type": "integer"
},
"login_shell": {
"readonly": true,
"title": "The absolute path of login shell",
"type": "string"
},
"old_password": {
"sensitive": true,
"title": "Old password for the user (required on PUT if password specified)",
"type": "string"
},
"password": {
"sensitive": true,
"title": "Password for the user (optionally specified on PUT, unspecified on GET)",
"type": "string"
},
"password_change_frequency": {
"default": 90,
"description": "Number of days password is valid before it must be changed. This can be set to 0 to indicate no password change is required or a positive integer up to 9999. By default local user passwords must be changed every 90 days.",
"maximum": 9999,
"minimum": 0,
"title": "Number of days password is valid before it must be changed",
"type": "integer"
},
"password_change_warning": {
"default": 7,
"desciption": "Number of days before user receives warning message to change the password before it expires. By default users will receive 7 days prior warning message to change the password.",
"maximum": 9999,
"minimum": 0,
"title": "Number of days before user receives warning message of password expiration",
"type": "integer"
},
"password_reset_required": {
"title": "Boolean value that states if a password reset is required",
"type": "boolean"
},
"status": {
"description": "Status of the user. This value can be ACTIVE indicating authentication attempts will be successful if the correct credentials are specified. The value can also be PASSWORD_EXPIRED indicating authentication attempts will fail because the user's password has expired and must be changed. Or, this value can be NOT_ACTIVATED indicating the user's password has not yet been set and must be set before the user can authenticate.",
"enum": [
"ACTIVE",
"PASSWORD_EXPIRED",
"NOT_ACTIVATED"
],
"readonly": true,
"title": "User status",
"type": "string"
},
"userid": {
"maximum": 2147483647,
"minimum": 0,
"readonly": true,
"title": "Numeric id for the user",
"type": "integer"
},
"username": {
"maxLength": 32,
"minLength": 1,
"pattern": "^[a-zA-Z][a-zA-Z0-9@-_.\\-]*$",
"title": "User login name (must be \"root\" if userid is 0)",
"type": "string"
}
},
"title": "Node user properties",
"type": "object"
}
NodeUserPropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "NodeUserPropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "NodeUserProperties
},
"required": true,
"title": "List of node users",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Node users list results",
"type": "object"
}
NodeUserSettings (type)
{
"additionalProperties": false,
"id": "NodeUserSettings",
"module_id": "FabricNode",
"properties": {
"audit_password": {
"description": "Password for the node audit user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid.",
"required": false,
"sensitive": true,
"title": "Node audit user password",
"type": "secure_string"
},
"audit_username": {
"description": "The default username is \"audit\". To configure username, you must provide this property together with <b>audit_password</b>. Username must contain ASCII characters only.",
"pattern": "^[\\x00-\\x7F]+$",
"required": false,
"title": "CLI \"audit\" username",
"type": "string"
},
"cli_password": {
"description": "Password for the node cli user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid.",
"required": false,
"sensitive": true,
"title": "Node cli password",
"type": "secure_string"
},
"cli_username": {
"default": "admin",
"description": "To configure username, you must provide this property together with <b>cli_password</b>. Username must contain ASCII characters only.",
"pattern": "^[\\x00-\\x7F]+$",
"required": false,
"title": "CLI \"admin\" username",
"type": "string"
},
"root_password": {
"description": "Password for the node root user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid.",
"required": false,
"sensitive": true,
"title": "Node root user password",
"type": "secure_string"
}
},
"type": "object"
}
NodeVersion (type)
{
"additionalProperties": false,
"id": "NodeVersion",
"properties": {
"node_version": {
"readonly": true,
"title": "Node version",
"type": "string"
},
"product_version": {
"readonly": true,
"title": "Product version",
"type": "string"
}
},
"type": "object"
}
NsxRole (type)
{
"id": "NsxRole",
"module_id": "AAA",
"properties": {
"permissions": {
"deprecated": true,
"description": "Please use the /user-info/permissions api to get the permission that the user has on each feature.",
"items": {
"enum": [
"read-api",
"read-write-api",
"crud",
"read",
"execute",
"none"
],
"type": "string"
},
"required": false,
"title": "Permissions",
"type": "array"
},
"role": {
"description": "This field represents the identifier of the role. With the introduction of custom roles, this field is no longer an enum.",
"required": true,
"title": "Role ID",
"type": "string"
}
},
"title": "Role",
"type": "object"
}
NsxTDNSForwarderStatistics (type)
{
"description": "The current statistics counters of the DNS forwarder including cache usages and query numbers per forwarders, on an NSX-T type of enforcement point.",
"extends": {
"$ref": "DNSForwarderStatisticsPerEnforcementPoint
},
"id": "NsxTDNSForwarderStatistics",
"module_id": "PolicyDNSStatistics",
"polymorphic-type-descriptor": {
"type-identifier": "NsxTDNSForwarderStatistics"
},
"properties": {
"cached_entries": {
"readonly": true,
"title": "The total number of cached entries",
"type": "integer"
},
"conditional_forwarder_statistics": {
"items": {
"$ref": "NsxTDNSForwarderZoneStatistics
},
"maxItems": 5,
"minItems": 0,
"readonly": true,
"required": false,
"title": "The statistics of conditional forwarder zones",
"type": "array"
},
"configured_cache_size": {
"readonly": true,
"title": "The configured cache size, in kb",
"type": "integer"
},
"default_forwarder_statistics": {
"$ref": "NsxTDNSForwarderZoneStatistics,
"readonly": true,
"title": "The statistics of default forwarder zone"
},
"enforcement_point_path": {
"description": "Policy path referencing the enforcement point from where the statistics are fetched.",
"readonly": true,
"title": "Enforcement point path",
"type": "string"
},
"queries_answered_locally": {
"readonly": true,
"title": "The total number of queries answered from local cache",
"type": "integer"
},
"queries_forwarded": {
"readonly": true,
"title": "The total number of forwarded DNS queries",
"type": "integer"
},
"resource_type": {
"enum": [
"NsxTDNSForwarderStatistics"
],
"required": true,
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Time stamp of the current statistics, in ms"
},
"total_queries": {
"readonly": true,
"title": "The total number of received DNS queries",
"type": "integer"
},
"used_cache_statistics": {
"items": {
"$ref": "NsxTPerNodeUsedCacheStatistics
},
"maxItems": 2,
"minItems": 0,
"readonly": true,
"required": false,
"title": "The statistics of used cache",
"type": "array"
}
},
"title": "Statistics counters of the DNS forwarder",
"type": "object"
}
NsxTDNSForwarderStatus (type)
{
"description": "The current runtime status of the DNS forwarder.",
"extends": {
"$ref": "DNSForwarderStatusPerEnforcementPoint
},
"id": "NsxTDNSForwarderStatus",
"module_id": "PolicyDNSStatistics",
"polymorphic-type-descriptor": {
"type-identifier": "NsxTDNSForwarderStatus"
},
"properties": {
"enforcement_point_path": {
"description": "Policy path referencing the enforcement point from where the status is fetched.",
"readonly": true,
"title": "Enforcement point path",
"type": "string"
},
"extra_message": {
"readonly": true,
"required": false,
"title": "Extra message, if available",
"type": "string"
},
"resource_type": {
"enum": [
"NsxTDNSForwarderStatus"
],
"required": true,
"type": "string"
},
"status": {
"description": "UP means the DNS forwarder is working correctly on the active transport node and the stand-by transport node (if present). Failover will occur if either node goes down. DOWN means the DNS forwarder is down on both active transport node and standby node (if present). The DNS forwarder does not function in this situation. Error means there is some error on one or both transport node, or no status was reported from one or both transport nodes. The DNS forwarder may be working (or not working). NO_BACKUP means DNS forwarder is working in only one transport node, either because it is down on the standby node, or no standby is configured. An forwarder outage will occur if the active node goes down.",
"enum": [
"UP",
"DOWN",
"ERROR",
"NO_BACKUP",
"UNKNOWN"
],
"readonly": true,
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Time stamp of the current status, in ms"
}
},
"title": "The current runtime status of DNS forwarder",
"type": "object"
}
NsxTDNSForwarderZoneStatistics (type)
{
"description": "Statistics counters of the DNS forwarder zone.",
"id": "NsxTDNSForwarderZoneStatistics",
"module_id": "PolicyDNSStatistics",
"properties": {
"domain_names": {
"description": "Domain names configured for the forwarder. Empty if this is the default forwarder.",
"items": {
"type": "string"
},
"maxItems": 100,
"minItems": 0,
"readonly": true,
"title": "Domain names configured for the forwarder",
"type": "array"
},
"upstream_statistics": {
"items": {
"$ref": "NsxTUpstreamServerStatistics
},
"maxItems": 3,
"minItems": 0,
"readonly": true,
"required": false,
"title": "Statistics per upstream server.",
"type": "array"
}
},
"title": "Statistics counters of the DNS forwarder zone",
"type": "object"
}
NsxTDnsAnswer (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyDnsAnswerPerEnforcementPoint
},
"id": "NsxTDnsAnswer",
"module_id": "PolicyDnsForwarder",
"properties": {
"authoritative_answers": {
"items": {
"$ref": "NsxTDnsQueryAnswer
},
"maxItems": 256,
"minItems": 1,
"required": false,
"title": "Authoritative answers",
"type": "array"
},
"dns_server": {
"description": "Dns server ip address and port, format is \"ip address#port\".",
"required": true,
"title": "Dns server information",
"type": "string"
},
"edge_node_id": {
"description": "ID of the edge node that performed the query.",
"required": true,
"title": "Edge node id",
"type": "string"
},
"enforcement_point_path": {
"description": "Policy path referencing the enforcement point from where the DNS forwarder nslookup answer is fetched.",
"readonly": true,
"title": "Enforcement point path",
"type": "string"
},
"non_authoritative_answers": {
"items": {
"$ref": "NsxTDnsQueryAnswer
},
"maxItems": 256,
"minItems": 1,
"required": false,
"title": "Non authoritative answers",
"type": "array"
},
"raw_answer": {
"description": "It can be NXDOMAIN or error message which is not consisted of authoritative_answer or non_authoritative_answer.",
"required": false,
"title": "Raw message returned from the dns forwarder",
"type": "string"
},
"resource_type": {
"description": "Resource type of the DNS forwarder nslookup answer.",
"enum": [
"NsxTDnsAnswer"
],
"required": true,
"title": "Resource type",
"type": "string"
}
},
"title": "Answer of dns nslookup",
"type": "object"
}
NsxTDnsQueryAnswer (type)
{
"additionalProperties": false,
"id": "NsxTDnsQueryAnswer",
"module_id": "PolicyDnsForwarder",
"properties": {
"address": {
"description": "Resolved IP address matched with the nslookup address provided as a request parameter.",
"required": false,
"title": "Matched ip address",
"type": "string"
},
"name": {
"description": "Matched name of the given address.",
"required": false,
"title": "Matched name",
"type": "string"
}
},
"title": "Answer of nslookup",
"type": "object"
}
NsxTPerNodeUsedCacheStatistics (type)
{
"description": "Query statistics counters of used cache from node",
"id": "NsxTPerNodeUsedCacheStatistics",
"module_id": "PolicyDNSStatistics",
"properties": {
"cached_entries": {
"readonly": true,
"title": "The total number of cached entries",
"type": "integer"
},
"node_id": {
"readonly": true,
"title": "UUID of active/standby transport node",
"type": "string"
},
"used_cache_size": {
"readonly": true,
"title": "The memory size used in cache, in kb",
"type": "integer"
}
},
"title": "Per node used cache query statistics counters",
"type": "object"
}
NsxTUpstreamServerStatistics (type)
{
"description": "Query statistics counters to an upstream server including successfully forwarded queries and failed queries.",
"id": "NsxTUpstreamServerStatistics",
"module_id": "PolicyDNSStatistics",
"properties": {
"queries_failed": {
"readonly": true,
"title": "Queries failed to forward.",
"type": "integer"
},
"queries_succeeded": {
"readonly": true,
"title": "Queries forwarded successfully",
"type": "integer"
},
"upstream_server": {
"$ref": "IPAddress,
"readonly": true,
"title": "Upstream server ip"
}
},
"title": "Upstream server query statistics counters",
"type": "object"
}
NsxtNodeType (type)
{
"enum": [
"NSX_ESX",
"NSX_KVM",
"NSX_BAREMETAL_SERVER",
"NSX_EDGE",
"NSX_PUBLIC_CLOUD_GATEWAY",
"NSX_MANAGER",
"NSX_POLICY_MANAGER",
"NSX_CONTROLLER",
"GLOBAL_MANAGER"
],
"id": "NsxtNodeType",
"module_id": "PolicySha",
"title": "Valid NSX node type",
"type": "string"
}
NtpServiceProperties (type)
{
"additionalProperties": false,
"id": "NtpServiceProperties",
"properties": {
"servers": {
"items": {
"$ref": "HostnameOrIPv46Address
},
"required": true,
"title": "NTP servers",
"type": "array"
},
"start_on_boot": {
"default": true,
"required": false,
"title": "Start NTP service when system boots",
"type": "boolean"
}
},
"title": "NTP Service properties",
"type": "object"
}
OdsDynamicRunbookInstance (type)
{
"additionalProperties": false,
"description": "Instance of Dynamic Online Diagnostic System Runbook.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "OdsDynamicRunbookInstance",
"module_id": "PolicyOds",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_to_all_appliances": {
"default": false,
"description": "The knob of installing Dynamic Runbook on all appliance nodes.",
"title": "Knob of installing Dynamic Runbook on all appliance nodes",
"type": "boolean"
},
"applied_to_group_paths": {
"description": "The policy path set of groups to which the Dynamic Runbook is installed.",
"items": {
"type": "string"
},
"title": "Path(s) of group(s) to which the Dynamic Runbook is installed",
"type": "array"
},
"applied_to_nodes": {
"description": "Identifiers of appliances and transport nodes to which the Dynamic Runbook is installed.",
"items": {
"type": "string"
},
"title": "Identifiers of appliances and transport nodes to which the Dynamic Runbook is installed",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Dynamic Runbook Instance",
"type": "object"
}
OdsRunbookInvocation (type)
{
"additionalProperties": false,
"description": "Policy entity for the invocation of an Online Diagnostic System Runbook.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "OdsRunbookInvocation",
"module_id": "PolicyOds",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"arguments": {
"description": "List of key value pairs as the arguments for an execution of an Online Diagnostic System Runbook.",
"items": {
"$ref": "UnboundedKeyValuePair
},
"required": false,
"title": "Arguments for runbook invocation",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_transient": {
"default": true,
"description": "This field indicates if intent is transient and will be cleaned up by the system if set to true",
"required": false,
"title": "Marker to indicate if intent is transient",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"runbook_name": {
"description": "The property is read-only, used for querying result.",
"readonly": true,
"required": false,
"title": "Name of runbook object",
"type": "string"
},
"runbook_path": {
"description": "The policy path of runbook object.",
"required": true,
"title": "Path of runbook object",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"target_node": {
"description": "Identifier of an appliance node or transport node where the execution of an Online Diagnostic System Runbook happens.",
"required": false,
"title": "Identifier of an appliance node or transport node",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Runbook invocation",
"type": "object"
}
OdsRunbookInvocationArtifactBatchRequest (type)
{
"additionalProperties": false,
"description": "Batched request for collecting artifacts of Online Diagnostic System invocations.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "OdsRunbookInvocationArtifactBatchRequest",
"module_id": "PolicyOds",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"invocation_paths": {
"description": "This array can consist of one or more policy paths. Only policy paths of Ods invocations are allowed.",
"items": {
"type": "string"
},
"maxItems": 500,
"minItems": 1,
"required": true,
"title": "List of invocation path for artifact collection",
"type": "array"
},
"is_transient": {
"default": true,
"description": "This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 1 hour of inactivity.",
"required": false,
"title": "Marker to indicate if the intent is transient",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Batched request for collecting artifacts of runbook invocations.",
"type": "object"
}
OidcEndPoint (type)
{
"additionalProperties": false,
"description": "OpenID Connect end-point specifying where to fetch the JWKS document used to validate JWT tokens for TokenBasedPrincipalIdentities.",
"extends": {
"$ref": "ManagedResource
},
"id": "OidcEndPoint",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"authorization_endpoint": {
"description": "The URL of the OpenID provider's authorization endpoint.",
"readonly": true,
"required": false,
"title": "Authorization endpoint",
"type": "string"
},
"claim_map": {
"description": "Configuration for mapping claims in OIDC ID tokens to NSX roles.",
"items": {
"$ref": "ClaimMap
},
"nsx_feature": "OIDC",
"title": "Map from ID token claims to NSX roles",
"type": "array"
},
"claims_supported": {
"description": "The list of claims that the OpenID provider supports.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Claims supported",
"type": "array"
},
"client_id": {
"description": "The client ID for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is \"ws_one\" or \"csp\".",
"nsx_feature": "OIDC",
"readonly": false,
"required": false,
"title": "OIDC Client ID",
"type": "string"
},
"client_secret": {
"description": "The client secret for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is \"ws_one\".",
"nsx_feature": "OIDC",
"readonly": false,
"required": false,
"sensitive": true,
"title": "OIDC Client Secret",
"type": "secure_string"
},
"csp_config": {
"$ref": "CspConfig,
"description": "Extra configuration specific to CSP endpoints. This property is ignored unless the oidc_type is \"csp\".",
"required": false,
"title": "CSP-specific configuration"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"end_session_endpoint_uri": {
"description": "URI of the OpenID session logout end-point.",
"maxLength": 255,
"nsx_feature": "OIDC",
"readonly": true,
"title": "OpenID session logout URI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"issuer": {
"description": "Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri.",
"readonly": true,
"required": false,
"title": "JWT token issuer",
"type": "string"
},
"jwks_uri": {
"description": "The URI where the JWKS document is located that has the key used to validate the JWT signature.",
"readonly": true,
"required": false,
"title": "URI of JWKS document",
"type": "string"
},
"name": {
"description": "A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint.",
"required": false,
"title": "Unique name for this OpenID Connect end-point",
"type": "string"
},
"oidc_type": {
"default": "vcenter",
"description": "Type used to distinguish the OIDC end-points by IDP.",
"enum": [
"vcenter",
"ws_one",
"csp"
],
"maxLength": 255,
"readonly": false,
"required": false,
"title": "OIDC Type",
"type": "string"
},
"oidc_uri": {
"description": "URI of the OpenID Connect end-point.",
"maxLength": 255,
"readonly": false,
"required": true,
"title": "OpenID Connect URI",
"type": "string"
},
"override_roles": {
"description": "When specified this role or roles are used instead of the nsx-role in the JWT",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Roles used instead of token roles",
"type": "array"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"restrict_scim_search": {
"default": false,
"description": "If set to true, then it is only possible to perform a SCIM search against the OIDC provider used to authenticate. If OIDC was not used to authenticate (for example, if authenticated as a local user), then this restriction does not apply.",
"nsx_feature": "OIDC",
"required": false,
"title": "SCIM search restriction indicator",
"type": "boolean"
},
"scim_endpoints": {
"description": "The SCIM (System for Cross-domain Identity Management) endpoint URLs to use when enumerating users and groups. All endpoints will be queried to obtain user and group information.",
"items": {
"type": "string"
},
"nsx_feature": "OIDC",
"readonly": true,
"title": "SCIM endpoints",
"type": "array"
},
"serviced_domains": {
"description": "When a login to NSX using a principal name of the form user@domain is attempted, the list of OIDC providers will be scanned to find one with a matching domain. If a match is found, that OIDC provider is used to authenticate the user. Each domain must be unique across all OIDC providers. If a duplicate domain is provided when adding or updating and OIDC provider, the request will be rejected.",
"items": {
"maxItems": 32,
"type": "string",
"uniqueItems": true
},
"nsx_feature": "OIDC",
"title": "List of domains serviced by this OIDC provider",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"thumbprint": {
"description": "Thumbprint in SHA-256 format used to verify the server certificate at the URI.",
"maxLength": 255,
"readonly": false,
"required": false,
"title": "Thumbprint",
"type": "string"
},
"token_endpoint": {
"description": "The URL of the OpenID provider's token endpoint.",
"readonly": true,
"required": false,
"title": "Token endpoint",
"type": "string"
},
"userinfo_endpoint": {
"description": "The URL of the OpenID provider's userinfo endpoint.",
"readonly": true,
"required": false,
"title": "Userinfo endpoint",
"type": "string"
}
},
"title": "OpenID Connect end-point",
"type": "object"
}
OidcEndPointHealthStatus (type)
{
"addtionalProperties": false,
"description": "The health status of the OIDC End Point",
"id": "OidcEndPointHealthStatus",
"module_id": "CertificateManager",
"properties": {
"errors": {
"description": "Details about errors encountered while checking the health of the OIDC endpoint.",
"items": {
"$ref": "OidcHealthCheckError
},
"title": "Problems with OIDC endpoint health",
"type": "array"
},
"result": {
"description": "Overall result of the health check. If the check was completely successful, the status will be SUCCESS. If one or more problems were found, the status will be FAILURE and the errors property will contain more information about the failure(s).",
"enum": [
"SUCCESS",
"FAILURE"
],
"readonly": true,
"title": "Overall result",
"type": "string"
}
},
"title": "OIDC End Point Health Status",
"type": "object"
}
OidcEndPointListRequestParameters (type)
{
"additionalProperties": false,
"description": "Parameters for filtering lists of OIDC endpoints",
"id": "OidcEndPointListRequestParameters",
"module_id": "CertificateManager",
"properties": {
"oidc_type": {
"description": "Selects the type of OIDC endpoint to return in list results.",
"enum": [
"vcenter",
"ws_one",
"csp"
],
"title": "Type of OIDC endpoint to return",
"type": "string"
}
},
"title": "OIDC endpoint list request parameters",
"type": "object"
}
OidcEndPointListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "OidcEndPointListResult",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "OidcEndPoint list.",
"items": {
"$ref": "OidcEndPoint
},
"readonly": true,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "OidcEndPoint query result",
"type": "object"
}
OidcHealthCheckError (type)
{
"description": "Details about an error encountered while checking OIDC End Point health status.",
"id": "OidcHealthCheckError",
"module_id": "CertificateManager",
"properties": {
"error_detail": {
"description": "Additional details about the cause of the error, if any could be determined.",
"title": "Additional error details",
"type": "string"
},
"error_type": {
"description": "A problem discovered when checking the health of the OIDC End Point. DISCOVERY_URI_FETCH_FAIL: The OIDC discovery endpoint could not be retrieved. TOKEN_RETRIEVE_FAIL: NSX was unable to retrieve a token from the OIDC End Point. Authentication to NSX using OIDC will not be possible. SCIM_SEARCH_FAIL: NSX was unable to perform a user/group search of the SCIM (System for Cross-domain Identity Management) endpoint. User and group searches will not function correctly. GENERAL_ERROR: Some general error occurred while verifying the OIDC endpoint.",
"enum": [
"JWKS_URI_FETCH_FAIL",
"TOKEN_RETRIEVE_FAIL",
"SCIM_SEARCH_FAIL"
],
"title": "The type of error encountered",
"type": "string"
}
},
"title": "Error detail about OIDC health issue",
"type": "object"
}
OidcRefreshParameter (type)
{
"additionalProperties": false,
"id": "OidcRefreshParameter",
"module_id": "CertificateManager",
"properties": {
"refresh": {
"default": false,
"description": "Whether to fetch and update the OIDC meta-data.",
"required": false,
"title": "Refresh meta-data",
"type": "boolean"
}
},
"type": "object"
}
OnboardingAttribute (type)
{
"description": "Generic config onboarding attributes in form attribute name and its corresponding values.",
"id": "OnboardingAttribute",
"module_id": "GmConfigOnboarding",
"properties": {
"name": {
"readonly": true,
"required": true,
"title": "Attribute name",
"type": "string"
},
"value": {
"readonly": true,
"required": false,
"title": "Attribute value",
"type": "string"
},
"value_type": {
"default": "STRING",
"enum": [
"STRING",
"INTEGER",
"BOOLEAN"
],
"readonly": true,
"required": false,
"title": "Attribute Type",
"type": "string"
}
},
"title": "Config Onboarding Attributes",
"type": "object"
}
OnboardingCompatibilityStatus (type)
{
"enum": [
"COMPATIBLE",
"INCOMPATIBLE"
],
"help": "Configuration onboarding compatibility status represents onboarding site's\nconfiguration compatibility on Global manager in order to keep overall\nsecurity posture unchanged.\nCOMPATIBLE - Onboarding site configuration is compatible with Global\n manager configuration and will not impact security posture\n upon configuration onboarding.\nINCOMPATIBLE - Onboarding site configuration is not compatible with Global\n manager configuration and will impact security posture upon\n configuration onboarding.\n",
"id": "OnboardingCompatibilityStatus",
"module_id": "GmConfigOnboarding",
"title": "Onboarding Compatibility Status",
"type": "string"
}
OnboardingConflictStatus (type)
{
"enum": [
"NO_CONFLICTS",
"CONFLICT_DETECTED"
],
"help": "Configuration onboarding conflict status on Global manager. Global manager\ncan have below status based on conflict in path between site configuration\nand global configuration.\nNO_CONFLICTS - No conflicts found between site configuration and\n global configuration.\nCONFLICT_DETECTED - One or more conflicts found between site configuration\n and global configuration\n",
"id": "OnboardingConflictStatus",
"module_id": "GmConfigOnboarding",
"title": "Onboarding Conflict Status",
"type": "string"
}
OnboardingFeatureInfo (type)
{
"description": "Feature information currently under process or refered to.",
"id": "OnboardingFeatureInfo",
"module_id": "GmConfigOnboarding",
"properties": {
"name": {
"readonly": true,
"required": false,
"title": "Feature Name",
"type": "string"
},
"path": {
"readonly": true,
"required": false,
"title": "Resource Path",
"type": "string"
},
"resource_type": {
"readonly": true,
"required": false,
"title": "Resource Type",
"type": "string"
}
},
"title": "Onboarding Feature Information",
"type": "object"
}
OnboardingStage (type)
{
"description": "Represents intermediate on-boarding stages on global manager or corresponding site manager.",
"enum": [
"LM_MIGRATION",
"LM_SYNCHRONIZATION",
"GM_PERSISTENCE",
"GM_TRANSFORMATION",
"GM_PROCESSING_DONE",
"GM_ROLLBACK",
"GM_ROLLBACK_DONE"
],
"id": "OnboardingStage",
"module_id": "GmConfigOnboarding",
"title": "Config onboarding stage",
"type": "string"
}
OnboardingStatus (type)
{
"enum": [
"ALLOWED",
"BLOCKED_FEATURE_CHECK",
"BLOCKED_CONFIG_CONFLICT_CHECK",
"BLOCKED_SITE_RESTORE_PENDING",
"BLOCKED_FULLSYNC_PENDING",
"BLOCKED_USER_REJECT",
"BLOCKED_SITE_NOT_REACHABLE",
"CONTINUE_RESOLUTION_NEEDED",
"IN_PROGRESS",
"FAILED_GM_ROLLBACK_IN_PROGRESS",
"SUCCESS"
],
"help": "Configuration onboarding status on Global manager. Currently Global manager\nallows below state transitions.\nALLOWED - Site onboarding is allowed for given\n site. This is initial state to begin site\n onboarding.\nBLOCKED_FEATURE_CHECK - Site onboarding cannot proceed due to\n supported feature mismatch against Global\n manager.\nBLOCKED_CONFIG_CONFLICT_CHECK - Site onboarding cannot proceed due to\n conflicts in onboarding configuration.\nBLOCKED_SITE_RESTORE_PENDING - Site onboarding cannot proceed due to\n pending restore operation on site.\nBLOCKED_FULLSYNC_PENDING - Site onboarding cannot proceed due to\n pending infra state sync to the site.\nBLOCKED_USER_REJECT - Site onboarding cannot proceed as per\n user preferences.\nBLOCKED_SITE_NOT_REACHABLE - Onboarding site is not reachable.\nCONTINUE_RESOLUTION_NEEDED - Site onboarding is allowed to proceed but\n conflict resolution is needed to start\n configuration onboarding successfully.\nIN_PROGRESS - Site onboarding process is in progress.\nFAILED_GM_ROLLBACK_IN_PROGRESS - Site onboarding process has failed and\n rollback operation on gloabl manager is\n in progress\nSUCCESS - Site onboarding process has successfully\n completed.\n",
"id": "OnboardingStatus",
"module_id": "GmConfigOnboarding",
"title": "Onboarding Status",
"type": "string"
}
OpenLdapIdentitySource (type)
{
"description": "An identity source service that runs OpenLDAP. The service allows selected user accounts defined in OpenLDAP to log into and access NSX-T.",
"extends": {
"$ref": "LdapIdentitySource
},
"id": "OpenLdapIdentitySource",
"module_id": "LdapIdentitySources",
"polymorphic-type-descriptor": {
"type-identifier": "OpenLdapIdentitySource"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alternative_domain_names": {
"description": "After parsing the \"user@domain\", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.",
"items": {
"type": "string"
},
"title": "Additional domains to be directed to this identity source",
"type": "array"
},
"base_dn": {
"description": "The subtree of the LDAP identity source to search when locating users and groups.",
"required": true,
"title": "DN of subtree for user and group searches",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"domain_name": {
"description": "The name of the authentication domain. When users log into NSX using an identity of the form \"user@domain\", NSX uses the domain portion to determine which LDAP identity source to use.",
"required": true,
"title": "Authentication domain name",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ldap_servers": {
"description": "The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.",
"items": {
"$ref": "IdentitySourceLdapServer
},
"maxItems": 3,
"title": "LDAP servers for this identity source",
"type": "array"
},
"resource_type": {
"enum": [
"ActiveDirectoryIdentitySource",
"OpenLdapIdentitySource"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "An OpenLDAP identity source service",
"type": "object"
}
OperationVerticalConfig (type)
{
"additionalProperties": false,
"description": "The details of deactivated operation verticals",
"id": "OperationVerticalConfig",
"module_id": "Policy",
"properties": {
"latency_stat_disabled": {
"description": "When this flag is set to true, the latency stat feature is deactivated. It is due to the SmartNIC backed DVS existing in Policy Manager. The latency has special GENEVE option to carry Latency information. But the hardware doesn't support it.",
"readonly": true,
"title": "A flag to indicate whether the latency stat feature is deactivated.",
"type": "boolean"
},
"live_trace_disabled": {
"description": "When this flag is set to true, the live trace feature is deactivated. It is due to the SmartNIC backed DVS existing in Policy Manager. The live trace has a special Geneve option in the header. But the hardware doesn't support it.",
"readonly": true,
"title": "A flag to indicate whether the live trace feature is deactivated.",
"type": "boolean"
}
},
"title": "Operation Vertical Config",
"type": "object"
}
OpsGlobalConfig (type)
{
"additionalProperties": false,
"description": "Global Operations configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "OpsGlobalConfig",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"in_band_network_telementry": {
"$ref": "DscpIndicator,
"description": "Specify the In-band network telemetry (INT) configuration config in a NSX domain. Set(resp. Unset) this configuration to activate(resp. deactivate) traceflow on VLAN logical network.",
"required": false,
"title": "The details of INT global configurations"
},
"is_inherited": {
"description": "if True, meaning that this is a copy version of GM if False, meaning that this is a local version on LM",
"required": false,
"title": "This field indicates whether this is a copy version of GM/NSX+ or not",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"operation_collectors": {
"description": "The operation collector is defined to receive stats from hosts. The VRNI and WAVE_FRONT collector type can be defined to collect the metric data. The WAVE_FRONT collector type can only be used in VMC mode.",
"items": {
"$ref": "GlobalCollectorConfig
},
"required": false,
"title": "Operation global collector config",
"type": "array"
},
"operation_feature_disabled": {
"$ref": "OperationVerticalConfig,
"description": "Specify the deactivated operation verticals. The True status indicates the certain operation vertical is not supported. And the detail reason is exposed on the corresponding API side.",
"required": false,
"title": "The details of deactivated operation verticals"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"site_infos": {
"description": "Information related to sites applicable for given config.",
"items": {
"$ref": "SiteInfo
},
"maxItems": 16,
"required": false,
"title": "Collection of Site information",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Global Operations configuration",
"type": "object"
}
Org (type)
{
"additionalProperties": false,
"description": "Org is created by infra provider.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Org",
"module_id": "PolicyOrg",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"short_id": {
"description": "Defaults to id if id is less than equal to 8 characters or defaults to random generated id if not set.",
"maxLength": 8,
"title": "Identifier to use when displaying org context in logs",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy Org",
"type": "object"
}
OrgRoot (type)
{
"additionalProperties": false,
"description": "OrgRoot space related policy multi tenancy.",
"extends": {
"$ref": "AbstractSpace
},
"id": "OrgRoot",
"module_id": "PolicyOrgRoot",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"connectivity_strategy": {
"deprecated": true,
"description": "The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use \"allow\" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use \"drop\" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelisting with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added.",
"enum": [
"WHITELIST",
"BLACKLIST",
"WHITELIST_ENABLE_LOGGING",
"BLACKLIST_ENABLE_LOGGING",
"NONE"
],
"required": false,
"title": "Connectivity strategy used by this tenant",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "OrgRoot",
"type": "object"
}
OspfAreaConfig (type)
{
"additionalProperties": false,
"description": "Contains OSPF Area configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "OspfAreaConfig",
"module_id": "PolicyOspf",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"area_id": {
"description": "OSPF area-id either in decimal or dotted format.",
"required": true,
"title": "OSPF area id",
"type": "string"
},
"area_type": {
"default": "NORMAL",
"description": "Configures OSPF area with defined area type. If area_type field not specified, default is NSSA.",
"enum": [
"NORMAL",
"NSSA"
],
"required": false,
"title": "OSPF area type",
"type": "string"
},
"authentication": {
"$ref": "OspfAuthenticationConfig,
"description": "Activates/deactivates authentication for an OSPF area.",
"title": "OSPF area authentication configuration"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "OSPF Area config",
"type": "object"
}
OspfAuthenticationConfig (type)
{
"additionalProperties": false,
"description": "Enables OSPF authentication with specified mode and password.",
"id": "OspfAuthenticationConfig",
"module_id": "PolicyOspf",
"properties": {
"key_id": {
"description": "Authentication secret key id is mandatory for type md5 with min value of 1 and max value 255.",
"maximum": 255,
"minimum": 1,
"required": false,
"sensitive": true,
"title": "Authentication secret key id",
"type": "integer"
},
"mode": {
"default": "NONE",
"description": "If mode is MD5 or PASSWORD, Authentication secret key is mandatory if mode is NONE, then authentication is deactivated.",
"enum": [
"NONE",
"PASSWORD",
"MD5"
],
"required": false,
"title": "Authentication mode",
"type": "string"
},
"secret_key": {
"description": "Authentication secret is mandatory for type password and md5 with min length of 1 and max length 8.",
"required": false,
"sensitive": true,
"title": "Authentication secret key",
"type": "secure_string"
}
},
"title": "OSPF Authentication Configuration",
"type": "object"
}
OspfRoutingConfig (type)
{
"additionalProperties": false,
"description": "Contains OSPF routing configurations.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "OspfRoutingConfig",
"module_id": "PolicyOspf",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"default_originate": {
"default": false,
"description": "Flag to activate/deactivate advertisement of default route into OSPF domain. The default route should be present in the edge only then it redistributes the same into OSPF domain only if this flag is set to TRUE.",
"required": false,
"title": "Flag to activate/deactivate advertisement of default route",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"ecmp": {
"default": true,
"description": "Flag to enable ECMP.",
"required": false,
"title": "Flag to enable ECMP",
"type": "boolean"
},
"enabled": {
"default": false,
"description": "Flag to enable OSPF routing protocol. Disabling will stop feature and OSPF peering.",
"required": false,
"title": "Flag to enable OSPF routing protocol",
"type": "boolean"
},
"graceful_restart_mode": {
"default": "HELPER_ONLY",
"description": "Configuration field to hold OSPF Restart mode .",
"enum": [
"DISABLE",
"HELPER_ONLY"
],
"title": "OSPF Graceful Restart Mode Configuration",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"summary_addresses": {
"description": "List of summary address configruation to summarize or filter external routes based on the setting of advertise flag in each OspfSummaryAddressConfig",
"items": {
"$ref": "OspfSummaryAddressConfig
},
"maxItems": 1000,
"required": false,
"title": "List of OSPF summary address configuration to summarize external routes",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "OSPF routing config",
"type": "object"
}
OspfSummaryAddressConfig (type)
{
"additionalProperties": false,
"description": "OSPF summary address configuration to summarize external routes",
"id": "OspfSummaryAddressConfig",
"module_id": "PolicyOspf",
"properties": {
"advertise": {
"default": true,
"description": "Used to filter the advertisement of external routes into the OSPF domain. Setting this field to \"TRUE\" will enable the summarization of external routes that are covered by ip_prefix configuration. Setting this field to \"FALSE\" will filter the advertisement of external routes that are covered by ip_prefix configuration.",
"required": false,
"title": "Flag to activate/deactivate summarization of external routes",
"type": "boolean"
},
"prefix": {
"format": "ip-cidr-block",
"required": true,
"title": "OSPF Summary address in CIDR format",
"type": "string"
}
},
"title": "OSPF Summary Address Configuration",
"type": "object"
}
OverriddenResource (type)
{
"additionalProperties": false,
"description": "Represents which federated global resources have been overrriden on a specific Site.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "OverriddenResource",
"module_id": "PolicyOverrides",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"intent_path": {
"description": "Policy resource path of the overridden resource.",
"readonly": true,
"title": "Policy resource path of the overridden resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"site_path": {
"description": "Site path to the specific site that has overridden the global resource.",
"readonly": true,
"title": "Site path",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents overridden resource information for federated entity.",
"type": "object"
}
OverriddenResourceListResult (type)
{
"additionalProperties": false,
"description": "Paged Collection of OverriddenResource.",
"extends": {
"$ref": "ListResult
},
"id": "OverriddenResourceListResult",
"module_id": "PolicyOverrides",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "OverriddenResource list results.",
"items": {
"$ref": "OverriddenResource
},
"required": true,
"title": "OverriddenResource list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of OverriddenResource",
"type": "object"
}
OverrideDeleteRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "DeleteRequestParameters
},
"id": "OverrideDeleteRequestParameters",
"module_id": "Policy",
"properties": {
"force": {
"default": false,
"description": "If true, deleting the resource succeeds even if it is being referred as a resource reference.",
"title": "Force delete the resource even if it is being used somewhere\n",
"type": "boolean"
},
"override": {
"default": false,
"description": "If true, the overridden object can be deleted locally. This will restore the global resource as the intended configuration for this site.",
"required": false,
"title": "Delete the locally overridden global object",
"type": "boolean"
}
},
"title": "Override delete request parameters",
"type": "object"
}
OverrideListRequestParameters (type)
{
"additionalProperties": false,
"description": "Parameter to filter overridden resource list by intent path or site path or both.",
"id": "OverrideListRequestParameters",
"module_id": "PolicyOverrides",
"properties": {
"intent_path": {
"required": false,
"title": "Global resource path",
"type": "string"
},
"site_path": {
"required": false,
"title": "Site path",
"type": "string"
}
},
"title": "Override list request parameters",
"type": "object"
}
OverrideRequestParameters (type)
{
"additionalProperties": false,
"id": "OverrideRequestParameters",
"module_id": "Policy",
"properties": {
"override": {
"default": false,
"description": "If true, the global resource can be over written locally. This means that there will be a local only resource in place of the global resource that can reflect local specific settings and values. The global object will continue to exist but will not be used for any configuration until this local object is removed. When the object is overridden the Global resource continues to exist unmodified, while the overridden object is created with all of the user specified values. The Global resource may be updated in the background, however, the overridden object may only be updated by the user. Once the user removes the overridden copy, the Global resource will then resume being used in the configuration.",
"required": false,
"title": "Locally override the global object",
"type": "boolean"
}
},
"title": "Override request parameters",
"type": "object"
}
Oversubscription (type)
{
"enum": [
"BYPASSED",
"DROPPED",
"INHERIT_GLOBAL"
],
"id": "Oversubscription",
"module_id": "PolicyIDS",
"type": "string"
}
PIServiceType (type)
{
"enum": [
"LOCAL_MANAGER",
"GLOBAL_MANAGER"
],
"id": "PIServiceType",
"module_id": "CertificateManager",
"title": "Service type supported for Principal Identities",
"type": "string"
}
PackageLoggingLevels (type)
{
"additionalProperties": false,
"id": "PackageLoggingLevels",
"properties": {
"logging_level": {
"enum": [
"OFF",
"FATAL",
"ERROR",
"WARN",
"INFO",
"DEBUG",
"TRACE"
],
"title": "Logging levels per package",
"type": "string"
},
"package_name": {
"title": "Package name",
"type": "string"
}
},
"type": "object"
}
PacketAddressClassifier (type) (Deprecated)
{
"deprecated": true,
"description": "A packet is classified to have an address binding, if its address configuration matches with all user specified properties.",
"id": "PacketAddressClassifier",
"module_id": "Switching",
"properties": {
"ip_address": {
"$ref": "IPElement,
"required": false,
"title": "A single IP address or a subnet, e.g. x.x.x.x or x.x.x.x/y"
},
"mac_address": {
"$ref": "MACAddress,
"required": false,
"title": "A single MAC address"
},
"vlan": {
"$ref": "VlanID,
"required": false
}
},
"title": "Address classifications for a packet",
"type": "object"
}
PacketData (type)
{
"abstract": true,
"id": "PacketData",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"frame_size": {
"default": 128,
"description": "If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.",
"maximum": 1000,
"minimum": 60,
"required": false,
"title": "Requested total size of the (logical) packet in bytes",
"type": "integer"
},
"resource_type": {
"default": "FieldsPacketData",
"enum": [
"BinaryPacketData",
"FieldsPacketData"
],
"required": true,
"title": "Packet configuration",
"type": "string"
},
"routed": {
"description": "When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. However, this flag will not be effective when injecting the traceflow packet to a VLAN backed port. This is because the gateway in this case is a physical gateway that is outside the scope of NSX. Therefore, users need to manually populate the gateway MAC address. If the user still sets this flag in this case, a validation error will be thrown. The scenario where a user injects a packet with a VLAN tag into a parent port is referred to as the traceflow container case. Please note that the value of `routed` depends on the connected network of the child segment rather than the connected network of segment of the parent port in this case. Here is the explanation: The parent port in this context is the port on a segment which is referred to by a SegmentConnectionBindingMap. The bound segment of the SegmentConnectionBindingMap is the child segment. The user-crafted traceflow packet will be directly forwarded to the corresponding child segment of the parent port without interacting with any layer 2 forwarding/layer 3 routing in this scenario. The crafted packet will follow the forwarding/routing polices of the child segment's connected network. For example, if a user injects a crafted packet to port_p, and the segment (seg_p) of port_p is referred to by the binding map m1, where m1 is bound to segment seg_c, and the destination port (port_d) of the packet is the VM vNIC connected to seg_p. Although port_p and port_d are on the same segment, the 'routed' value should be set to true if the user expects the crafted packet to be correctly delivered to the destination. This is because the child segments seg_c and seg_d are on different segments and require router interaction to communicate.",
"required": false,
"title": "Awareness of logical routing",
"type": "boolean"
},
"transport_type": {
"default": "UNICAST",
"description": "This type takes effect only for IP packet.",
"enum": [
"BROADCAST",
"UNICAST",
"MULTICAST",
"UNKNOWN"
],
"required": false,
"title": "Transport type of the traceflow packet",
"type": "string"
}
},
"type": "object"
}
PacketTypeAndCounter (type)
{
"id": "PacketTypeAndCounter",
"module_id": "AggSvcL2Types",
"properties": {
"counter": {
"required": true,
"title": "The number of packets.",
"type": "integer"
},
"packet_type": {
"required": true,
"title": "The type of the packets",
"type": "string"
}
},
"type": "object"
}
PacketsDroppedBySecurity (type)
{
"id": "PacketsDroppedBySecurity",
"module_id": "AggSvcL2Types",
"properties": {
"bpdu_filter_dropped": {
"required": false,
"title": "The number of packets dropped by \"BPDU filter\".",
"type": "integer"
},
"dhcp_client_dropped_ipv4": {
"required": false,
"title": "The number of IPv4 packets dropped by \"DHCP client block\".",
"type": "integer"
},
"dhcp_client_dropped_ipv6": {
"required": false,
"title": "The number of IPv6 packets dropped by \"DHCP client block\".",
"type": "integer"
},
"dhcp_server_dropped_ipv4": {
"required": false,
"title": "The number of IPv4 packets dropped by \"DHCP server block\".",
"type": "integer"
},
"dhcp_server_dropped_ipv6": {
"required": false,
"title": "The number of IPv6 packets dropped by \"DHCP server block\".",
"type": "integer"
},
"spoof_guard_dropped": {
"items": {
"$ref": "PacketTypeAndCounter
},
"required": false,
"title": "The packets dropped by \"Spoof Guard\"; supported packet types are IPv4, IPv6, ARP, ND, non-IP.",
"type": "array"
}
},
"type": "object"
}
PartialPatchConfig (type)
{
"additionalProperties": false,
"description": "Basic Concept: Partial Patch is a specialized feature in NSX that allows you to update only a specific part of an object's properties, instead of updating the entire object. This is particularly useful for making incremental changes to an object. Enabling Partial Patch: By default, Partial Patch is disabled. You need to explicitly enable this feature to use it. When enabled, you can update a subset of an object's fields, merging your new data with the existing object's data. Usage in API Operations: When Partial Patch is disabled, complete object data is required for both PUT and PATCH operations in /policy APIs. Once enabled, you can provide only the necessary subset of data for these operations. Important Considerations:In a partial patch, array properties are entirely replaced, not merged. If a PATCH operation targets a non-existing object, NSX will create a new object after performing all required validations. Be aware of fields that depend on each other (like username and password, or IP address and thumbprint). In such cases, either all or none of these inter-dependent fields should be provided in a Partial Patch request. Partial Patch does not support certain objects, such as 'Infra'. Objects like Labels, Security Policies, and Services have specific attributes that are treated differently in PATCH requests. This special handling won't change with Partial Patch. For example, in Security Policies, adding 'rules' through PATCH merges them with existing rules, while a PUT operation replaces them entirely. Partial Patch won't work if the new value for a property is of a different polymorphic type than the existing value.",
"id": "PartialPatchConfig",
"module_id": "PolicySystemConfig",
"properties": {
"enable_partial_patch": {
"description": "boolean value used to activate/deactivate partial patch",
"required": true,
"title": "This object will contain the partial patch configuration.",
"type": "boolean"
}
},
"title": "Contains configuration for Partial patch.",
"type": "object"
}
PasswordAuthenticationScheme (type)
{
"additionalProperties": false,
"extends": {
"$ref": "AuthenticationScheme
},
"id": "PasswordAuthenticationScheme",
"properties": {
"identity_file": {
"sensitive": true,
"title": "SSH private key file name",
"type": "string"
},
"password": {
"sensitive": true,
"title": "Password to authenticate with",
"type": "string"
},
"scheme_name": {
"enum": [
"password",
"key"
],
"required": true,
"title": "Authentication scheme name",
"type": "string"
},
"username": {
"pattern": "^.+$",
"required": true,
"title": "User name to authenticate with",
"type": "string"
}
},
"type": "object"
}
PasswordComplexityProperties (type)
{
"additionalProperties": {},
"description": "Configurable properties of password complexity requirement for the NSX node.",
"extends": {
"$ref": "Resource
},
"id": "PasswordComplexityProperties",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_retry_prompt": {
"default": 3,
"readonly": true,
"title": "Prompt user at most N times before returning with error.",
"type": "integer"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"digits": {
"default": -1,
"description": "Number of digits (0..9) expected in user password. <p>N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password.</p> <p>N > 0, to set maximum credit for having digits in the new password, i.e. per occurrence of digit in password will attribute additional credit of +1 towards meeting the current <b>minimum_password_length</b> value upto <b>N</b> digits.</p> <p>N = 0, policy will be not applicable.</p> By default minimum 1 digit is required for a new password.",
"maximum": 128,
"minimum": -128,
"title": "Number of digits in password",
"type": "integer"
},
"hash_algorithm": {
"default": "sha512",
"description": "Sets hash/cryptographic algorithm type for new passwords.",
"enum": [
"sha512",
"sha256"
],
"title": "Hash algorithm",
"type": "string"
},
"lower_chars": {
"default": -1,
"description": "Number of lower case characters (a..z) expected in user password. <p>N < 0, to set minimum credit for having lower case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password.</p> <p>N > 0, to set maximum credit for having lower case characters in the new password, i.e. per occurrence of lower case character in password will attribute additional credit of +1 towards meeting the current <b>minimum_password_length</b> value upto <b>N</b> lower case characters.</p> <p>N = 0, policy will be not applicable.</p> By default minimum 1 lower case character is required for a new password.",
"maximum": 128,
"minimum": -128,
"title": "Number of lower-case characters in password",
"type": "integer"
},
"max_repeats": {
"default": 0,
"description": "Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0.",
"maximum": 128,
"minimum": 0,
"title": "Number of same consecutive characters",
"type": "integer"
},
"max_sequence": {
"default": 0,
"description": "Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0.",
"maximum": 128,
"minimum": 0,
"title": "Length of permissible monotonic sequence in password substring",
"type": "integer"
},
"maximum_password_length": {
"default": 128,
"description": "Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters.",
"maximum": 128,
"minimum": 8,
"title": "Maximum password length",
"type": "integer"
},
"minimum_password_length": {
"default": 12,
"description": "Minimum number of characters expected in password; user can not set their password of length less than this parameter.<br /> NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - <p>if existing appliance is configured with <code>minimum_password_length</code> less than current default value, then upgraded appliance will reset the configured setting back to recommended default; which can be explicitly modified back to original value or any other integer greater than or equal to supported minimum value.</p> <p>VMware recommends to set strong passwords for systems and appliances, further suggests to maintain strong <code>minimum_password_length</code> value. NSX resets this value to default and recommends to maintain upgraded default value or above for password complexity requirement.</p> <p>If any existing user passwords are set with length of less than newly configured <code>minimum_password_length</code>, then its recommended to reset the user passwords as per newly configured password complexity compliance.</p> <p>If existing <code>minimum_password_length</code> is greater than or equal to default value, which shall be retained as it is in newly upgraded appliance.</p> By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed.",
"maximum": 128,
"minimum": 8,
"title": "Minimum password length",
"type": "integer"
},
"minimum_unique_chars": {
"default": 0,
"description": "Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0.",
"maximum": 128,
"minimum": 0,
"title": "Number of unique characters from old password",
"type": "integer"
},
"password_remembrance": {
"default": 0,
"description": "Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0.",
"minimum": 0,
"title": "Password remembrance from previous generations",
"type": "integer"
},
"special_chars": {
"default": -1,
"description": "Number of special characters (!@#$&*..) expected in user password. <p>N < 0, to set minimum credit for having special characters in the new password, i.e. this is the minimum number of special characters that must be met for a new password.</p> <p>N > 0, to set maximum credit for having special characters in the new password, i.e. per occurrence of special case character in password will attribute additional credit of +1 towards meeting the current <b>minimum_password_length</b> value upto <b>N</b> special case characters.</p> <p>N = 0, policy will be not applicable.</p> By default minimum 1 special character is required for a new password.",
"maximum": 128,
"minimum": -128,
"title": "Number of special characters in password",
"type": "integer"
},
"upper_chars": {
"default": -1,
"description": "Number of upper case characters (A..Z) expected in user password. <p>N < 0, to set minimum credit for having upper case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password.</p> <p>N > 0, to set maximum credit for having upper case characters in the new password, i.e. per occurrence of upper case character in password will attribute additional credit of +1 towards meeting the current <b>minimum_password_length</b> value upto <b>N</b> upper case characters.</p> <p>N = 0, policy will be not applicable.</p> By default minimum 1 upper case character is required for a new password.",
"maximum": 128,
"minimum": -128,
"title": "Number of upper-case characters in password",
"type": "integer"
}
},
"title": "Configurable properties of password complexity requirement for the NSX node",
"type": "object"
}
PatchResources (type)
{
"additionalProperties": false,
"description": "Patch Resources is an action to create/patch resources in response to an event.",
"extends": {
"$ref": "Action
},
"id": "PatchResources",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"type-identifier": "PatchResources"
},
"properties": {
"body": {
"description": "Patch body representing a Hierarchical Patch payload. The resources included in the body are patched replacing the injections' keys with their actual values.",
"required": true,
"title": "Body",
"type": "object"
},
"injections": {
"description": "Injections holding keys (variables) and their corresponding values.",
"items": {
"$ref": "Injection
},
"minItems": 1,
"title": "Injections",
"type": "array"
},
"resource_type": {
"description": "Reaction Action resource type.",
"enum": [
"PatchResources",
"SetFields"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Patch Resources",
"type": "object"
}
PathExpression (type)
{
"additionalProperties": false,
"description": "Represents policy path expressions in the form of an array, to support addition of objects like groups, segments and policy logical ports in a group.",
"extends": {
"$ref": "Expression
},
"id": "PathExpression",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "PathExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"paths": {
"description": "This array can consist of one or more policy paths. Only policy paths of groups, segments and policy logical ports are allowed.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Array of policy paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Group"
],
"relationshipType": "NESTED_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"Group"
],
"relationshipType": "GROUP_SEGMENTPORT_RELATIONSHIP",
"rightType": [
"SegmentPort"
]
},
{
"leftType": [
"Group"
],
"relationshipType": "GROUP_SEGMENT_RELATIONSHIP",
"rightType": [
"Segment"
]
},
{
"leftType": [
"Group"
],
"relationshipType": "GROUP_VPC_SUBNET_RELATIONSHIP",
"rightType": [
"VpcSubnet"
]
},
{
"leftType": [
"Group"
],
"relationshipType": "GROUP_VPC_SUBNET_PORT_RELATIONSHIP",
"rightType": [
"VpcSubnetPort"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"Condition",
"ConjunctionOperator",
"NestedExpression",
"IPAddressExpression",
"MACAddressExpression",
"ExternalIDExpression",
"PathExpression",
"IdentityGroupExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Path expression node",
"type": "object"
}
PeerCertificateChain (type)
{
"additionalProperties": false,
"description": "The certificate chain presented by a remote TLS service.",
"id": "PeerCertificateChain",
"module_id": "CertificateManager",
"properties": {
"details": {
"description": "List of X509Certificates.",
"items": {
"$ref": "X509Certificate
},
"readonly": true,
"required": false,
"type": "array"
},
"pem_encoded": {
"description": "PEM encoded certificate data.",
"readonly": false,
"required": true,
"type": "string"
}
},
"title": "A peer's certificate chain",
"type": "object"
}
PemFile (type)
{
"additionalProperties": false,
"id": "PemFile",
"module_id": "CertificateManager",
"properties": {
"file": {
"required": true,
"title": "file data",
"type": "multipart_file"
}
},
"type": "object"
}
PendingChangesInfoNsxT (type)
{
"additionalProperties": false,
"description": "Information about recent changes, if any, that are not reflected in the Enforced Realized Status.",
"id": "PendingChangesInfoNsxT",
"module_id": "PolicyRealizationStatus",
"properties": {
"pending_changes_flag": {
"description": "Flag describing whether there are any pending changes that are not reflected in the status.",
"readonly": true,
"title": "Pending Changes Flag",
"type": "boolean"
}
},
"title": "NSX-T Pending Change Info",
"type": "object"
}
PerNodeDnsFailedQueries (type)
{
"additionalProperties": false,
"description": "The list of the failed DNS queries with entry count and timestamp. The entry count is for per active/standby transport node.",
"extends": {
"$ref": "ListResult
},
"id": "PerNodeDnsFailedQueries",
"module_id": "DnsForwarder",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"node_id": {
"description": "The Uuid of active/standby transport node.",
"readonly": true,
"required": true,
"title": "Uuid of active/standby transport node",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "The list of failed DNS queries.",
"items": {
"$ref": "DnsFailedQuery
},
"readonly": true,
"required": false,
"title": "List of failed DNS queries",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
},
"timestamp": {
"description": "Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.",
"readonly": true,
"required": true,
"title": "Timestamp of the request",
"type": "string"
}
},
"title": "The list of failed DNS queries per transport node",
"type": "object"
}
PerStepRestoreStatus (type)
{
"id": "PerStepRestoreStatus",
"module_id": "ClusterRestore",
"properties": {
"description": {
"readonly": true,
"required": true,
"title": "A description of the restore status",
"type": "string"
},
"value": {
"enum": [
"INITIAL",
"RUNNING",
"SUSPENDED_BY_USER",
"SUSPENDED_FOR_USER_ACTION",
"FAILED",
"SUCCESS"
],
"readonly": true,
"required": true,
"title": "Per step restore status value",
"type": "string"
}
},
"title": "Restore step status",
"type": "object"
}
PhonehomeCoordinatorServiceProperties (type)
{
"additionalProperties": false,
"id": "PhonehomeCoordinatorServiceProperties",
"properties": {
"logging_level": {
"default": "INFO",
"enum": [
"OFF",
"FATAL",
"ERROR",
"WARN",
"INFO",
"DEBUG",
"TRACE"
],
"required": false,
"title": "Service logging level",
"type": "string"
}
},
"title": "Phonehome Coordinator service properties",
"type": "object"
}
PlainFilterData (type)
{
"additionalProperties": false,
"extends": {
"$ref": "LiveTraceFilterData
},
"id": "PlainFilterData",
"module_id": "LiveTrace",
"polymorphic-type-descriptor": {
"type-identifier": "PlainFilterData"
},
"properties": {
"basic_filter": {
"required": false,
"title": "Basic RCF rule for packet filter",
"type": "string"
},
"extend_filter": {
"required": false,
"title": "Extended RCF rule for packet filter",
"type": "string"
},
"resource_type": {
"default": "FieldsFilterData",
"enum": [
"FieldsFilterData",
"PlainFilterData"
],
"required": true,
"title": "Filter type",
"type": "string"
}
},
"type": "object"
}
PointDefinition (type)
{
"additionalProperties": false,
"description": "Defines the point of a graph.",
"id": "PointDefinition",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"title": "Id of drilldown widget",
"type": "string"
},
"field": {
"description": "An expression that represents the points of the graph",
"required": true,
"title": "Expression for points of the graph",
"type": "string"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"tooltip": {
"description": "Multi-line text to be shown on tooltip while hovering over the point of a graph.",
"items": {
"$ref": "Tooltip
},
"minItems": 0,
"title": "Multi-line tooltip",
"type": "array"
},
"x_value": {
"description": "Represents the variable for the X value of points that are plotted on the graph.",
"required": true,
"title": "Variable chosen for X value of the point of the graph",
"type": "string"
},
"y_value": {
"description": "Represents the variable for the Y value of points that are plotted on the graph.",
"required": true,
"title": "Variable chosen for Y value of the point of the graph",
"type": "string"
}
},
"title": "Definition of a point of graph",
"type": "object"
}
Policy (type)
{
"additionalProperties": false,
"description": "Ordered list of Rules. This object is created by default along with the Domain.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Policy",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of Rules",
"type": "object"
}
PolicyAdvertisedNetwork (type)
{
"additionalProperties": false,
"id": "PolicyAdvertisedNetwork",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"network": {
"description": "Advertised network address.",
"readonly": true,
"required": true,
"title": "Advertised Network",
"type": "string"
},
"rule_filter_type": {
"description": "Advertised rule filter type",
"readonly": true,
"required": false,
"title": "Advertised rule filter type",
"type": "string"
},
"status": {
"description": "advertisement status of network to connected gateway SUCCESS - network route successfully plumbed on target gateway DENIED_BY_TARGET_GATEWAY - network denied by target gateway because of in filter rules or missing inter vrf config",
"readonly": true,
"required": false,
"title": "Advertisement status of network",
"type": "string"
}
},
"type": "object"
}
PolicyAdvertisedNetworkInCsvFormat (type)
{
"extends": {
"$ref": "CsvListResult
},
"id": "PolicyAdvertisedNetworkInCsvFormat",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"results": {
"items": {
"$ref": "AdvertisedNetworkCsvRecord
},
"readonly": true,
"required": false,
"type": "array"
}
},
"type": "object"
}
PolicyAdvertisedNetworksListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyAdvertisedNetworksListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "List of networks which advertised to connected gateway",
"items": {
"$ref": "PolicyAdvertisedNetwork
},
"readonly": true,
"required": false,
"title": "List of advertised networks",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
PolicyAlarmResource (type)
{
"description": "Alarm base class of realized policy object",
"extends": {
"$ref": "PolicyResource
},
"id": "PolicyAlarmResource",
"module_id": "PolicyRealizedState",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyAlarmResource"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"error_details": {
"$ref": "PolicyApiError,
"required": false,
"title": "Detailed information about errors from an API call made to the\nenforcement point, if any.\n"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"message": {
"required": false,
"title": "error message to describe the issue",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"source_reference": {
"required": false,
"title": "path of the object on which alarm is created",
"type": "string"
},
"source_site_id": {
"description": "This field will refer to the source site on which the alarm is generated. This field is populated by GM, when it receives corresponding notification from LM.",
"readonly": true,
"required": false,
"title": "source site(LM) id.",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Alarm base class of realized policy object",
"type": "object"
}
PolicyAlarmResourceListRequestParameters (type)
{
"additionalProperties": false,
"description": "PolicyAlarmResource list request parameters",
"extends": {
"$ref": "ListRequestParameters
},
"id": "PolicyAlarmResourceListRequestParameters",
"module_id": "PolicyRealizedState",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "PolicyAlarmResource list request parameters",
"type": "object"
}
PolicyAlarmResourceListResult (type)
{
"additionalProperties": false,
"description": "PolicyAlarmResource list result",
"extends": {
"$ref": "ListResult
},
"id": "PolicyAlarmResourceListResult",
"module_id": "PolicyRealizedState",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "List of alarm resources",
"items": {
"$ref": "PolicyAlarmResource
},
"required": false,
"title": "Paged Collection of PolicyAlarmResources",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "PolicyAlarmResource list result",
"type": "object"
}
PolicyApiError (type)
{
"extends": {
"$ref": "PolicyRelatedApiError
},
"id": "PolicyApiError",
"module_id": "PolicyRealizedState",
"properties": {
"details": {
"title": "Further details about the error",
"type": "string"
},
"error_code": {
"title": "A numeric error code",
"type": "integer"
},
"error_data": {
"title": "Additional data about the error",
"type": "object"
},
"error_message": {
"title": "A description of the error",
"type": "string"
},
"module_name": {
"title": "The module name where the error occurred",
"type": "string"
},
"related_errors": {
"items": {
"$ref": "PolicyRelatedApiError
},
"title": "Other errors related to this error",
"type": "array"
}
},
"title": "Detailed information about an API Error",
"type": "object"
}
PolicyArpProxyEntry (type)
{
"additionalProperties": false,
"id": "PolicyArpProxyEntry",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"arp_proxy_ip": {
"description": "ARP proxy information for a service with ip.",
"items": {
"$ref": "IPAddress
},
"readonly": true,
"required": false,
"title": "Array of ARP proxy service address",
"type": "array"
},
"service_id": {
"description": "Identifier of connected service on port.",
"readonly": true,
"required": false,
"title": "Service type id",
"type": "string"
}
},
"type": "object"
}
PolicyArpProxyTableCsvListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CsvListResult
},
"id": "PolicyArpProxyTableCsvListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"results": {
"items": {
"$ref": "InterfaceArpProxyCsvEntry
},
"required": false,
"type": "array"
}
},
"type": "object"
}
PolicyArpProxyTableListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyArpProxyTableListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "InterfaceArpProxy
},
"readonly": true,
"required": false,
"title": "Paginated list of Gateway interface ARP proxy tables",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
PolicyAttributes (type)
{
"additionalProperties": false,
"id": "PolicyAttributes",
"module_id": "PolicyContextProfile",
"properties": {
"attribute_source": {
"default": "SYSTEM",
"enum": [
"SYSTEM",
"CUSTOM"
],
"required": false,
"title": "Source of attribute value i.e whether system defined or custom value",
"type": "string"
},
"custom_url_partial_match": {
"description": "True value for this flag will be treated as a partial match for custom url",
"required": false,
"title": "true value would be treated as a partial match for custom url",
"type": "boolean"
},
"datatype": {
"enum": [
"STRING"
],
"required": true,
"title": "Datatype for attribute",
"type": "string"
},
"description": {
"required": false,
"title": "Description for attribute value",
"type": "string"
},
"isALGType": {
"description": "Describes whether the APP_ID value is ALG type or not.",
"required": false,
"title": "Is the value ALG type",
"type": "boolean"
},
"key": {
"description": "Policy Attribute Key",
"enum": [
"APP_ID",
"DOMAIN_NAME",
"URL_CATEGORY",
"URL_REPUTATION",
"CUSTOM_URL"
],
"required": true,
"title": "Key for attribute",
"type": "string"
},
"metadata": {
"description": "This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future",
"items": {
"$ref": "ContextProfileAttributesMetadata
},
"required": false,
"title": "Provide additional meta information about key/values",
"type": "array"
},
"sub_attributes": {
"items": {
"$ref": "PolicySubAttributes
},
"required": false,
"title": "Reference to sub attributes for the attribute",
"type": "array"
},
"value": {
"description": "Multiple attribute values can be specified as elements of array.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Value for attribute key",
"type": "array",
"uniqueItems": true
}
},
"title": "Policy Attributes data holder",
"type": "object"
}
PolicyBasedIPSecVpnSession (type)
{
"additionalProperties": false,
"description": "A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet.",
"extends": {
"$ref": "IPSecVpnSession
},
"id": "PolicyBasedIPSecVpnSession",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyBasedIPSecVpnSession"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"authentication_mode": {
"default": "PSK",
"description": "Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication.",
"enum": [
"PSK",
"CERTIFICATE"
],
"title": "Authentication Mode",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"compliance_suite": {
"description": "Compliance suite.",
"enum": [
"CNSA",
"SUITE_B_GCM_128",
"SUITE_B_GCM_256",
"PRIME",
"FOUNDATION",
"FIPS",
"NONE"
],
"title": "Compliance suite",
"type": "string"
},
"connection_initiation_mode": {
"default": "INITIATOR",
"description": "Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.",
"enum": [
"INITIATOR",
"RESPOND_ONLY",
"ON_DEMAND"
],
"title": "Connection initiation mode",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dpd_profile_path": {
"description": "Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.",
"title": "Dead peer detection (DPD) profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_DPD_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnDpdProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_DPD_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnDpdProfile"
]
}
]
},
"enabled": {
"default": true,
"description": "Enable/Disable IPSec VPN session.",
"title": "Enable/Disable IPSec VPN session",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_profile_path": {
"description": "Policy path referencing IKE profile to be used. Default is set according to system default profile.",
"title": "Internet key exchange (IKE) profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_IKE_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnIkeProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_IKE_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnIkeProfile"
]
}
]
},
"local_endpoint_path": {
"description": "Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.",
"required": false,
"title": "Local endpoint path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_LOCAL_ENDPOINT_RELATIONSHIP",
"rightType": [
"IPSecVpnLocalEndpoint"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_LOCAL_ENDPOINT_RELATIONSHIP",
"rightType": [
"IPSecVpnLocalEndpoint"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"peer_address": {
"$ref": "IPAddress,
"description": "Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.",
"required": false,
"title": "IPV4 or IPV6 address of peer endpoint on remote site"
},
"peer_id": {
"description": "Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.",
"required": false,
"title": "Peer id",
"type": "string"
},
"psk": {
"description": "IPSec Pre-shared key. Maximum length of this field is 128 characters.",
"sensitive": true,
"title": "Pre-shared key",
"type": "secure_string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "IPSecVpnSessionResourceType,
"required": true
},
"rules": {
"items": {
"$ref": "IPSecVpnRule
},
"minItems": 1,
"required": true,
"title": "Rules",
"type": "array"
},
"site_overrides": {
"description": "A collection of site specific attributes specificed only on GM",
"items": {
"$ref": "SiteOverride
},
"maxItems": 128,
"required": false,
"title": "SiteOverride list",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_mss_clamping": {
"$ref": "TcpMaximumSegmentSizeClamping,
"description": "TCP Maximum Segment Size Clamping Direction and Value.",
"title": "TCP MSS Clamping"
},
"tunnel_profile_path": {
"description": "Policy path referencing Tunnel profile to be used. Default is set to system default profile.",
"title": "IPSec tunnel profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_TUNNEL_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnTunnelProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_TUNNEL_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnTunnelProfile"
]
}
]
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy based VPN session",
"type": "object"
}
PolicyBasedL3VpnSession (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "A Policy-based L3Vpn session is a configuration in which a specific vpn tunnel is referenced in a policy whose action is set as tunnel.",
"extends": {
"$ref": "L3VpnSession
},
"id": "PolicyBasedL3VpnSession",
"module_id": "PolicyL3Vpn",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyBasedL3VpnSession"
},
"properties": {
"resource_type": {
"$ref": "L3VpnSessionResourceType,
"required": true
},
"rules": {
"description": "L3Vpn rules that are specific to the L3Vpn. Only L3Vpn rules with PROTECT action are supported.",
"items": {
"$ref": "L3VpnRule
},
"title": "L3Vpn Rules",
"type": "array",
"uniqueItems": true
}
},
"title": "Policy based L3Vpn Session",
"type": "object"
}
PolicyBgpNeighborStatus (type)
{
"id": "PolicyBgpNeighborStatus",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"address_families": {
"description": "Address families of BGP neighbor",
"items": {
"$ref": "BgpAddressFamily
},
"readonly": true,
"required": false,
"title": "Address families of BGP neighbor",
"type": "array"
},
"announced_capabilities": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "BGP capabilities sent to BGP neighbor.",
"type": "array"
},
"connection_drop_count": {
"readonly": true,
"required": false,
"title": "Count of connection drop",
"type": "integer"
},
"connection_state": {
"enum": [
"INVALID",
"IDLE",
"CONNECT",
"ACTIVE",
"OPEN_SENT",
"OPEN_CONFIRM",
"ESTABLISHED",
"UNKNOWN"
],
"readonly": true,
"required": false,
"title": "Current state of the BGP session.",
"type": "string"
},
"edge_path": {
"required": false,
"title": "Transport node policy path",
"type": "string"
},
"established_connection_count": {
"readonly": true,
"required": false,
"title": "Count of connections established",
"type": "integer"
},
"graceful_restart_mode": {
"description": "Current state of graceful restart of BGP neighbor. Possible values are - 1. GR_AND_HELPER - Graceful restart with Helper 2. HELPER_ONLY - Helper only 3. DISABLE - Disabled",
"readonly": true,
"required": false,
"title": "Graceful restart mode",
"type": "string"
},
"hold_time": {
"description": "If a HELLO packet is not seen from BGP Peer withing hold_time then BGP neighbor will be marked as down.",
"readonly": true,
"required": false,
"title": "Time in ms to wait for HELLO from BGP peer.",
"type": "integer"
},
"keep_alive_interval": {
"readonly": true,
"required": false,
"title": "Time in ms to wait for HELLO packet from BGP peer",
"type": "integer"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated, unset if data source has never updated the data.",
"readonly": true,
"title": "Timestamp indicating last update time of data"
},
"local_port": {
"maximum": 65535,
"minimum": 1,
"readonly": true,
"required": false,
"title": "TCP port number of Local BGP connection",
"type": "integer"
},
"messages_received": {
"readonly": true,
"required": false,
"title": "Count of messages received from the neighbor",
"type": "integer"
},
"messages_sent": {
"readonly": true,
"required": false,
"title": "Count of messages sent to the neighbor",
"type": "integer"
},
"negotiated_capability": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "BGP capabilities negotiated with BGP neighbor.",
"type": "array"
},
"neighbor_address": {
"$ref": "IPAddress,
"readonly": true,
"required": false,
"title": "The IP of the BGP neighbor"
},
"neighbor_edge_node": {
"readonly": true,
"required": false,
"title": "Inter-Sr neighbor edge node policy path",
"type": "string"
},
"neighbor_router_id": {
"readonly": true,
"required": false,
"title": "Router ID of the BGP neighbor.",
"type": "string"
},
"remote_as_number": {
"readonly": true,
"required": false,
"title": "AS number of the BGP neighbor",
"type": "string"
},
"remote_port": {
"maximum": 65535,
"minimum": 1,
"readonly": true,
"required": false,
"title": "TCP port number of remote BGP Connection",
"type": "integer"
},
"remote_site": {
"$ref": "ResourceReference,
"description": "Remote site details.",
"readonly": true,
"title": "Remote site"
},
"source_address": {
"$ref": "IPAddress,
"readonly": true,
"required": false,
"title": "The Ip address of logical port"
},
"tier0_path": {
"readonly": true,
"required": true,
"title": "Policy path to Tier0",
"type": "string"
},
"time_since_established": {
"readonly": true,
"required": false,
"title": "Time(in seconds) since connection was established.",
"type": "integer"
},
"total_in_prefix_count": {
"description": "Sum of in prefixes counts across all address families.",
"readonly": true,
"required": false,
"title": "Count of in prefixes",
"type": "integer"
},
"total_out_prefix_count": {
"description": "Sum of out prefixes counts across all address families.",
"readonly": true,
"required": false,
"title": "Count of out prefixes",
"type": "integer"
},
"type": {
"description": "BGP neighbor type",
"enum": [
"INTER_SR",
"USER"
],
"readonly": true,
"title": "BGP neighbor type",
"type": "string"
}
},
"type": "object"
}
PolicyBgpNeighborsStatusListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "PolicyBgpNeighborsStatusListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"additionalProperties": false,
"items": {
"$ref": "PolicyBgpNeighborStatus
},
"readonly": true,
"required": false,
"title": "Status of BGP neighbors of the Tier0",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
PolicyComplianceStatus (type)
{
"id": "PolicyComplianceStatus",
"module_id": "PolicyCompliance",
"properties": {
"last_updated_time": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Timestamp of last update"
},
"non_compliant_configs": {
"items": {
"$ref": "PolicyNonCompliantConfig
},
"readonly": true,
"title": "List of non compliant configuration and impacted services",
"type": "array"
}
},
"type": "object"
}
PolicyConfigResource (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Represents an object on the desired state.",
"extends": {
"$ref": "PolicyResource
},
"id": "PolicyConfigResource",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents an object on the desired state",
"type": "object"
}
PolicyContainerGroupMemberDetails (type)
{
"additionalProperties": false,
"description": "Details of the member belonging to a Group",
"id": "PolicyContainerGroupMemberDetails",
"module_id": "PolicyGroupRealization",
"properties": {
"cluster": {
"items": {
"$ref": "ClusterMemberDetails
},
"required": true,
"type": "array"
}
},
"title": "Group member details",
"type": "object"
}
PolicyContainerGroupMembersListResult (type)
{
"additionalProperties": false,
"description": "Paginated collection of pods belonging to a Group.",
"extends": {
"$ref": "ListResult
},
"id": "PolicyContainerGroupMembersListResult",
"module_id": "PolicyGroupRealization",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyContainerGroupMemberDetails
},
"required": true,
"title": "Paged Collection of pods that belong to the given Group",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Group members list result",
"type": "object"
}
PolicyContextProfile (type)
{
"additionalProperties": false,
"description": "An entity that encapsulates attributes and sub-attributes of various network services (eg. L7 services, domain name, encryption algorithm) The entity will be consumed in firewall rules and can be added in new tuple called profile in firewall rules. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyContextProfile",
"module_id": "PolicyContextProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"attributes": {
"description": "Property containing attributes/sub-attributes for Policy Context Profile.",
"items": {
"$ref": "PolicyAttributes
},
"required": true,
"title": "Array of Policy Context Profile attributes",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy Context Profile entity",
"type": "object"
}
PolicyContextProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyContextProfileListRequestParameters",
"module_id": "PolicyContextProfile",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Context Profile list request parameters",
"type": "object"
}
PolicyContextProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyContextProfileListResult",
"module_id": "PolicyContextProfile",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyContextProfile
},
"readonly": true,
"title": "Paged collection of PolicyContextProfiles",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List result of PolicyContextProfiles",
"type": "object"
}
PolicyCustomAttributes (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyCustomAttributes",
"module_id": "PolicyContextProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"attribute_source": {
"default": "CUSTOM",
"enum": [
"CUSTOM",
"SYSTEM"
],
"required": false,
"title": "Source of attribute value i.e whether system defined or custom value",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"datatype": {
"enum": [
"STRING"
],
"required": true,
"title": "Datatype for attribute",
"type": "string"
},
"description": {
"required": false,
"title": "Description for attribute value",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"key": {
"description": "Policy Custom Attribute Key",
"enum": [
"DOMAIN_NAME",
"CUSTOM_URL"
],
"required": true,
"title": "Key for attribute",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"metadata": {
"description": "This is optional part that can hold additional data about the attribute key/values. Example - For Custom URL key , it specified url type for url value. This is generic array and can hold multiple meta information about key/values in future",
"items": {
"$ref": "ContextProfileAttributesMetadata
},
"required": false,
"title": "Provide additional meta information about key/values",
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sub_attributes": {
"items": {
"$ref": "PolicySubAttributes
},
"required": false,
"title": "Reference to sub attributes for the attribute",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"value": {
"description": "Multiple attribute values can be specified as elements of array.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Value for attribute key",
"type": "array",
"uniqueItems": true
}
},
"title": "Policy Custom Attributes data holder",
"type": "object"
}
PolicyDHGroup (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1024-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group.",
"enum": [
"GROUP2",
"GROUP5",
"GROUP14",
"GROUP15",
"GROUP16"
],
"id": "PolicyDHGroup",
"module_id": "PolicyL3Vpn",
"title": "Diffie-Hellman groups",
"type": "string"
}
PolicyDnsAnswerPerEnforcementPoint (type)
{
"abstract": true,
"description": "DNS forwarder nslookup answer per enforcement point.",
"id": "PolicyDnsAnswerPerEnforcementPoint",
"module_id": "PolicyDnsForwarder",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"enforcement_point_path": {
"description": "Policy path referencing the enforcement point from where the DNS forwarder nslookup answer is fetched.",
"readonly": true,
"title": "Enforcement point path",
"type": "string"
},
"resource_type": {
"description": "Resource type of the DNS forwarder nslookup answer.",
"enum": [
"NsxTDnsAnswer"
],
"required": true,
"title": "Resource type",
"type": "string"
}
},
"title": "NSLookup answer per enforcement point",
"type": "object"
}
PolicyDnsFailedQueries (type)
{
"additionalProperties": false,
"description": "The array of the failed DNS queries with entry count and timestamp on active and standby transport node.",
"id": "PolicyDnsFailedQueries",
"module_id": "PolicyDnsForwarder",
"properties": {
"per_node_failed_queries": {
"description": "The array of failed DNS queries on active and standby transport node. If there is no standby node, the failed queries on standby node will not be present.",
"items": {
"$ref": "PolicyPerNodeDnsFailedQueries
},
"readonly": true,
"required": false,
"title": "The array of failed DNS queries on active and standby transport node",
"type": "array"
},
"timestamp": {
"description": "Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.",
"readonly": true,
"required": true,
"title": "Timestamp of the request",
"type": "string"
}
},
"title": "The array of failed DNS queries for active and standby transport node",
"type": "object"
}
PolicyDnsFailedQueryRequestParameters (type)
{
"additionalProperties": false,
"id": "PolicyDnsFailedQueryRequestParameters",
"module_id": "PolicyDnsForwarder",
"properties": {
"count": {
"default": 100,
"description": "How many failed DNS queries should be returned.",
"maximum": 1000,
"minimum": 1,
"required": false,
"title": "The count of the failed DNS queries",
"type": "integer"
},
"enforcement_point_path": {
"default": "/infra/sites/default/enforcement-points/default",
"description": "An enforcement point path, on which the action is to be performed. If not specified, default enforcement point path, /infra/sites/default/enforcement-points/default will be considered.",
"required": false,
"title": "An enforcement point path, on which the action is to be performed",
"type": "string"
}
},
"title": "Dns failed query request parameter",
"type": "object"
}
PolicyDnsForwarder (type)
{
"additionalProperties": false,
"description": "Used to configure DNS Forwarder",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyDnsForwarder",
"module_id": "PolicyDnsForwarder",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"cache_size": {
"default": 1024,
"description": "Cache size in KB.",
"maximum": 16777216,
"minimum": 0,
"title": "Cache size in KB",
"type": "int"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"conditional_forwarder_zone_paths": {
"description": "Max of 5 DNS servers can be configured",
"items": {
"type": "string"
},
"maxItems": 5,
"required": false,
"title": "Path of conditional DNS zones",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyDnsForwarder"
],
"relationshipType": "CONDITIONAL_DNS_FORWARDER_ZONE_RELATIONSHIP",
"rightType": [
"PolicyDnsForwarderZone"
]
}
]
},
"default_forwarder_zone_path": {
"description": "This is the zone to which DNS requests are forwarded by default",
"required": true,
"title": "Path of the default DNS zone.",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyDnsForwarder"
],
"relationshipType": "DEFAULT_DNS_FORWARDER_ZONE_RELATIONSHIP",
"rightType": [
"PolicyDnsForwarderZone"
]
}
]
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "The flag, which suggests whether the DNS forwarder is enabled or disabled. The default is True.",
"title": "DNS forwarder enabled flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"listener_ip": {
"$ref": "IPv4Address,
"description": "This is the IP on which the DNS Forwarder listens.",
"required": true,
"title": "IP on which the DNS Forwarder listens."
},
"log_level": {
"default": "INFO",
"description": "Set log_level to DISABLED will stop dumping fowarder log.",
"enum": [
"DEBUG",
"INFO",
"WARNING",
"ERROR",
"FATAL"
],
"required": false,
"title": "Log level of the dns forwarder",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "DNS Forwarder",
"type": "object"
}
PolicyDnsForwarderZone (type)
{
"additionalProperties": false,
"description": "Used to configure zones on DNS Forwarder",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyDnsForwarderZone",
"module_id": "PolicyDnsForwarder",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dns_domain_names": {
"description": "List of domain names on which conditional forwarding is based. This field is required if the DNS Zone is being used for a conditional forwarder. This field will also be used for conditional reverse lookup. Example 1, if for one of the zones, one of the entries in the fqdn is example.com, all the DNS requests under the domain example.com will be served by the corresponding upstream DNS server. Example 2, if for one of the zones, one of the entries in the fqdn list is \"13.12.30.in-addr.arpa\", reverse lookup for 30.12.13.0/24 will go to the corresponding DNS server.",
"items": {
"type": "string"
},
"required": false,
"title": "List of domain names",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"source_ip": {
"$ref": "IPv4Address,
"description": "The source IP used by the DNS Forwarder zone.",
"required": false,
"title": "Source IP used by DNS Forwarder zone"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"upstream_servers": {
"description": "Max of 3 DNS servers can be configured",
"items": {
"$ref": "IPv4Address
},
"maxItems": 3,
"required": true,
"title": "DNS servers to which the DNS request needs to be forwarded",
"type": "array"
}
},
"title": "DNS Forwarder Zone",
"type": "object"
}
PolicyDnsForwarderZoneListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyDnsForwarderZoneListRequestParameters",
"module_id": "PolicyDnsForwarder",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "DNS Forwarder Zone list request parameters",
"type": "object"
}
PolicyDnsForwarderZoneListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyDnsForwarderZoneListResult",
"module_id": "PolicyDnsForwarder",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyDnsForwarderZone
},
"required": true,
"title": "Dns Forwarder Zone list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of DNS Forwarder Zones",
"type": "object"
}
PolicyDraft (type)
{
"additionalProperties": false,
"description": "A draft which stores the system generated as well as user intended changes in a hierarchical body format.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyDraft",
"module_id": "PolicyDraft",
"policy_hierarchical_children": [
"ChildInfra"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_auto_draft": {
"default": false,
"description": "Flag to indicate whether draft is auto created. True indicates that the draft is an auto draft. False indicates that the draft is a manual draft.",
"readonly": true,
"title": "Auto draft flag",
"type": "boolean"
},
"lock_comments": {
"description": "Comments for a policy draft lock/unlock.",
"readonly": false,
"required": false,
"title": "Policy draft lock/unlock comments",
"type": "string"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for a policy draft.",
"readonly": true,
"required": false,
"title": "User who locked a policy draft",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "Policy draft locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "Policy draft locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a draft should be locked. If the draft is locked by an user, then no other user would be able to modify or publish this draft. Once the user releases the lock, other users can then modify or publish this draft.",
"required": false,
"title": "Lock a policy draft",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"ref_draft_path": {
"description": "When specified, a manual draft will be created w.r.t. the specified draft. If not specified, manual draft will be created w.r.t. the current published configuration. For an auto draft, this will always be null.",
"title": "Path of an existing draft for reference",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"system_area": {
"$ref": "Infra,
"description": "Configuration changes against the current configuration, tracked by the system. The value is stored in a hierarchical body format.",
"readonly": true,
"title": "Configuration changes tracked by the system"
},
"system_area_store_id": {
"description": "In case of a large draft, wherein the size of system_area is so big that it can not be stored into one draft object, the data is then gets stored into multiple chunks in a draft data store. This value represents the ID of that data store.",
"readonly": true,
"title": "ID of the data store where system_area has stored",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"user_area": {
"$ref": "Infra,
"description": "These are user defined configuration changes, which are applicable only in case of manual drafts. During the publish of a draft, system_area changes gets applied first, and then these changes. The value must be in a hierarchical body format.",
"title": "User defined configuration changes"
},
"user_area_store_id": {
"description": "In case of a large draft, wherein the size of user_area is so big that it can not be stored into one draft object, the data is then gets stored into multiple chunks in a draft data store. This value represents the ID of that data store.",
"readonly": true,
"title": "ID of the data store where user_area has stored",
"type": "string"
}
},
"title": "Policy draft",
"type": "object"
}
PolicyDraftListRequestParameters (type)
{
"additionalProperties": false,
"description": "Request parameters to be passed while listing policy drafts.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyDraftListRequestParameters",
"module_id": "PolicyDraft",
"properties": {
"auto_drafts": {
"description": "If set to true, then only auto drafts will be get fetched. If set to false, then only manual drafts will be get fetched. If not set, then all drafts will be get fetched.",
"title": "Fetch list of draft based on is_auto_draft flag",
"type": "boolean"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy draft list request parameters",
"type": "object"
}
PolicyDraftListResult (type)
{
"additionalProperties": false,
"description": "This holds the list of policy drafts.",
"extends": {
"$ref": "ListResult
},
"id": "PolicyDraftListResult",
"module_id": "PolicyDraft",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Paginated list of policy drafts.",
"items": {
"$ref": "PolicyDraft
},
"readonly": true,
"title": "Policy drafts list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of policy drafts",
"type": "object"
}
PolicyDraftModifications (type)
{
"description": "Counts of modified, deleted and created security policies/rules derived from aggregated configuration",
"id": "PolicyDraftModifications",
"module_id": "PolicyDraft",
"properties": {
"created": {
"readonly": true,
"title": "Count of total created security policies/rules",
"type": "integer"
},
"deleted": {
"readonly": true,
"title": "Count of total deleted security policies/rules",
"type": "integer"
},
"modified": {
"readonly": true,
"title": "Count of total modified security policies/rules",
"type": "integer"
},
"modified_security_policies": {
"description": "Paginated list of policy drafts.",
"items": {
"type": "string"
},
"readonly": true,
"title": "Array of modified security policies paths.",
"type": "array"
}
},
"title": "Policy draft modifications",
"type": "object"
}
PolicyDraftPaginatedAggregatedConfigurationRequestParameters (type)
{
"additionalProperties": false,
"description": "Parameters to get the paginated aggregated configuration for a draft.",
"extends": {
"$ref": "NoRestRequestParameters
},
"id": "PolicyDraftPaginatedAggregatedConfigurationRequestParameters",
"module_id": "PolicyDraft",
"properties": {
"request_id": {
"description": "If the initial call to get paginated aggregated configuration for a draft, returns a paginated response, then the response will contain a request_id. This identifier needs to be passed with subsequent API calls to get detailed aggregated configuration for the draft.",
"required": false,
"title": "Request identifier to track subsequent API calls",
"type": "string"
},
"root_path": {
"description": "Policy path of the security policy. If specified with the subsequent API calls after initial call to get paginated aggregated configuration for a draft, the response will return the subtree of this security policy having all its children. If not specified, then the subsequent API calls will return all the security policies without their children, from pre-calculated aggregated configuration of a draft. This is not required for an initial call to get paginated aggregated configuration for a draft.",
"required": false,
"title": "Path of the root object of subtree",
"type": "string"
}
},
"title": "Parameters to get the paginated aggregated configuration for a draft",
"type": "object"
}
PolicyDraftPaginatedAggregatedConfigurationResult (type)
{
"additionalProperties": false,
"description": "Paginated result of aggregated configuration of a policy draft",
"id": "PolicyDraftPaginatedAggregatedConfigurationResult",
"module_id": "PolicyDraft",
"properties": {
"modifications": {
"$ref": "PolicyDraftModifications,
"description": "Total count of modified, deleted and created security policies/rules. List of modified security policies to be exposed to UI",
"title": "Total modification in aggregated configuration of a draft"
},
"request_id": {
"description": "Request identifier to keep track of calculated aggregated configuration a draft during subsequent API calls after initial API call. This identifier can be use to fetch the detailed aggregated configuration at security policy level. Absence of request_id suggests that whole aggregated configuration has been returned as a response to initial API call, as the size of aggregated configuration is not big enough to need pagination.",
"readonly": true,
"title": "Request identifier to keep track of result",
"type": "string"
},
"result": {
"$ref": "Infra,
"description": "Paginated aggregated configuration of a given draft. For an initial API call, if request_id is present in response, then this is a paginated aggregated configuration of a given draft. To get more granular aggregated configuration, request_id need to be passed to subsequent API calls. Absence of request_id suggests that whole aggregated configuration has been returned as a response to initial API call, as the size of aggregated configuration is not big enough to need pagination.",
"readonly": true,
"title": "Aggregated configuration of a draft"
}
},
"title": "Paginated result of aggregated configuration of a policy draft",
"type": "object"
}
PolicyEdgeCluster (type)
{
"additionalProperties": false,
"description": "Edge Cluster.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyEdgeCluster",
"module_id": "PolicyEnforcementPointManagement",
"policy_hierarchical_children": [
"ChildPolicyEdgeNode"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"inter_site_forwarding_enabled": {
"description": "Flag to indicate status of inter site l2 and l3 forwarding in federation.",
"readonly": true,
"title": "Inter site forwarding is enabled if true",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"member_node_type": {
"$ref": "EdgeClusterNodeType,
"description": "Edge cluster is homogenous collection of transport nodes. Hence all transport nodes of the cluster must be of same type. This readonly field shows the type of transport nodes.",
"readonly": true,
"required": false,
"title": "Node type of the cluster members"
},
"nsx_id": {
"description": "UUID of Edge Cluster on NSX-T enforcement point.",
"readonly": true,
"title": "Edge Cluster UUID on NSX-T Enforcement Point",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rtep_ips": {
"description": "List of remote tunnel endpoint ipaddress configured on edge cluster.",
"items": {
"$ref": "IPAddress
},
"readonly": true,
"title": "Remote tunnel endpoint IP addresses.",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_exclude": true,
"title": "Edge Cluster",
"type": "object"
}
PolicyEdgeClusterInterSiteBgpSummary (type)
{
"extends": {
"$ref": "ListResult
},
"id": "PolicyEdgeClusterInterSiteBgpSummary",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_cluster_path": {
"description": "Edge cluster path whose status is being reported.",
"readonly": true,
"required": true,
"title": "Edge node path",
"type": "string"
},
"edge_nodes": {
"description": "Status of all edge nodes within cluster.",
"items": {
"$ref": "PolicyEdgeNodeInterSiteBgpSummary
},
"readonly": true,
"title": "Individual edge nodes status",
"type": "array"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
PolicyEdgeClusterInterSiteStatus (type)
{
"additionalProperties": false,
"id": "PolicyEdgeClusterInterSiteStatus",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"edge_cluster_name": {
"description": "Name of the edge cluster whose status is being reported.",
"readonly": true,
"title": "Edge cluster name",
"type": "string"
},
"edge_cluster_path": {
"description": "Policy path of the edge cluster whose status is being reported.",
"readonly": true,
"required": true,
"title": "Edge cluster path",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the edge cluster inter-site status was last updated.",
"readonly": true,
"required": true,
"title": "Last updated timestamp"
},
"member_status": {
"description": "Per edge node inter-site status.",
"items": {
"$ref": "PolicyEdgeClusterMemberInterSiteStatus
},
"readonly": true,
"title": "Per edge node inter-site status",
"type": "array"
},
"overall_status": {
"description": "Overall status of all edge nodes IBGP status in the edge cluster.",
"enum": [
"UP",
"DOWN",
"DEGRADED",
"UNKNOWN"
],
"readonly": true,
"title": "Overall IBGP status in the edge cluster",
"type": "string"
}
},
"type": "object"
}
PolicyEdgeClusterListRequestParameters (type)
{
"additionalProperties": false,
"description": "Policy Edge Cluster list request parameters.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyEdgeClusterListRequestParameters",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Edge Cluster List Request Parameters",
"type": "object"
}
PolicyEdgeClusterListResult (type)
{
"additionalProperties": false,
"description": "Paged Collection of Edge Cluster",
"extends": {
"$ref": "ListResult
},
"id": "PolicyEdgeClusterListResult",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Edge Cluster list result.",
"items": {
"$ref": "PolicyEdgeCluster
},
"required": true,
"title": "Edge Cluster List Result",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Edge Cluster",
"type": "object"
}
PolicyEdgeClusterMemberInterSiteStatus (type)
{
"additionalProperties": false,
"id": "PolicyEdgeClusterMemberInterSiteStatus",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"edge_node_path": {
"$ref": "ResourceReference,
"description": "Edge node details from where the status is being retrived.",
"readonly": true,
"required": true,
"title": "Edge node path"
},
"established_bgp_sessions": {
"description": "Total number of current established inter-site IBGP sessions.",
"readonly": true,
"title": "Established inter-site IBGP sessions",
"type": "integer"
},
"neighbor_status": {
"description": "Inter-site BGP neighbor status.",
"items": {
"$ref": "PolicyBgpNeighborStatus
},
"readonly": true,
"title": "BGP neighbor status",
"type": "array"
},
"status": {
"description": "Edge node IBGP status",
"enum": [
"UP",
"DOWN",
"DEGRADED",
"UNKNOWN"
],
"readonly": true,
"title": "Edge node IBGP status",
"type": "string"
},
"total_bgp_sessions": {
"description": "Total number of inter-site IBGP sessions.",
"readonly": true,
"title": "Total inter-site IBGP sessions",
"type": "integer"
}
},
"type": "object"
}
PolicyEdgeNode (type)
{
"additionalProperties": false,
"description": "This object serves as a representation of the edge cluster index to which the edge node connects. It should not be mistaken for the edge / transport node itself. Consuming services can refer to the nsx_id property to fetch the UUID of the edge / transport node that is attached to this index.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyEdgeNode",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"member_index": {
"description": "The numerical value of the member index in the edge cluster that this object represents and to which the edge node connects.",
"readonly": true,
"title": "Member Index",
"type": "integer"
},
"nsx_id": {
"description": "UUID of edge node on NSX-T enforcement point.",
"readonly": true,
"title": "Edge Node UUID on NSX-T Enforcement Point",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_exclude": true,
"title": "Policy Edge Node",
"type": "object"
}
PolicyEdgeNodeInterSiteBgpSummary (type)
{
"id": "PolicyEdgeNodeInterSiteBgpSummary",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"edge_node_path": {
"description": "Edge node path whose status is being reported.",
"readonly": true,
"required": true,
"title": "Edge node path",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the inter-site IBGP neighbors status was last updated.",
"readonly": true,
"required": true,
"title": "Last updated timestamp"
},
"neighbor_status": {
"description": "Status of all inter-site IBGP neighbors.",
"items": {
"$ref": "PolicyBgpNeighborStatus
},
"readonly": true,
"title": "Inter-site IBGP neighbors status",
"type": "array"
}
},
"type": "object"
}
PolicyEdgeNodeListRequestParameters (type)
{
"additionalProperties": false,
"description": "Edge Node list request parameters.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyEdgeNodeListRequestParameters",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Edge Node List Request Parameters",
"type": "object"
}
PolicyEdgeNodeListResult (type)
{
"additionalProperties": false,
"description": "Paged Collection of Edge Node",
"extends": {
"$ref": "ListResult
},
"id": "PolicyEdgeNodeListResult",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Edge Node list result.",
"items": {
"$ref": "PolicyEdgeNode
},
"required": true,
"title": "Edge Node List Result",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Edge Node",
"type": "object"
}
PolicyExcludeList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyExcludeList",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"members": {
"description": "List of the members in the exclude list",
"items": {
"type": "string"
},
"maxItems": 100,
"required": true,
"title": "ExcludeList member list",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyExcludeList"
],
"relationshipType": "FIREWALL_EXCLUDE_LIST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
PolicyExcludeListFilterRequestParams (type)
{
"additionalProperties": false,
"description": "Parameters for filtering the exclude list.",
"id": "PolicyExcludeListFilterRequestParams",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"deep_check": {
"default": false,
"description": "Deep check all parents of requested intent object, if any of them is in exclude list. If found, makes requested object as excluded.",
"required": false,
"title": "Check all parents",
"type": "boolean"
},
"enforcement_point_path": {
"description": "Path of the enforcement point from where the result need to be fetched. If not provided, available enforcement point will be considered.",
"required": false,
"title": "Path of the enforcement point",
"type": "string"
},
"intent_path": {
"description": "Path of the intent object to be searched in the exclude list.",
"required": true,
"title": "Path of the intent object to be searched in the exclude list",
"type": "string"
}
},
"title": "Parameters for filtering the exclude list",
"type": "object"
}
PolicyFineTuningResourceInfo (type)
{
"additionalProperties": false,
"description": "It represent the resource with details of name and fields it owns.",
"id": "PolicyFineTuningResourceInfo",
"module_id": "PolicyFineTuning",
"properties": {
"fields": {
"items": {
"$ref": "PolicyFineTuningResourceInfoDetail
},
"required": true,
"title": "List of all field of any resource",
"type": "array"
},
"resource_name": {
"description": "It will represent resource with name and fields.",
"required": true,
"title": "Resource name",
"type": "string"
}
},
"title": "Contains the detail of resources with name and fields",
"type": "object"
}
PolicyFineTuningResourceInfoDetail (type)
{
"additionalProperties": false,
"description": "Contains the details of resource field",
"id": "PolicyFineTuningResourceInfoDetail",
"module_id": "PolicyFineTuning",
"properties": {
"field_name": {
"description": "It will represent resource with name and fields.",
"required": true,
"title": "Resource name",
"type": "string"
},
"sub_type": {
"$ref": "PolicyFineTuningResourceInfo,
"required": true,
"title": "List of all field of any resource"
}
},
"title": "Contains the details resources with field type and name",
"type": "object"
}
PolicyFirewallCPUMemThresholdsProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between CPU Memory Thresholds Profile and Transport Node. Using this entity, user can specify intent for applying Firewall CPU Memory Thresholds Profile to particular transport nodes.",
"extends": {
"$ref": "ProfileBindingMap
},
"id": "PolicyFirewallCPUMemThresholdsProfileBindingMap",
"module_id": "PolicyFirewallCPUMemThresholdsProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_to": {
"description": "The list of targets where the profile is intended to get applied. Valid targets are group paths.",
"items": {
"type": "string"
},
"required": false,
"title": "The list of targets where the profile is intended to get applied.",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"FirewallCPUMemoryThresholdsProfileBindingMap"
],
"relationshipType": "FW_CPU_MEM_THRESHOLD_BINDING_MAP_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profile_path": {
"description": "PolicyPath of associated Profile",
"required": true,
"title": "Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupDiscoveryProfileBindingMap"
],
"relationshipType": "GROUP_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
},
{
"leftType": [
"PolicyFirewallFloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"FloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"PolicyFirewallCPUMemThresholdsProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FirewallCPUMemoryThresholdsProfile"
]
},
{
"leftType": [
"SessionTimerProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
},
{
"leftType": [
"DnsSecurityProfileBindingMap"
],
"relationshipType": "DNS_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"DnsSecurityProfile"
]
},
{
"leftType": [
"GeneralSecurityProfileBindingMap"
],
"relationshipType": "GATEWAY_GENERAL_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"GeneralSecurityProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"description": "Sequence number is used to resolve conflicts when two profiles get applied to a single node. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number.",
"maximum": 4294967295,
"minimum": 0,
"required": true,
"title": "Sequence number of this profile binding map",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_nodes": {
"description": "References of transport nodes on which the profile intended to be applied.",
"items": {
"$ref": "PolicyResourceReference
},
"title": "References of transport nodes",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy DFW CPU Memory Thresholds Profile binding map",
"type": "object"
}
PolicyFirewallCPUMemThresholdsProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyFirewallCPUMemThresholdsProfileBindingMapListRequestParameters",
"module_id": "PolicyFirewallCPUMemThresholdsProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Firewall CPU Memory Thresholds Profile Binding Map list request parameters",
"type": "object"
}
PolicyFirewallCPUMemThresholdsProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyFirewallCPUMemThresholdsProfileBindingMapListResult",
"module_id": "PolicyFirewallCPUMemThresholdsProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyFirewallCPUMemThresholdsProfileBindingMap
},
"required": true,
"title": "Firewall CPU Memory Thresholds Profile Binding Map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Firewall CPU Memory Thresholds Profile Binding Maps",
"type": "object"
}
PolicyFirewallCpuMemThresholdsProfile (type)
{
"additionalProperties": false,
"description": "A profile holding CPU and memory thresholds configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyFirewallCpuMemThresholdsProfile",
"module_id": "PolicyProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"cpu_threshold_percentage": {
"default": 90,
"description": "CPU utilization thresholds percentage to monitor and report for distributed firewall.",
"maximum": 100,
"minimum": 10,
"required": true,
"title": "CPU utilization thresholds percentage",
"type": "integer"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mem_threshold_percentage": {
"default": 90,
"description": "Heap memory thresholds percentage to monitor and report for distributed firewall.",
"maximum": 100,
"minimum": 10,
"required": true,
"title": "Heap memory thresholds utilization percentage",
"type": "integer"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Firewall CPU and memory thresholds profile",
"type": "object"
}
PolicyFirewallCpuMemThresholdsProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyFirewallCpuMemThresholdsProfileListResult",
"module_id": "PolicyProfile",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyFirewallCpuMemThresholdsProfile
},
"required": true,
"title": "PolicyFirewallCpuMemThresholdsProfile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of PolicyFirewallCpuMemThresholdsProfile",
"type": "object"
}
PolicyFirewallFloodProtectionProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between Firewall Flood Protection profile and Group. Using this entity, user can specify intent for applying Firewall Flood Protection profile to particular Group.",
"extends": {
"$ref": "ProfileBindingMap
},
"id": "PolicyFirewallFloodProtectionProfileBindingMap",
"module_id": "PolicyFirewallFloodProtectionProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profile_path": {
"description": "PolicyPath of associated Profile",
"required": true,
"title": "Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupDiscoveryProfileBindingMap"
],
"relationshipType": "GROUP_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
},
{
"leftType": [
"PolicyFirewallFloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"FloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"PolicyFirewallCPUMemThresholdsProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FirewallCPUMemoryThresholdsProfile"
]
},
{
"leftType": [
"SessionTimerProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
},
{
"leftType": [
"DnsSecurityProfileBindingMap"
],
"relationshipType": "DNS_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"DnsSecurityProfile"
]
},
{
"leftType": [
"GeneralSecurityProfileBindingMap"
],
"relationshipType": "GATEWAY_GENERAL_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"GeneralSecurityProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"description": "Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number.",
"required": true,
"title": "Sequence number of this profile binding map.",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy DFW Flood Protection Profile binding map",
"type": "object"
}
PolicyFirewallFloodProtectionProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyFirewallFloodProtectionProfileBindingMapListRequestParameters",
"module_id": "PolicyFirewallFloodProtectionProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Firewall Flood Protection Profile Binding Map list request parameters",
"type": "object"
}
PolicyFirewallFloodProtectionProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyFirewallFloodProtectionProfileBindingMapListResult",
"module_id": "PolicyFirewallFloodProtectionProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyFirewallFloodProtectionProfileBindingMap
},
"required": true,
"title": "Firewall Flood Protection Profile Binding Map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Firewall Flood Protection Profile Binding Maps",
"type": "object"
}
PolicyFirewallIpReputationConfig (type)
{
"additionalProperties": false,
"description": "The type used to activate/deactivate IP reputation feed download.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyFirewallIpReputationConfig",
"module_id": "PolicyFirewallIpReputation",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"download_frequency_in_mins": {
"description": "The frequency at which IP Reputation feed will be downloaded. This is a readonly field showing the current time interval in minutes. The current value is set 720 mins (12 hrs).",
"readonly": true,
"title": "IP Reputation feed update frequency",
"type": "int"
},
"download_status": {
"description": "Indicates the download status of IP reputation feed.",
"enum": [
"IN_PROGRESS",
"COMPLETE",
"FAILED"
],
"readonly": true,
"title": "Feed download status",
"type": "string"
},
"enable_auto_download": {
"description": "Property which indicates whether auto-download of IP Reputation feed is activated or deactivated.",
"required": true,
"title": "IP reputation feed auto-download flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"last_feed_download": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of the most recent successful feed download.",
"readonly": true,
"title": "Feed download time"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IP Reputation entity",
"type": "object"
}
PolicyFirewallScheduler (type)
{
"additionalProperties": false,
"description": "An entity that encapsulates attributes to schedule firewall rules to be active to allow or block traffic for a specific period of time. Note that at least one property out of \"days\", \"start_time\", \"end_time\", \"start_date\", \"end_date\" is required.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyFirewallScheduler",
"module_id": "PolicyFirewallScheduler",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"days": {
"description": "Days of week on which rules will be enforced. If property is omitted, then days of the week will not considered while calculating the firewall schedule. It should not be present when the recurring flag is false.",
"items": {
"$ref": "PolicyFirewallSchedulerDays
},
"required": false,
"title": "Days of the week",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"end_date": {
"description": "End date on which schedule to end. Example, 12/22/2019.",
"required": true,
"title": "End date in MM/DD/YYYY",
"type": "string"
},
"end_time": {
"description": "If recurring field is set false, then this field must be present. The schedule will be enforced till the end time of the specified end date. If recurring field is set true, then this field should not be present.",
"required": false,
"title": "End time",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"recurring": {
"default": true,
"description": "Flag to indicate whether firewall schedule recurs or not. The default value is true and it should be set to false when the firewall schedule does not recur and is a one time time interval.",
"required": true,
"title": "Firewall schedule recurring flag",
"type": "boolean"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"start_date": {
"description": "Start date on which schedule to start. Example, 02/22/2019.",
"required": true,
"title": "Start date in MM/DD/YYYY",
"type": "string"
},
"start_time": {
"description": "Time in 24 hour and minutes in multiple of 30. Example, 9:00. If recurring field is set false, then this field must be present. The schedule will start getting enforced from the start time of the specified start date. If recurring field is set true, then this field should not be present.",
"required": false,
"title": "Start time",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"time_interval": {
"description": "The recurring time interval in a day during which the schedule will be applicable. It should not be present when the recurring flag is false.",
"items": {
"$ref": "PolicyTimeIntervalValue
},
"maxItems": 1,
"required": false,
"title": "Recurring time interval",
"type": "array"
},
"timezone": {
"description": "Host Timezone to be used to enforce firewall rules.",
"enum": [
"UTC",
"LOCAL"
],
"required": true,
"title": "Host timezone",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy Firewall Scheduler entity",
"type": "object"
}
PolicyFirewallSchedulerDays (type)
{
"additionalProperties": false,
"enum": [
"SUNDAY",
"MONDAY",
"TUESDAY",
"WEDNESDAY",
"THURSDAY",
"FRIDAY",
"SATURDAY"
],
"id": "PolicyFirewallSchedulerDays",
"module_id": "PolicyFirewallScheduler",
"title": "Day on which scheduled firewall rule will be enforced",
"type": "string"
}
PolicyFirewallSchedulerDeleteRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "DeleteRequestParameters
},
"id": "PolicyFirewallSchedulerDeleteRequestParameters",
"module_id": "PolicyFirewallScheduler",
"properties": {
"force": {
"default": false,
"description": "If true, deleting the resource succeeds even if it is being referred as a resource reference.",
"title": "Force delete the resource even if it is being used somewhere\n",
"type": "boolean"
}
},
"title": "Policy Firewall Scheduler delete request parameters",
"type": "object"
}
PolicyFirewallSchedulerListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyFirewallSchedulerListRequestParameters",
"module_id": "PolicyFirewallScheduler",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Firewall Scheduler list request parameters",
"type": "object"
}
PolicyFirewallSchedulerListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyFirewallSchedulerListResult",
"module_id": "PolicyFirewallScheduler",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyFirewallScheduler
},
"readonly": true,
"title": "Paged collection of PolicyFirewallSchedulers",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List result of PolicyFirewallSchedulers",
"type": "object"
}
PolicyFirewallSessionTimerProfile (type)
{
"description": "A profile holding TCP, UDP and ICMP session timeout configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyFirewallSessionTimerProfile",
"module_id": "PolicyFirewallSessionTimerProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"icmp_error_reply": {
"default": 10,
"description": "The timeout value for the connection after an ICMP error came back in response to an ICMP packet. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Timeout after ICMP error",
"type": "integer"
},
"icmp_first_packet": {
"default": 20,
"description": "The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new ICMP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "First packet connection timeout",
"type": "integer"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_closed": {
"default": 20,
"description": "The timeout value of connection in seconds after one endpoint sends an RST. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Timeout after RST",
"type": "integer"
},
"tcp_closing": {
"default": 120,
"description": "The timeout value of connection in seconds after the first FIN has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Timeout after first TN",
"type": "integer"
},
"tcp_established": {
"default": 43200,
"description": "The timeout value of connection in seconds once the connection has become fully established. The default value for Edges (i.e, Gateway,or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 120,
"readonly": false,
"required": true,
"title": "Connection timeout",
"type": "integer"
},
"tcp_finwait": {
"default": 45,
"description": "The timeout value of connection in seconds after both FINs have been exchanged and connection is closed. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Timeout after FINs exchanged",
"type": "integer"
},
"tcp_first_packet": {
"default": 120,
"description": "The timeout value of connection in seconds after the first packet has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Connection timout after first packet",
"type": "integer"
},
"tcp_opening": {
"default": 30,
"description": "The timeout value of connection in seconds after a second packet has been transferred. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Connection timout after second packet",
"type": "integer"
},
"udp_first_packet": {
"default": 60,
"description": "The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new UDP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Connection timout after first packet",
"type": "integer"
},
"udp_multiple": {
"default": 60,
"description": "The timeout value of connection in seconds if both hosts have sent packets. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Timeout after hosts sent packet",
"type": "integer"
},
"udp_single": {
"default": 30,
"description": "The timeout value of connection in seconds if the source host sends more than one packet but the destination host has never sent one back. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.",
"maximum": 4320000,
"minimum": 10,
"readonly": false,
"required": true,
"title": "Connection timeout for destination",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy Firewall Session timeout profile",
"type": "object"
}
PolicyFirewallSessionTimerProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between Firewall Timer session profile and Group. Using this entity, user can specify intent for applying Firewall Timer session profile to particular Group.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyFirewallSessionTimerProfileBindingMap",
"module_id": "PolicyFirewallSessionTimerProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"firewall_session_timer_profile_path": {
"description": "PolicyPath of associated Firewall Timer Session Profile",
"required": true,
"title": "Firewall Session Timer Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyFirewallSessionTimerProfileBindingMap"
],
"relationshipType": "DFW_SESSION_TIMER_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
}
]
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"description": "Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number.",
"required": false,
"title": "Sequence number of this profile binding map.",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy DFW Timer Session Profile binding map",
"type": "object"
}
PolicyFirewallSessionTimerProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyFirewallSessionTimerProfileBindingMapListRequestParameters",
"module_id": "PolicyFirewallSessionTimerProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Firewall Session Timer Profile Binding Map list request parameters",
"type": "object"
}
PolicyFirewallSessionTimerProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyFirewallSessionTimerProfileBindingMapListResult",
"module_id": "PolicyFirewallSessionTimerProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyFirewallSessionTimerProfileBindingMap
},
"required": true,
"title": "Firewall Session Timer Profile Binding Map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Firewall Session Timer Profile Binding Maps",
"type": "object"
}
PolicyFirewallSessionTimerProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyFirewallSessionTimerProfileListRequestParameters",
"module_id": "PolicyFirewallSessionTimerProfile",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Firewall Session timeout profile list request parameters",
"type": "object"
}
PolicyFirewallSessionTimerProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyFirewallSessionTimerProfileListResult",
"module_id": "PolicyFirewallSessionTimerProfile",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyFirewallSessionTimerProfile
},
"required": true,
"title": "Policy Firewall Session timeout profile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Policy Firewall Session timeout profiles",
"type": "object"
}
PolicyGroupIPMembersListResult (type)
{
"additionalProperties": false,
"description": "Paginated collection of IP members belonging to a Group.",
"extends": {
"$ref": "ListResult
},
"id": "PolicyGroupIPMembersListResult",
"module_id": "PolicyGroupRealization",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "IPElement
},
"required": true,
"title": "Paged Collection of IP addresses that belong to the given Group",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Group IP members list result",
"type": "object"
}
PolicyGroupMemberDetails (type)
{
"additionalProperties": false,
"description": "Details of the member belonging to a Group",
"id": "PolicyGroupMemberDetails",
"module_id": "PolicyGroupRealization",
"properties": {
"display_name": {
"readonly": true,
"required": true,
"title": "The display name of the member on the enforcement point",
"type": "string"
},
"id": {
"readonly": true,
"required": true,
"title": "The ID of the member on the enforcement point",
"type": "string"
},
"path": {
"readonly": true,
"required": true,
"title": "The path of the member, if relevant",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
}
},
"title": "Group member details",
"type": "object"
}
PolicyGroupMembersListResult (type)
{
"additionalProperties": false,
"description": "Paginated collection of members belonging to a Group.",
"extends": {
"$ref": "ListResult
},
"id": "PolicyGroupMembersListResult",
"module_id": "PolicyGroupRealization",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyGroupMemberDetails
},
"required": true,
"title": "Paged Collection of members that belong to the given Group",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Group members list result",
"type": "object"
}
PolicyGroupServiceAssociationsRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "RealizationListRequestParameters
},
"id": "PolicyGroupServiceAssociationsRequestParameters",
"module_id": "PolicyGroupRealization",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"intent_path": {
"description": "Path of the entity for which associated services are to be fetched.",
"required": true,
"title": "Path of the entity",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"service_type": {
"enum": [
"firewall",
"ipfix"
],
"required": false,
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Associations list request parameters",
"type": "object"
}
PolicyIKEDigestAlgorithm (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.",
"enum": [
"SHA1",
"SHA2_256",
"SHA2_384",
"SHA2_512"
],
"id": "PolicyIKEDigestAlgorithm",
"module_id": "PolicyL3Vpn",
"title": "Digest Algorithms used in IKE negotiations",
"type": "string"
}
PolicyIKEEncryptionAlgorithm (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GMAC_128 uses 128-bit keys. AES_GMAC_192 uses 192-bit keys. AES_GMAC_256 uses 256-bit keys.",
"enum": [
"AES_128",
"AES_256",
"AES_GCM_128",
"AES_GCM_192",
"AES_GCM_256"
],
"id": "PolicyIKEEncryptionAlgorithm",
"module_id": "PolicyL3Vpn",
"title": "Encryption algorithms used in IKE",
"type": "string"
}
PolicyIKEVersion (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2.",
"enum": [
"IKE_V1",
"IKE_V2",
"IKE_FLEX"
],
"id": "PolicyIKEVersion",
"module_id": "PolicyL3Vpn",
"title": "IKE version",
"type": "string"
}
PolicyIPAddressInfo (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Used to specify the display name and value of the IPv4Address.",
"id": "PolicyIPAddressInfo",
"module_id": "PolicyL3Vpn",
"properties": {
"address_value": {
"$ref": "IPv4Address,
"description": "Value of the IPv4Address.",
"required": true,
"title": "Value of the IPv4Address"
},
"display_name": {
"description": "Display name used to help identify the IPv4Address.",
"required": false,
"title": "Display name of the IPv4Address",
"type": "string"
},
"next_hop": {
"$ref": "IPv4Address,
"description": "Next hop used in auto-plumbing of static route. If a value is not provided, static route will not be auto-plumbed.",
"required": false,
"title": "Next Hop of the IPv4Address"
}
},
"title": "IP address information",
"type": "object"
}
PolicyIgmpProfile (type)
{
"additionalProperties": false,
"description": "IGMP profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyIgmpProfile",
"module_id": "PolicyMulticast",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"last_member_query_interval": {
"default": 1,
"description": "Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages, and is also the amount of time between Group-Specific Query messages. This value may be tuned to modify the \"leave latency\" of the network. A reduced value results in reduced time to detect the loss of the last member of a group.",
"maximum": 25,
"minimum": 1,
"required": false,
"title": "Max Response Time",
"type": "int"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"query_interval": {
"default": 30,
"description": "Interval(seconds) between general IGMP host-query messages.",
"maximum": 1800,
"minimum": 1,
"required": false,
"title": "Interval between general IGMP host-query messages",
"type": "int"
},
"query_max_response_time": {
"default": 10,
"description": "The query response interval(seconds) is the maximum amount of time that can elapse between when the querier router sends a host-query message and when it receives a response from a host. Configuring this interval allows admins to adjust the burstiness of IGMP messages on the subnet; larger values make the traffic less bursty, as host responses are spread out over a larger interval. The number of seconds represented by the query_max_response_time must be less than the query_interval.",
"maximum": 25,
"minimum": 1,
"required": false,
"title": "The maximum elapsed time between response",
"type": "int"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"robustness_variable": {
"default": 2,
"description": "The Robustness Variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the Robustness Variable may be increased. IGMP is robust to (Robustness Variable-1) packet losses. The Robustness Variable must not be zero, and SHOULD NOT be one.",
"maximum": 7,
"minimum": 1,
"required": false,
"title": "The Robustness Variable",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "IGMP Profile",
"type": "object"
}
PolicyInsertParameters (type)
{
"description": "Parameters to let the admin specify a relative position of a security policy or rule w.r.t to another one.",
"id": "PolicyInsertParameters",
"module_id": "Policy",
"properties": {
"anchor_path": {
"required": false,
"title": "The security policy/rule path if operation is 'insert_after' or\n'insert_before'\n",
"type": "string"
},
"operation": {
"default": "insert_top",
"enum": [
"insert_top",
"insert_bottom",
"insert_after",
"insert_before"
],
"required": false,
"title": "Operation",
"type": "string"
}
},
"title": "Parameters to tell where security policy/rule needs to be placed\n",
"type": "object"
}
PolicyInterVrfRoutingConfig (type)
{
"additionalProperties": false,
"description": "policy inter-vrf routing config.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyInterVrfRoutingConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"bgp_route_leaking": {
"description": "Import / export BGP routes.",
"items": {
"$ref": "BgpRouteLeaking
},
"maxItems": 2,
"required": false,
"title": "Import / export BGP routes",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"static_route_advertisement": {
"$ref": "PolicyStaticRouteAdvertisement,
"description": "Advertise subnet to target peers as static routes. It cannot be enabled on parent tier0 in first release.",
"required": false,
"title": "Advertise subnet to target peers as static routes"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"target_path": {
"description": "Policy path to tier0/vrf belongs to the same parent tier0.",
"required": true,
"title": "Policy path to tier0/vrf belongs to the same parent tier0",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "policy inter-vrf routing config",
"type": "object"
}
PolicyInterfaceGroupStatistics (type)
{
"additionalProperties": false,
"description": "Provides the following statistics about a Tier0 or Tier1 interface group on a specific enforcement point: - <b>Individual Tier0 or Tier1 interface statistics </b> which are part of the group. It includes the number of incoming, outgoing and dropped packet counters per transport node since the time the interfaces were created. The statistics will be reset on edge reboot or edge dataplane restart. - <b>Aggregated statistics </b> of all interfaces which are part of the group. It includes the number of incoming, outgoing and dropped packet counters since the time the interfaces were created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"id": "PolicyInterfaceGroupStatistics",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"members": {
"description": "Provides the per transport node statistics of all the Tier0 and Tier1 interfaces that are part of the interface group. It includes the total number of incoming and outgoing packet statistics since the time the interfaces were created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"items": {
"$ref": "LogicalRouterPortStatistics
},
"readonly": true,
"title": "Gateway interface statistics",
"type": "array"
},
"summary": {
"$ref": "AggregatedLogicalRouterPortCounters,
"description": "Provides the aggregated incoming and outgoing packet statistics of all the interfaces that are part of the interface group since the time the interfaces were created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"title": "Aggregate of interface group statistics"
}
},
"title": "Gateway interface group statistics",
"type": "object"
}
PolicyInterfaceOspfConfig (type)
{
"additionalProperties": false,
"description": "OSPF Interface configuration.",
"id": "PolicyInterfaceOspfConfig",
"module_id": "PolicyConnectivity",
"properties": {
"bfd_path": {
"description": "This filed is valid only if enable_bfd is set to TRUE. If enable_bfd flag is set to TRUE, this profile will be applied to all OSPF peers in this interface. If this field is empty, bfd_path will refer to Tier-0 global BFD profile.",
"required": false,
"title": "Policy path of BFD profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0Interface"
],
"relationshipType": "PROVIDER_INTERFACE_OSPF_BFD_RELATIONSHIP",
"rightType": [
"BfdProfile"
]
}
]
},
"dead_interval": {
"default": 40,
"description": "Specifies the number of seconds that router must wait before it declares a OSPF neighbor router down because it has not received OSPF hello packet. OSPF dead interval should be minimum 3 times greater than the hello interval",
"maximum": 65535,
"minimum": 3,
"required": false,
"title": "OSPF dead interval in seconds",
"type": "int"
},
"enable_bfd": {
"description": "Enable/Disable OSPF to register for BFD event. Use FALSE to disable BFD.",
"required": false,
"title": "enable BFD for OSPF",
"type": "boolean"
},
"enabled": {
"default": true,
"description": "enable/disable OSPF on the interface. If enabled flag not specified, defailt is enable OSPF.",
"title": "enable/disable OSPF",
"type": "boolean"
},
"hello_interval": {
"default": 10,
"description": "Specifies the interval between the hello packets that OSPF sends on this interface. OSPF hello interval should be less than the dead interval",
"maximum": 21845,
"minimum": 1,
"required": false,
"title": "OSPF hello interval in seconds",
"type": "int"
},
"network_type": {
"default": "BROADCAST",
"description": "Configure OSPF networkt type, default is BROADCAST network type",
"enum": [
"BROADCAST",
"P2P"
],
"required": false,
"title": "Configure OSPF networkt type",
"type": "string"
},
"ospf_area": {
"description": "Attache Tier0 Interface to specified OSPF Area. all peers.",
"required": true,
"title": "Attach Tier0 Interface to specified OSPF Area",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0Interface"
],
"relationshipType": "PROVIDER_INTERFACE_OSPF_AREA_RELATIONSHIP",
"rightType": [
"OspfAreaConfig"
]
}
]
}
},
"title": "OSPF Interface configuration",
"type": "object"
}
PolicyInterfaceStatistics (type)
{
"additionalProperties": false,
"description": "Provides the interface statistics of a Tier0 or Tier1 interface from all transport nodes. It includes the following information of an interface: - Logical router port ID. - For each transport node, it includes the number of incoming, outgoing and dropped packet counters and, the number of errors and failures causing the drops since the time the interface was created. The statistics will be reset on edge reboot or edge dataplane restart. - For each transport node, it includes subcluster IP and transport node ID of the interface.",
"extends": {
"$ref": "LogicalRouterPortStatistics
},
"id": "PolicyInterfaceStatistics",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"logical_router_port_id": {
"required": true,
"title": "The ID of the logical router port",
"type": "string"
},
"per_node_statistics": {
"additionalProperties": false,
"description": "Lists the subcluster ID, transport node ID, incoming, outgoing and dropped packet counters for each transport node since the time the logical router port was created. The packet counters will be reset on edge reboot or edge dataplane restart.",
"items": {
"$ref": "LogicalRouterPortStatisticsPerNode
},
"readonly": true,
"required": false,
"title": "Per node statistics",
"type": "array"
}
},
"title": "Tier0 or Tier1 interface statistics on a specific enforcement point",
"type": "object"
}
PolicyInterfaceStatisticsSummary (type)
{
"additionalProperties": false,
"description": "Provides the aggregated statistics of a Tier0 or Tier1 interface across all transport nodes on a specific enforcement point since the time the interface was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. It includes the following details: - Logical router port ID. - <b>Aggregated incoming packet counters</b> on the logical router port across all transport nodes. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. - <b>Aggregated outgoing packet counters</b> on the logical router port across all transport nodes. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node. - Some of the packet drop reasons include, the DAD (Duplicate Address Detection) status of the IP is not in ASSIGNED state, firewall rules, failed to fragment the packet, receive malformed packet, could not find route to destination, absence of the receiver, insufficient memory, incomplete ARP resolution of the next-hop, RPF check failure, failed to redirect packet to KNI interface, TTL exceeded, port does not have a linked peer port and and unsupported - destination, protocol or L4 port. - Some of the IPSec packet drop reasons include the missing security association or VTI interface. It also includes packets dropped due to policy lookup error or block policy. - Provides the total number of service-insertion, KNI, non-IP and IPv6 packets dropped.",
"extends": {
"$ref": "LogicalRouterPortStatisticsSummary
},
"id": "PolicyInterfaceStatisticsSummary",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"interface_policy_path": {
"description": "Policy path for the interface",
"title": "Policy path for the interface",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"readonly": true,
"title": "Timestamp when the data was last updated; unset if data source has never updated the data."
},
"logical_router_port_id": {
"required": true,
"title": "The ID of the logical router port",
"type": "string"
},
"rx": {
"$ref": "LogicalRouterPortCounters,
"description": "Provides the aggregated incoming packet counters on the logical router port. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"required": false,
"title": "Packets in statistics"
},
"tx": {
"$ref": "LogicalRouterPortCounters,
"description": "Provides the aggregated outcoming packet counters on the logical router port. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.",
"readonly": true,
"required": false,
"title": "Packets out statistics"
}
},
"title": "Tier0 or Tier1 interface statistics on a specific enforcement point",
"type": "object"
}
PolicyL2TablesParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "TransportNodeIdParameters
},
"id": "PolicyL2TablesParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"enforcement_point_path": {
"description": "Enforcement point path.",
"title": "String Path of the enforcement point",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
},
"transport_node_id": {
"required": false,
"title": "TransportNode Id",
"type": "string"
}
},
"title": "Layer-2 table request parameters",
"type": "object"
}
PolicyLabel (type)
{
"additionalProperties": false,
"description": "Label to reference group of policy entities of same type.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyLabel",
"module_id": "PolicyLabel",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"refs": {
"description": "Policy entity paths referred by the label instance",
"items": {
"type": "string"
},
"required": false,
"title": "Policy entity paths referred by the label instance",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyLabel"
],
"relationshipType": "LABEL_REFS_RELATIONSHIP",
"rightType": []
}
]
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"type": {
"description": "Policy intent entity type from PolicyResourceType",
"required": true,
"title": "Policy intent entity type from PolicyResourceType",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Label to reference group of policy entities of same type.",
"type": "object"
}
PolicyLabelListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyLabelListRequestParameters",
"module_id": "PolicyLabel",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "PolicyLabel list request parameters",
"type": "object"
}
PolicyLabelListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyLabelListResult",
"module_id": "PolicyLabel",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyLabel
},
"required": true,
"title": "Policy label list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Domains",
"type": "object"
}
PolicyLatencyStatProfile (type)
{
"description": "Latency stat service profile",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyLatencyStatProfile",
"module_id": "PolicyLatency",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_to_group_path": {
"description": "The Policy group path to apply the latency profile.",
"title": "Binding Policy group path",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pnic_latency_enabled": {
"default": false,
"description": "Activate or Deactivate pnic latency.",
"readonly": false,
"title": "Pnic latency enablement flag",
"type": "boolean"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sampling_interval": {
"description": "Event nth milliseconds packet is sampled. When a value less than 1000 is given, the realized sampling interval will be 1000 milliseconds.",
"maximum": 1000000,
"minimum": 1,
"title": "Latency sampling interval",
"type": "integer"
},
"sampling_rate": {
"description": "Event nth packet is sampled.",
"maximum": 1000000,
"minimum": 100,
"title": "Latency sampling rate",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Latency Stat Profile",
"type": "object"
}
PolicyLatencyStatProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyLatencyStatProfileListRequestParameters",
"module_id": "PolicyLatency",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Latency profile request parameters",
"type": "object"
}
PolicyLatencyStatProfileListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "PolicyLatencyStatProfileListResult",
"module_id": "PolicyLatency",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Latency stat profile list.",
"items": {
"$ref": "PolicyLatencyStatProfile
},
"readonly": true,
"required": false,
"title": "Latency Stat Profile List",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List of latency profile",
"type": "object"
}
PolicyListL2TablesParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListByNodeIdParameters
},
"id": "PolicyListL2TablesParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "Enforcement point path.",
"title": "String Path of the enforcement point",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
},
"transport_node_id": {
"required": false,
"title": "TransportNode Id",
"type": "string"
}
},
"title": "Layer-2 table list request parameters",
"type": "object"
}
PolicyListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "PolicyListRequestParameters",
"module_id": "Policy",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy list request parameters",
"type": "object"
}
PolicyListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "PolicyListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of security policies",
"type": "object"
}
PolicyLiveTraceActionConfig (type)
{
"additionalProperties": false,
"id": "PolicyLiveTraceActionConfig",
"module_id": "PolicyConnectivity",
"properties": {
"counter_config": {
"$ref": "LiveTracePacketGranularActionConfig,
"required": false,
"title": "Configuration of count action"
},
"datapath_stats_config": {
"$ref": "LiveTracePacketGranularActionConfig,
"description": "Configuration of datapath statistics action, which can be enabled only when other actions are disabled.",
"required": false,
"title": "Configuration of datapath statistics action"
},
"pktcap_config": {
"$ref": "LiveTracePacketGranularActionConfig,
"required": false,
"title": "Configuration of packet capture action"
},
"trace_config": {
"$ref": "LiveTracePacketGranularActionConfig,
"required": false,
"title": "Configuration of trace action"
}
},
"title": "Livetrace action configuration",
"type": "object"
}
PolicyLiveTraceIpsecVpnConfig (type)
{
"additionalProperties": false,
"description": "Information for deriving virtual tunnel interface (VTI) of Route-based IPSec VPN session.",
"id": "PolicyLiveTraceIpsecVpnConfig",
"module_id": "PolicyConnectivity",
"properties": {
"session_path": {
"description": "Policy path of VPN session.",
"required": true,
"title": "Policy path of VPN session",
"type": "string"
}
},
"title": "IPSec VPN configuration for starting livetrace on IPSec tunnel interface",
"type": "object"
}
PolicyMetadataProxyStatistics (type)
{
"id": "PolicyMetadataProxyStatistics",
"module_id": "PolicyMetadataProxy",
"properties": {
"metadata_proxy_path": {
"required": true,
"title": "Policy path of metadata proxy configuration",
"type": "string"
},
"statistics": {
"items": {
"$ref": "MetadataProxyStatisticsPerSegment
},
"required": false,
"title": "Metadata Proxy statistics per segment",
"type": "array"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"required": true,
"title": "timestamp of the statistics"
}
},
"type": "object"
}
PolicyMetadataProxyStatus (type)
{
"additionalProperties": false,
"id": "PolicyMetadataProxyStatus",
"module_id": "PolicyMetadataProxy",
"properties": {
"error_message": {
"required": false,
"title": "Error message, if available",
"type": "string"
},
"proxy_status": {
"description": "UP means the metadata proxy is working fine on both transport-nodes(if configured); DOWN means the metadata proxy is is down on both transport-nodes(if configured), hence the metadata proxy will not repsond to any metadata request; Error means there is an error on transport-node(s) or no status is reported from transport-node(s). The metadata proxy may be working (or not working); NO_BACK means metadata proxy is working on one of the transport node while not in the other transport-node (if configured). If the metadata proxy on the working transport-node goes down, the metadata proxy will go down.",
"enum": [
"UP",
"DOWN",
"ERROR",
"NO_BACKUP"
],
"required": true,
"type": "string"
},
"transport_nodes": {
"description": "Order of the transport nodes is insensitive because Metadata Proxy is running in Active-Active mode among target transport nodes.",
"items": {
"type": "string"
},
"required": true,
"title": "ids of transport nodes where this metadata proxy is running",
"type": "array"
}
},
"type": "object"
}
PolicyMonitoringConfig (type)
{
"description": "This object refers to config on policy like product-version and properties.",
"id": "PolicyMonitoringConfig",
"module_id": "PolicyMonitoring",
"properties": {
"product_version": {
"description": "Version and build number of NSX.",
"required": true,
"title": "Product Version.",
"type": "string"
},
"properties": {
"description": "This field refers to all the properties defined for NSX.",
"required": true,
"title": "Properties.",
"type": "object"
}
},
"title": "PolicyMonitoringConfig.\n",
"type": "object"
}
PolicyMulticastConfig (type)
{
"additionalProperties": false,
"description": "Multicast routing configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyMulticastConfig",
"module_id": "PolicyMulticast",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": false,
"description": "Activate/deactivate Multicast Configuration.",
"required": false,
"title": "Activate/deactivate Multicast Configuration",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"igmp_profile_path": {
"description": "Updates to IGMP profile applied on all Tier0 gateways consuming the configuration.",
"required": false,
"title": "Policy path to IGMP profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyMulticastConfig"
],
"relationshipType": "MULTICAST_IGMP_RELATIONSHIP",
"rightType": [
"PolicyIgmpProfile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pim_profile_path": {
"description": "Updates to PIM profile applied on all Tier0 gateways consuming the configuration.",
"required": false,
"title": "Policy path to PIM profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyMulticastConfig"
],
"relationshipType": "MULTICAST_PIM_RELATIONSHIP",
"rightType": [
"PolicyPimProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"replication_multicast_range": {
"description": "Replication multicast range. Required when enabled.",
"format": "ipv4-cidr-block",
"required": false,
"title": "Replication multicast range",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Multicast routing configuration",
"type": "object"
}
PolicyNATRuleCounters (type)
{
"additionalProperties": false,
"description": "Provides the following statistics for the NAT rules: - Current number of active traffic sessions matching the NAT rules. - Total number of bytes processed on the NAT rules since the time the rules were created. - Total number of packets processed on the NAT rules since the time the rules were created.",
"id": "PolicyNATRuleCounters",
"module_id": "PolicyNAT",
"properties": {
"active_sessions": {
"description": "Provides the current number of active traffic sessions matching the NAT rules.",
"readonly": true,
"title": "Active sessions",
"type": "integer"
},
"total_bytes": {
"description": "Provides the total number of bytes processed on the NAT rules since the time the rules were created.",
"readonly": true,
"title": "Total bytes",
"type": "integer"
},
"total_packets": {
"description": "Provides the total number of packets processed on the NAT rules since the time the rules were created.",
"readonly": true,
"title": "Total packets",
"type": "integer"
}
},
"title": "NAT rule statistics",
"type": "object"
}
PolicyNat (type)
{
"additionalProperties": false,
"description": "Represents NAT section. This object is created by default when corresponding tier-0/tier-1 is created. Under tier-0/tier-1 there will be 4 different NATs(sections). (INTERNAL, USER, DEFAULT and NAT64).",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyNat",
"module_id": "PolicyNAT",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"nat_type": {
"description": "Represents a NAT section under tier-0/tier-1.",
"enum": [
"INTERNAL",
"USER",
"DEFAULT",
"NAT64"
],
"title": "NAT section under tier-0/tier-1",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains list of NAT Rules",
"type": "object"
}
PolicyNatListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyNatListRequestParameters",
"module_id": "PolicyNAT",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "NAT list request parameters",
"type": "object"
}
PolicyNatListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyNatListResult",
"module_id": "PolicyNAT",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyNat
},
"required": true,
"title": "NAT list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of NAT Types",
"type": "object"
}
PolicyNatRule (type)
{
"additionalProperties": false,
"description": "Represents a NAT rule between source and destination at T0/T1 router.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyNatRule",
"module_id": "PolicyNAT",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "Source NAT(SNAT) - translates a source IP address in an outbound packet so that the packet appears to originate from a different network. SNAT is only supported when the logical router is running in active-standby mode. Destination NAT(DNAT) - translates the destination IP address of inbound packets so that packets are delivered to a target address into another network. DNAT is only supported when the logical router is running in active-standby mode. Reflexive NAT(REFLEXIVE) - IP-Range and CIDR are supported to define the \"n\". The number of original networks should be exactly the same as that of translated networks. The address translation is deterministic. Reflexive is supported on both Active/Standby and Active/Active LR. NO_SNAT and NO_DNAT - These do not have support for translated_fields, only source_network and destination_network fields are supported. NAT64 - translates an external IPv6 address to a internal IPv4 address.",
"enum": [
"SNAT",
"DNAT",
"REFLEXIVE",
"NO_SNAT",
"NO_DNAT",
"NAT64"
],
"required": true,
"title": "Represents action of NAT Rule SNAT, DNAT, REFLEXIVE",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_network": {
"$ref": "IPElementList,
"description": "This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For DNAT and NO_DNAT rules, this is a mandatory field, and represents the destination network for the incoming packets. For other type of rules, optionally it can contain destination network of outgoing packets. NULL value for this field represents ANY network. For VPC DNAT NATRule, destination network address should be IPv4 address allocated from External Block associated with VPC.",
"required": false,
"title": "Represents the destination network"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "The flag, which suggests whether the NAT rule is enabled or disabled. The default is True.",
"title": "Policy NAT Rule enabled flag",
"type": "boolean"
},
"firewall_match": {
"default": "MATCH_INTERNAL_ADDRESS",
"description": "It indicates how the firewall matches the address after NATing if firewall stage is not skipped. MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped. For NO_SNAT or NO_DNAT, it must be BYPASS or leave it unassigned",
"enum": [
"MATCH_EXTERNAL_ADDRESS",
"MATCH_INTERNAL_ADDRESS",
"BYPASS"
],
"required": false,
"title": "Represents the firewall match flag",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"logging": {
"default": false,
"description": "The flag, which suggests whether the logging of NAT rule is enabled or disabled. The default is False.",
"title": "Policy NAT Rule logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"policy_based_vpn_mode": {
"description": "It indicates how the NSX edge applies Nat Policy for VPN traffic. It is supported only for Nat Rule action type DNAT and NO_DNAT. For all other NAT action, leave it unassigned. BYPASS - Default vpn mode. It indicates that Nat policy will be applied to the inbound traffic on Routed Based VPN tunnel, if the policy based VTI is in the \"scope\" for this rule. Default value will be set to BYPASS if MATCH - It indicates that this NAT rule will only match the Policy Based VPN traffic.",
"enum": [
"BYPASS",
"MATCH"
],
"required": false,
"title": "Indicates NSX edge Nat behaviour for inbound VPN tra",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"scope": {
"description": "Represents the array of policy paths of ProviderInterface or NetworkInterface or labels of type ProviderInterface or NetworkInterface or IPSecVpnSession on which the NAT rule should get enforced. The interfaces must belong to the same router for which the NAT Rule is created.",
"items": {
"type": "string"
},
"required": false,
"title": "Array of policy paths of labels, ProviderInterface, NetworkInterface",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyNatRule"
],
"relationshipType": "NAT_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"Tier1Interface",
"Tier0Interface",
"PolicyLabel",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"default": 0,
"description": "The sequence_number decides the rule_priority of a NAT rule. Sequence_number and rule_priority have 1:1 mapping.For each NAT section, there will be reserved rule_priority numbers.The valid range of rule_priority number is from 0 to 2147483647(MAX_INT). 1. INTERNAL section rule_priority reserved from 0 - 1023 (1024 rules) valid sequence_number range 0 - 1023 2. USER section rule_priority reserved from 1024 - 2147482623 (2147481600 rules) valid sequence_number range 0 - 2147481599 3. DEFAULT section rule_priority reserved from 2147482624 - 2147483647 (1024 rules) valid sequence_number range 0 - 1023",
"title": "Sequence number of the Nat Rule",
"type": "int"
},
"service": {
"description": "It represents the path of Service on which the NAT rule will be applied. If not provided or if it is blank then Policy manager will consider it as ANY. Please note, if this is a DNAT, the destination_port of the service will be realized on NSX Manager as the translated_port. And if this is a SNAT, the destination_port will be ignored.",
"required": false,
"title": "Represents the service on which the NAT rule will be applied",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyNatRule"
],
"relationshipType": "NAT_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
}
]
},
"source_network": {
"$ref": "IPElementList,
"description": "This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, NO_SNAT, NAT64 and REFLEXIVE rules, this is a mandatory field and represents the source network of the packets leaving the network. For DNAT and NO_DNAT rules, optionally it can contain source network of incoming packets. NULL value for this field represents ANY network.",
"required": false,
"title": "Represents the source network address"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"translated_network": {
"$ref": "IPElementList,
"description": "This supports single IP address or comma separated list of single IP addresses or CIDR. If user specify the CIDR, this value is actually used as an IP pool that includes both the subnet and broadcast addresses as valid for NAT translations. This does not support IP range or IP sets. Comma separated list of single IP addresses is not suported for DNAT and REFLEXIVE rules. For SNAT, DNAT, NAT64 and REFLEXIVE rules, this ia a mandatory field, which represents the translated network address. For NO_SNAT and NO_DNAT this should be empty. For VPC SNAT and Refelexive NATRule, translated network address should be IPv4 address allocated from External Block associated with VPC.",
"required": false,
"title": "Represents the translated network address"
},
"translated_ports": {
"$ref": "PortElement,
"description": "Please note, if there is service configured in this NAT rule, the translated_port will be realized on NSX Manager as the destination_port. If there is no sevice configured, the port will be ignored.",
"required": false,
"title": "Port number or port range"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents a NAT rule between source and destination at T0/T1 router",
"type": "object"
}
PolicyNatRuleListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyNatRuleListRequestParameters",
"module_id": "PolicyNAT",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "NAT Rule list request parameters",
"type": "object"
}
PolicyNatRuleListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyNatRuleListResult",
"module_id": "PolicyNAT",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyNatRule
},
"required": true,
"title": "NAT Rules list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of NAT Rules",
"type": "object"
}
PolicyNatRuleStatistics (type)
{
"additionalProperties": false,
"description": "Provides the following statistics for a NAT rule: - Current number of active traffic sessions matching the NAT rule. - Total number of bytes processed on the NAT rule since the time the rule was created. - Total number of packets processed on the NAT rule since the time the rule was created. - Any warning message about NAT rule statistics.",
"extends": {
"$ref": "PolicyNATRuleCounters
},
"id": "PolicyNatRuleStatistics",
"module_id": "PolicyNAT",
"properties": {
"active_sessions": {
"description": "Provides the current number of active traffic sessions matching the NAT rules.",
"readonly": true,
"title": "Active sessions",
"type": "integer"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated.",
"readonly": true,
"title": "Last update timestamp"
},
"total_bytes": {
"description": "Provides the total number of bytes processed on the NAT rules since the time the rules were created.",
"readonly": true,
"title": "Total bytes",
"type": "integer"
},
"total_packets": {
"description": "Provides the total number of packets processed on the NAT rules since the time the rules were created.",
"readonly": true,
"title": "Total packets",
"type": "integer"
},
"warning_message": {
"description": "The warning message about the NAT Rule Statistics.",
"readonly": true,
"title": "Warning Message",
"type": "string"
}
},
"title": "NAT rule statistics",
"type": "object"
}
PolicyNatRuleStatisticsListRequestParameters (type)
{
"additionalProperties": false,
"description": "Request parameter to get NAT rule statistics.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyNatRuleStatisticsListRequestParameters",
"module_id": "PolicyNAT",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "Enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "NAT Rule statistics list request parameters",
"type": "object"
}
PolicyNatRuleStatisticsListResult (type)
{
"additionalProperties": false,
"description": "Provides the following details for a NAT rule across all enforcement points: - Current number of active traffic sessions matching the NAT rule. - Total number of bytes processed on the NAT rule since the time the rule was created. - Total number of packets processed on the NAT rule since the time the rule was created. - Any warning message about NAT rule statistics.",
"extends": {
"$ref": "ListResult
},
"id": "PolicyNatRuleStatisticsListResult",
"module_id": "PolicyNAT",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "For every enforcement point, it lists the warning message of NAT rule statistics, the current number of active traffic sessions matching the NAT rule, and the total number of packets and bytes processed on the NAT rule since the time the rule was created.",
"items": {
"$ref": "PolicyNatRuleStatisticsPerEnforcementPoint
},
"required": true,
"title": "List of NAT rule statistics per enforcement point",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "NAT rule statistics",
"type": "object"
}
PolicyNatRuleStatisticsPerEnforcementPoint (type)
{
"additionalProperties": false,
"description": "Provides the following details for a NAT rule for a given enforcement point - Current number of active traffic sessions matching the NAT rule. - Total number of bytes processed on the NAT rule since the time the rule was created. - Total number of packets processed on the NAT rule since the time the rule was created. - Any warning message about NAT rule statistics.",
"id": "PolicyNatRuleStatisticsPerEnforcementPoint",
"module_id": "PolicyNAT",
"properties": {
"enforcement_point_path": {
"description": "Policy Path referencing the enforcement point from where the statistics are fetched.",
"title": "Enforcement point Path",
"type": "string"
},
"rule_path": {
"description": "Path of NAT Rule.",
"title": "Path of NAT Rule",
"type": "string"
},
"rule_statistics": {
"description": "Provides the current number of active traffic sessions matching the NAT rule, the total number of packets and bytes processed on the NAT rule since the time the rule was created.",
"items": {
"$ref": "PolicyNatRuleStatistics
},
"readonly": true,
"title": "NAT rule statistics",
"type": "array"
}
},
"title": "NAT rule statistics per enforcement point",
"type": "object"
}
PolicyNatRuleStatisticsPerLogicalRouter (type)
{
"additionalProperties": false,
"description": "Provides the following statistics of all NAT rules in a logical router for a given enforcement point: - <b>Aggregated statistics</b> of all NAT rules in a logical router. It includes the current number of active traffic sessions matching the NAT rules and, the total number of packets processed on the NAT rules since the time the rules were created. - Lists <b>per transport node statistics</b> of all NAT rules in a logical router. It includes the current number of active traffic sessions matching the NAT rules and, the total number of packets processed on the NAT rules since the time the rules were created. - Transport node ID.",
"id": "PolicyNatRuleStatisticsPerLogicalRouter",
"module_id": "PolicyNAT",
"properties": {
"enforcement_point_path": {
"description": "Policy Path referencing the enforcement point from where the statistics are fetched.",
"title": "Enforcement point Path",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated.",
"readonly": true,
"title": "Last update timestamp"
},
"per_node_statistics": {
"description": "Provides the statistics of all NAT rules in a transport node. It includes the current number of active traffic sessions matching the NAT rules and the total number of packets processed on the NAT rules since the time the rules were created.",
"items": {
"$ref": "PolicyNatRuleStatisticsPerTransportNode
},
"readonly": true,
"title": "Aggregated NAT rule statistics per transport node",
"type": "array"
},
"router_path": {
"description": "Path of the router.",
"title": "Router path",
"type": "string"
},
"statistics": {
"$ref": "PolicyNATRuleCounters,
"description": "Provides the aggregated statistics of all NAT rules in a logical router. It includes the current number of active traffic sessions matching the NAT rules and the total number of packets processed on the NAT rules. The counts are from the time the rules were created.",
"readonly": true,
"title": "Rolled up statistics"
}
},
"title": "Aggregate of NAT rule statistics per logical router per enforcement point",
"type": "object"
}
PolicyNatRuleStatisticsPerLogicalRouterListResult (type)
{
"additionalProperties": false,
"description": "Provides the following statistics for all NAT rules in a logical router across all enforcement points since the time the rules were created: - Aggregated statistics of all NAT rules in a logical router. - Lists statistics of all NAT rules in a logical router for each transport node.",
"extends": {
"$ref": "ListResult
},
"id": "PolicyNatRuleStatisticsPerLogicalRouterListResult",
"module_id": "PolicyNAT",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "For every enforcement point, it provides the aggregated statistics and per transport node statistics of all NAT rules in a logical router since the time the rules were created.",
"items": {
"$ref": "PolicyNatRuleStatisticsPerLogicalRouter
},
"required": true,
"title": "List of aggregated NAT rule statistics per logical router per enforcement point",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Aggregate of NAT rule statistics per logical router",
"type": "object"
}
PolicyNatRuleStatisticsPerTransportNode (type)
{
"additionalProperties": false,
"description": "Provides the following details of an edge transport node: - Transport node ID. - Current number of active traffic sessions in an edge transport node matching the NAT rules. - Total number of bytes processed on all NAT rules in an edge transport node since the time the rules were created. - Total number of packets processed on all NAT rules in an edge transport node since the time the rules were created.",
"extends": {
"$ref": "PolicyNATRuleCounters
},
"id": "PolicyNatRuleStatisticsPerTransportNode",
"module_id": "PolicyNAT",
"properties": {
"active_sessions": {
"description": "Provides the current number of active traffic sessions matching the NAT rules.",
"readonly": true,
"title": "Active sessions",
"type": "integer"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated.",
"readonly": true,
"title": "Last update timestamp"
},
"total_bytes": {
"description": "Provides the total number of bytes processed on the NAT rules since the time the rules were created.",
"readonly": true,
"title": "Total bytes",
"type": "integer"
},
"total_packets": {
"description": "Provides the total number of packets processed on the NAT rules since the time the rules were created.",
"readonly": true,
"title": "Total packets",
"type": "integer"
},
"transport_node_path": {
"description": "Policy path of the Edge Node.",
"readonly": true,
"title": "Node path",
"type": "string"
}
},
"title": "Aggregate of NAT rule statistics per transport node",
"type": "object"
}
PolicyNonCompliantConfig (type)
{
"id": "PolicyNonCompliantConfig",
"module_id": "PolicyCompliance",
"properties": {
"affected_resources": {
"description": "Resources/Services impacted by non compliant configuration",
"items": {
"$ref": "PolicyResourceReference
},
"readonly": true,
"title": "Resources/Services impacted by non compliant configuration",
"type": "array"
},
"compliance_names": {
"description": "Names of the compliance programs according to which the affected resources are non-compliant.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Names of compliance programs",
"type": "array"
},
"description": {
"readonly": true,
"title": "Detail description of non compliant configuration with suggestive action",
"type": "string"
},
"non_compliance_code": {
"readonly": true,
"title": "Code for non compliant configuration",
"type": "integer"
},
"reported_by": {
"$ref": "PolicyResourceReference,
"readonly": true,
"title": "Id and name of non compliant resource/service"
}
},
"type": "object"
}
PolicyNsLookupParameters (type)
{
"extends": {
"$ref": "PolicyRuntimeOnEpRequestParameters
},
"id": "PolicyNsLookupParameters",
"module_id": "PolicyDnsForwarder",
"properties": {
"address": {
"required": false,
"title": "IP address or FQDN for nslookup",
"type": "string"
},
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
}
},
"type": "object"
}
PolicyPerNodeDnsFailedQueries (type)
{
"additionalProperties": false,
"description": "The list of the failed DNS queries with entry count and timestamp. The entry count is for per active/standby transport node.",
"extends": {
"$ref": "PerNodeDnsFailedQueries
},
"id": "PolicyPerNodeDnsFailedQueries",
"module_id": "PolicyDnsForwarder",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_node_path": {
"description": "equivalent policy path for the edge node",
"required": false,
"title": "Policy edge node path",
"type": "string"
},
"node_id": {
"description": "The Uuid of active/standby transport node.",
"readonly": true,
"required": true,
"title": "Uuid of active/standby transport node",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "The list of failed DNS queries.",
"items": {
"$ref": "DnsFailedQuery
},
"readonly": true,
"required": false,
"title": "List of failed DNS queries",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
},
"timestamp": {
"description": "Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.",
"readonly": true,
"required": true,
"title": "Timestamp of the request",
"type": "string"
}
},
"title": "The list of failed DNS queries per transport node",
"type": "object"
}
PolicyPimProfile (type)
{
"additionalProperties": false,
"description": "PIM profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyPimProfile",
"module_id": "PolicyMulticast",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"bsm_enabled": {
"default": true,
"description": "Activate/deactivate bootstrap messaging Configuration.",
"required": false,
"title": "Activate/deactivate bootstrap messaging Configuration",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rp_address": {
"$ref": "IPAddress,
"deprecated": true,
"description": "This field is deprecated and recommended to use rp_address_multicast_ranges",
"required": false,
"title": "Static IPv4 multicast address configuration"
},
"rp_address_multicast_ranges": {
"description": "Static IPv4 multicast address and assciated multicast groups configuration.",
"items": {
"$ref": "RpAddressMulticastRanges
},
"required": false,
"title": "Static IPv4 multicast address and assciated multicast groups configuration",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "PIM profile",
"type": "object"
}
PolicyPoolUsage (type)
{
"additionalProperties": false,
"description": "IP usage statistics in a IpAddressPool.",
"id": "PolicyPoolUsage",
"module_id": "PolicyIpam",
"properties": {
"allocated_ip_allocations": {
"description": "Total number of allocated IPs shown are from NSX manager. NSX manager uses default release delay of 2 mins. Till this delay passes, IPs will be shown as allocated (and counted in allocated ips). In this period of time there could be mismatch in requested_ip_allocations and allocated_ip_allocations.",
"readonly": true,
"title": "Total number of allocated IPs in a IpAddressPool",
"type": "integer"
},
"available_ips": {
"readonly": true,
"title": "Total number of available IPs in a IpAddressPool",
"type": "integer"
},
"requested_ip_allocations": {
"readonly": true,
"title": "Total number of requested IP allocations in a IpAddressPool",
"type": "integer"
},
"total_ips": {
"readonly": true,
"title": "Total number of IPs in a IpAddressPool",
"type": "integer"
}
},
"type": "object"
}
PolicyRealizedResource (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Abstract base class for all the realized policy objects",
"extends": {
"$ref": "PolicyResource
},
"id": "PolicyRealizedResource",
"module_id": "PolicyRealizedState",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alarms": {
"items": {
"$ref": "PolicyAlarmResource
},
"required": false,
"title": "Alarm info detail",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"intent_reference": {
"items": {
"type": "string"
},
"required": false,
"title": "Desire state paths of this object",
"type": "array"
},
"operational_status": {
"description": "Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive.",
"required": false,
"title": "String representation of operational status",
"type": "string"
},
"operational_status_error": {
"description": "It defines the root cause for operational status error.",
"required": false,
"title": "String representation of operational status error",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"publish_status": {
"description": "Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive.",
"required": false,
"title": "String representation of publish status",
"type": "string"
},
"publish_status_error": {
"description": "It defines the root cause for publish status error.",
"required": false,
"title": "String representation of publish status error",
"type": "string"
},
"publish_status_error_code": {
"description": "It defines error code for publish status error.",
"required": false,
"title": "Represents error code for publish status.",
"type": "int"
},
"publish_status_error_details": {
"description": "Error details for publish status.",
"items": {
"$ref": "ConfigurationStateElement
},
"required": false,
"title": "Details for publich status error.",
"type": "array"
},
"publish_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time",
"readonly": true,
"title": "Publish time of the intent"
},
"realization_api": {
"required": false,
"title": "Realization API of this object on enforcement point",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"realization_specific_identifier": {
"required": false,
"title": "Realization id of this object",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"runtime_error": {
"description": "It define the root cause for runtime error.",
"required": false,
"title": "String representation of runtime error",
"type": "string"
},
"runtime_status": {
"deprecated": true,
"description": "Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive.",
"required": false,
"title": "String representation of runtime status",
"type": "string"
},
"state": {
"enum": [
"UNAVAILABLE",
"UNREALIZED",
"REALIZED",
"ERROR"
],
"required": true,
"title": "Realization state of this object",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"time_taken_for_realization": {
"description": "This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization",
"title": "Appoximate time taken in milliseconds for end to end realization.",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Abstract base class for all the realized policy objects",
"type": "object"
}
PolicyRelatedApiError (type)
{
"id": "PolicyRelatedApiError",
"module_id": "PolicyRealizedState",
"properties": {
"details": {
"title": "Further details about the error",
"type": "string"
},
"error_code": {
"title": "A numeric error code",
"type": "integer"
},
"error_data": {
"title": "Additional data about the error",
"type": "object"
},
"error_message": {
"title": "A description of the error",
"type": "string"
},
"module_name": {
"title": "The module name where the error occurred",
"type": "string"
}
},
"title": "Detailed information about errors from API call to an enforcement point",
"type": "object"
}
PolicyRequestParameter (type)
{
"additionalProperties": false,
"description": "Optional API Request Parameter to be used in HAPI.",
"id": "PolicyRequestParameter",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"description": "The type of this request parameter.",
"readonly": false,
"required": true,
"type": "string"
}
},
"title": "Represents optional API request parameter to be used in HAPI",
"type": "object"
}
PolicyResource (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Abstract base class for all the policy objects.",
"extends": {
"$ref": "ManagedResource
},
"id": "PolicyResource",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Abstract base class for all the policy objects",
"type": "object"
}
PolicyResourceReference (type)
{
"additionalProperties": false,
"description": "Policy resource reference.",
"extends": {
"$ref": "ResourceReference
},
"id": "PolicyResourceReference",
"module_id": "Policy",
"properties": {
"is_valid": {
"description": "Will be set to false if the referenced NSX resource has been deleted.",
"readonly": true,
"required": false,
"title": "Target validity",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this resource. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of resource",
"type": "string"
},
"path": {
"description": "Absolute path of this object.",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"project_scope": {
"description": "Project scope of policy resource",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Project scope of policy resource",
"type": "array"
},
"target_display_name": {
"description": "Display name of the NSX resource.",
"maxLength": 255,
"readonly": true,
"required": false,
"title": "Target display name",
"type": "string"
},
"target_id": {
"description": "Identifier of the NSX resource.",
"maxLength": 64,
"readonly": false,
"required": false,
"title": "Target ID",
"type": "string"
},
"target_type": {
"description": "Type of the NSX resource.",
"maxLength": 255,
"readonly": false,
"required": false,
"title": "Target type",
"type": "string"
}
},
"title": "Policy resource reference",
"type": "object"
}
PolicyResourceReferenceForEP (type)
{
"additionalProperties": false,
"description": "Policy resource reference for enforcement point",
"extends": {
"$ref": "PolicyResourceReference
},
"id": "PolicyResourceReferenceForEP",
"module_id": "PolicyGroupRealization",
"properties": {
"is_valid": {
"description": "Will be set to false if the referenced NSX resource has been deleted.",
"readonly": true,
"required": false,
"title": "Target validity",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns this group. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns a group",
"type": "string"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this resource. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of resource",
"type": "string"
},
"path": {
"description": "Absolute path of this object.",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"project_scope": {
"description": "Project scope of policy resource",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Project scope of policy resource",
"type": "array"
},
"remote_path": {
"description": "This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"target_display_name": {
"description": "Display name of the NSX resource.",
"maxLength": 255,
"readonly": true,
"required": false,
"title": "Target display name",
"type": "string"
},
"target_id": {
"description": "Identifier of the NSX resource.",
"maxLength": 64,
"readonly": false,
"required": false,
"title": "Target ID",
"type": "string"
},
"target_type": {
"description": "Type of the NSX resource.",
"maxLength": 255,
"readonly": false,
"required": false,
"title": "Target type",
"type": "string"
}
},
"title": "Policy resource reference for enforcement point",
"type": "object"
}
PolicyResourceReferenceForEPListResult (type)
{
"additionalProperties": false,
"description": "Paginated collection of policy resource references for enforcement point",
"extends": {
"$ref": "ListResult
},
"id": "PolicyResourceReferenceForEPListResult",
"module_id": "PolicyGroupRealization",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyResourceReferenceForEP
},
"required": true,
"title": "Paged Collection of policy resource references for enforcement point",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy resource reference list for enforcement point",
"type": "object"
}
PolicyResourceReferenceListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyResourceReferenceListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyResourceReference
},
"required": true,
"title": "Policy resource references list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of PolicyResourceReference",
"type": "object"
}
PolicyRouteAdvertisementRule (type)
{
"additionalProperties": false,
"description": "policy route advertisement rule.",
"id": "PolicyRouteAdvertisementRule",
"module_id": "PolicyConnectivity",
"properties": {
"action": {
"default": "PERMIT",
"description": "Action to advertise filtered routes to the connected Tier0 gateway. PERMIT: Enables the advertisment DENY: Disables the advertisement",
"enum": [
"PERMIT",
"DENY"
],
"required": true,
"title": "Action to advertise routes",
"type": "string"
},
"name": {
"description": "Display name for rule.",
"required": false,
"title": "Display name for rule",
"type": "string"
},
"prefix_operator": {
"default": "GE",
"description": "Prefix operator to filter subnets. GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured. EQ prefix operator filter all the routes with prefix length equal to the subnets configured.",
"enum": [
"GE",
"EQ"
],
"required": false,
"title": "Prefix operator to match subnets",
"type": "string"
},
"route_advertisement_types": {
"description": "Enable different types of route advertisements.",
"items": {
"$ref": "InterVrfRouteAdvertisementTypes
},
"required": false,
"title": "Enable different types of route advertisements",
"type": "array"
},
"subnets": {
"description": "Network CIDRs to be routed.",
"items": {
"format": "ip-cidr-block",
"type": "string"
},
"required": false,
"title": "Network CIDRs",
"type": "array"
}
},
"title": "policy route advertisement rule",
"type": "object"
}
PolicyRuntimeAlarm (type)
{
"description": "Alarm associated with the PolicyRuntimeInfoPerEP that exposes potential errors when retrieving runtime information from the enforcement point.",
"id": "PolicyRuntimeAlarm",
"module_id": "PolicyBaseStatistics",
"properties": {
"error_details": {
"$ref": "PolicyApiError,
"description": "Detailed information about errors from an API call made to the enforcement point, if any.",
"readonly": true,
"title": "Error Detailed Information"
},
"error_id": {
"description": "Alarm error id.",
"readonly": true,
"title": "Alarm Error Id",
"type": "string"
},
"message": {
"description": "Error message describing the issue.",
"readonly": true,
"title": "Error Message to Describe the Issue",
"type": "string"
}
},
"title": "Alarm of PolicyRuntimeInfoPerEP",
"type": "object"
}
PolicyRuntimeInfoPerEP (type)
{
"abstract": true,
"description": "Runtime Info Per Enforcement Point.",
"id": "PolicyRuntimeInfoPerEP",
"module_id": "PolicyBaseStatistics",
"properties": {
"alarm": {
"$ref": "PolicyRuntimeAlarm,
"description": "Alarm information details.",
"readonly": true,
"title": "Alarm Information Details"
},
"enforcement_point_path": {
"description": "Policy Path referencing the enforcement point where the info is fetched.",
"readonly": true,
"title": "Enforcement point Path",
"type": "string"
}
},
"title": "PolicyRuntimeInfoPerEP",
"type": "object"
}
PolicyRuntimeOnEpRequestParameters (type)
{
"description": "Request parameters that represents an enforcement point path. A request on runtime information can be parameterized with this path and will be evaluated as follows: - no enforcement point path specified: the request is evaluated on all enforcement points. - an enforcement point path is specified: the request is evaluated only on the given enforcement point.",
"id": "PolicyRuntimeOnEpRequestParameters",
"module_id": "PolicyBaseStatistics",
"properties": {
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
}
},
"title": "Request Parameters for Policy Runtime on enforcement point",
"type": "object"
}
PolicyRuntimeRequestParameters (type)
{
"description": "Request parameters that represents an enforcement point path and data source. A request on runtime information can be parameterized with this pair and will be evaluted as follows: - no enforcement point path specified: the request is evaluated on all enforcement points. - an enforcement point path is specified: the request is evaluated only on the given enforcement point.",
"extends": {
"$ref": "DataSourceParameters
},
"id": "PolicyRuntimeRequestParameters",
"module_id": "PolicyBaseStatistics",
"properties": {
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
}
},
"title": "Request Parameters for Policy Runtime Information",
"type": "object"
}
PolicySIExcludeList (type)
{
"additionalProperties": false,
"description": "List of entities where Service Insertion will not be enforced. Exclusion List can contain PolicyGroup(s) or SegmentPort(s) or Segment(s).",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicySIExcludeList",
"module_id": "PolicyServiceInsertion",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"members": {
"description": "List of the members in the exclude list",
"items": {
"type": "string"
},
"maxItems": 100,
"required": true,
"title": "ExcludeList member list",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicySIExcludeList"
],
"relationshipType": "SI_EXCLUDE_LIST_RELATIONSHIP",
"rightType": [
"Segment",
"SegmentPort",
"Group"
]
}
]
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Service Insertion Exclusion List",
"type": "object"
}
PolicySIStatusConfiguration (type)
{
"description": "It represents status of Service Insertion for North-South and East-West context types.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicySIStatusConfiguration",
"module_id": "PolicyServiceInsertion",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"east_west_enabled": {
"default": false,
"description": "If set to true, service insertion for east-west traffic is enabled.",
"title": "East-West status flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"north_south_enabled": {
"default": false,
"description": "If set to true, service insertion for north-south traffic is enabled.",
"title": "North-South status flag",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Service Insertion Status",
"type": "object"
}
PolicyServiceChain (type)
{
"description": "Service chain is a set of network Services. A Service chain is made up of ordered list of service profiles belonging to any same or different services.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyServiceChain",
"module_id": "PolicyServiceInsertion",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"failure_policy": {
"default": "ALLOW",
"description": "Failure policy for the service defines the action to be taken i.e to allow or to block the traffic during failure scenarios.",
"enum": [
"ALLOW",
"BLOCK"
],
"readonly": false,
"required": false,
"title": "Failure Policy",
"type": "string"
},
"forward_path_service_profiles": {
"description": "Forward path service profiles are applied to ingress traffic.",
"items": {
"type": "string"
},
"maxItems": 4,
"readonly": false,
"required": true,
"title": "Forward path service profiles",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyServiceChain"
],
"relationshipType": "SERVICE_CHAIN_TO_SERVICE_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyServiceProfile"
]
}
]
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"path_selection_policy": {
"default": "LOCAL",
"description": "Path selection policy can be - ANY - Service Insertion is free to redirect to any service path regardless of any load balancing considerations or flow pinning. LOCAL - Preference to be given to local service insances. REMOTE - Preference to be given to the SVM co-located on the same host. ROUND_ROBIN - All active service paths are hit with equal probability.",
"enum": [
"ANY",
"LOCAL",
"REMOTE",
"ROUND_ROBIN"
],
"readonly": false,
"required": false,
"title": "Path Selection Policy",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"reverse_path_service_profiles": {
"description": "Reverse path service profiles are applied to egress traffic and is optional. 2 different set of profiles can be defined for forward and reverse path. If not defined, the reverse of the forward path service profile is applied.",
"items": {
"type": "string"
},
"maxItems": 4,
"readonly": false,
"required": false,
"title": "Reverse path service profiles",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyServiceChain"
],
"relationshipType": "SERVICE_CHAIN_TO_SERVICE_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyServiceProfile"
]
}
]
},
"service_segment_path": {
"description": "Path to service segment using which the traffic needs to be redirected.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 1,
"readonly": false,
"required": true,
"title": "Path to service segment",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyServiceChain"
],
"relationshipType": "SERVICE_CHAIN_TO_SERVICE_SEGMENT_RELATIONSHIP",
"rightType": [
"ServiceSegment"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy Service Chain",
"type": "object"
}
PolicyServiceInstance (type)
{
"additionalProperties": false,
"description": "Represents an instance of partner Service and its configuration.",
"extends": {
"$ref": "BasePolicyServiceInstance
},
"id": "PolicyServiceInstance",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyServiceInstance"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"attributes": {
"description": "List of attributes specific to a partner for which the service is created. There attributes are passed on to the partner appliance.",
"items": {
"$ref": "Attribute
},
"maxItems": 128,
"required": true,
"title": "Deployment Template attributes",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"compute_id": {
"description": "Id of the compute(ResourcePool) to which this service needs to be deployed.",
"required": true,
"title": "Id of the compute resource.",
"type": "string"
},
"context_id": {
"description": "UUID of VCenter/Compute Manager as seen on NSX Manager, to which this service needs to be deployed.",
"required": false,
"title": "Id of the compute manager",
"type": "string"
},
"deployment_mode": {
"default": "ACTIVE_STANDBY",
"description": "Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.",
"enum": [
"STAND_ALONE",
"ACTIVE_STANDBY"
],
"readonly": false,
"required": false,
"title": "Deployment Mode",
"type": "string"
},
"deployment_spec_name": {
"description": "Form factor for the deployment of partner service.",
"required": true,
"title": "Name of the Deployment Specification",
"type": "string"
},
"deployment_template_name": {
"description": "Template for the deployment of partnet service.",
"required": true,
"title": "Name of the Deployment Template",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"failure_policy": {
"default": "BLOCK",
"description": "Failure policy for the Service VM. If this values is not provided, it will be defaulted to FAIL_CLOSE.",
"enum": [
"ALLOW",
"BLOCK"
],
"required": false,
"title": "Failure policy for the Service VM",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"partner_service_name": {
"description": "Unique name of Partner Service in the Marketplace",
"required": true,
"title": "Name of Partner Service",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"primary_gateway_address": {
"$ref": "IPElement,
"description": "Gateway address for primary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided.",
"required": false,
"title": "Gateway for primary management console"
},
"primary_interface_mgmt_ip": {
"$ref": "IPElement,
"description": "Management IP Address of primary interface of the Service",
"required": true,
"title": "Management IP Address of primary interface of the Service"
},
"primary_interface_network": {
"description": "Path of the segment to which primary interface of the Service VM needs to be connected",
"required": false,
"title": "Path of the segment to which primary interface of the Service VM needs to be connected",
"type": "string"
},
"primary_portgroup_id": {
"description": "Id of the standard or ditsributed port group for primary management console. Please note that only 1 of the 2 values from 1. primary_interface_network 2. primary_portgroup_id are allowed to be passed. Both can't be passed in the same request.",
"required": false,
"title": "Id of the standard or ditsributed port group for primary management console",
"type": "string"
},
"primary_subnet_mask": {
"$ref": "IPElement,
"description": "Subnet for primary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided.",
"required": false,
"title": "Subnet for primary management console IP"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"secondary_gateway_address": {
"$ref": "IPElement,
"description": "Gateway address for secondary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided.",
"required": false,
"title": "Gateway for secondary management console"
},
"secondary_interface_mgmt_ip": {
"$ref": "IPElement,
"description": "Management IP Address of secondary interface of the Service",
"required": false,
"title": "Management IP Address of secondary interface of the Service"
},
"secondary_interface_network": {
"description": "Path of segment to which secondary interface of the Service VM needs to be connected",
"required": false,
"title": "Path of segment to which secondary interface of the Service VM needs to be connected",
"type": "string"
},
"secondary_portgroup_id": {
"description": "Id of the standard or ditsributed port group for secondary management console. Please note that only 1 of the 2 values from 1. secondary_interface_network 2. secondary_portgroup_id are allowed to be passed. Both can't be passed in the same request.",
"required": false,
"title": "Id of the standard or ditsributed port group for secondary management console",
"type": "string"
},
"secondary_subnet_mask": {
"$ref": "IPElement,
"description": "Subnet for secondary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided.",
"required": false,
"title": "Subnet for secondary management console IP"
},
"storage_id": {
"description": "Id of the storage(Datastore). VC moref of Datastore to which this service needs to be deployed.",
"required": true,
"title": "Id of the storage",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_type": {
"default": "L2_BRIDGE",
"description": "Transport to be used while deploying Service-VM.",
"enum": [
"L2_BRIDGE",
"L3_ROUTED"
],
"readonly": false,
"required": false,
"title": "Transport Type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents an instance of partner Service and its configuration",
"type": "object"
}
PolicyServiceProfile (type)
{
"description": "Service profile represents specialization of a vendor template. User may provide any of the vendor_template_name or vendor_template_key properties. But in case of multiple vendor templates with the same name, it is recommended to use the vendor_template_key. When both attributes are provided, name is ignored and only key is used to identify the template. If there are multiple templates with same name, and vendor_template_name is provided, realization will fail.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyServiceProfile",
"module_id": "PolicyServiceInsertion",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"attributes": {
"description": "List of attributes specific to a partner for which the service is created. These attributes are passed on to the partner appliance and are opaque to NSX. If a vendor template exposes configurable parameters, then their values are specified here.",
"items": {
"$ref": "Attribute
},
"maxItems": 128,
"readonly": false,
"required": false,
"title": "Service profile attributes",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"redirection_action": {
"description": "The redirection action represents if the packet is exclusively redirected to the service, or if a copy is forwarded to the service. Redirection action is not applicable to guest introspection service.",
"enum": [
"PUNT",
"COPY"
],
"readonly": false,
"required": false,
"title": "Redirection action",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"vendor_template_key": {
"description": "The vendor template key property of actual vendor template. This should be used when multiple templates with same name exist.",
"required": false,
"title": "Vendor Template Key",
"type": "string"
},
"vendor_template_name": {
"description": "Name of the vendor template for which this Service Profile is being created.",
"readonly": false,
"required": false,
"title": "Vendor template name",
"type": "string"
}
},
"title": "Policy Service Profile for a given Service",
"type": "object"
}
PolicyStaticRouteAdvertisement (type)
{
"additionalProperties": false,
"description": "policy static route advertisement.",
"id": "PolicyStaticRouteAdvertisement",
"module_id": "PolicyConnectivity",
"properties": {
"advertisement_rules": {
"description": "Route advertisement rules.",
"items": {
"$ref": "PolicyRouteAdvertisementRule
},
"required": false,
"title": "Route advertisement rules",
"type": "array"
},
"in_filter_prefix_list": {
"description": "Paths of ordered Prefix list, it breaks after first match.",
"items": {
"type": "string"
},
"maxItems": 5,
"required": false,
"title": "Paths of ordered Prefix list",
"type": "array"
}
},
"title": "policy static route advertisement",
"type": "object"
}
PolicyStatisticsAggregateParameters (type)
{
"additionalProperties": false,
"description": "Request Parameter for aggregating Policy statistics on enforcement point.",
"extends": {
"$ref": "StatisticsRequestParameters
},
"id": "PolicyStatisticsAggregateParameters",
"module_id": "PolicyBaseStatistics",
"properties": {
"action": {
"description": "Action to take on statistics for an object.",
"enum": [
"aggregate"
],
"required": false,
"title": "Action on statistics",
"type": "string"
},
"container_cluster_path": {
"description": "Path to the container cluster entity where the request will be executed.",
"required": false,
"title": "String Path of the Container Cluster entity",
"type": "string"
},
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
}
},
"title": "Request Parameters for Policy Statistics Aggregate",
"type": "object"
}
PolicyStatisticsResetParameters (type)
{
"additionalProperties": false,
"description": "Request Parameter for resetting Policy statistics on enforcement point.",
"extends": {
"$ref": "PolicyRuntimeOnEpRequestParameters
},
"id": "PolicyStatisticsResetParameters",
"module_id": "PolicyBaseStatistics",
"properties": {
"action": {
"description": "Action to take on statistics for an object.",
"enum": [
"reset"
],
"required": true,
"title": "Action on statistics",
"type": "string"
},
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
}
},
"title": "Request Parameters for Policy Statistics Reset",
"type": "object"
}
PolicySubAttributes (type)
{
"additionalProperties": false,
"id": "PolicySubAttributes",
"module_id": "PolicyContextProfile",
"properties": {
"datatype": {
"enum": [
"STRING"
],
"required": true,
"title": "Datatype for sub attribute",
"type": "string"
},
"key": {
"enum": [
"TLS_CIPHER_SUITE",
"TLS_VERSION",
"CIFS_SMB_VERSION"
],
"required": true,
"title": "Key for sub attribute",
"type": "string"
},
"value": {
"description": "Multiple sub attribute values can be specified as elements of array.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Value for sub attribute key",
"type": "array",
"uniqueItems": true
}
},
"title": "Policy Sub Attributes data holder",
"type": "object"
}
PolicyTask (type)
{
"abstract": true,
"additionalProperties": false,
"description": "This object holds the information of the task.",
"extends": {
"$ref": "TaskProperties
},
"id": "PolicyTask",
"module_id": "PolicyTask",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"async_response_available": {
"display": {
"order": 13
},
"readonly": true,
"title": "True if response for asynchronous request is available",
"type": "boolean"
},
"cancelable": {
"display": {
"order": 8
},
"readonly": true,
"title": "True if this task can be canceled",
"type": "boolean"
},
"description": {
"display": {
"order": 2
},
"readonly": true,
"title": "Description of the task",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"display": {
"order": 6
},
"readonly": true,
"title": "The end time of the task in epoch milliseconds"
},
"failure_msg": {
"description": "This property holds the reason of the task failure, if any.",
"readonly": true,
"title": "Reason of the task failure",
"type": "string"
},
"id": {
"display": {
"order": 1
},
"readonly": true,
"title": "Identifier for this task",
"type": "string"
},
"message": {
"display": {
"order": 4
},
"readonly": true,
"title": "A message describing the disposition of the task",
"type": "string"
},
"progress": {
"display": {
"order": 7
},
"maximum": 100,
"minimum": 0,
"readonly": true,
"title": "Task progress if known, from 0 to 100",
"type": "integer"
},
"request_method": {
"display": {
"order": 12
},
"readonly": true,
"title": "HTTP request method",
"type": "string"
},
"request_uri": {
"display": {
"order": 11
},
"readonly": true,
"title": "URI of the method invocation that spawned this task",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"display": {
"order": 5
},
"readonly": true,
"title": "The start time of the task in epoch milliseconds"
},
"status": {
"$ref": "TaskStatus,
"display": {
"order": 3
},
"readonly": true,
"title": "Current status of the task"
},
"user": {
"display": {
"order": 10
},
"readonly": true,
"title": "Name of the user who created this task",
"type": "string"
}
},
"title": "Task information",
"type": "object"
}
PolicyTepCsvListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CsvListResult
},
"id": "PolicyTepCsvListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"results": {
"items": {
"$ref": "PolicyTepTableCsvRecord
},
"required": false,
"type": "array"
}
},
"type": "object"
}
PolicyTepListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyTepListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyTepTableEntry
},
"required": false,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "Transport node identifier",
"type": "string"
}
},
"type": "object"
}
PolicyTepTableCsvRecord (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CsvRecord
},
"id": "PolicyTepTableCsvRecord",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"segment_id": {
"description": "This is the identifier of the TEP segment. This segment is NOT the same as logical segment or logical switch.",
"required": false,
"title": "TEP segment identifier",
"type": "string"
},
"tep_ip": {
"$ref": "IPAddress,
"required": false,
"title": "The tunnel endpoint IP address"
},
"tep_label": {
"required": true,
"title": "The tunnel endpoint label",
"type": "integer"
},
"tep_mac_address": {
"required": true,
"title": "The tunnel endpoint MAC address",
"type": "string"
}
},
"type": "object"
}
PolicyTepTableEntry (type)
{
"additionalProperties": false,
"id": "PolicyTepTableEntry",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"segment_id": {
"required": false,
"title": "The segment Id",
"type": "string"
},
"tep_ip": {
"$ref": "IPAddress,
"required": false,
"title": "The tunnel endpoint IP address"
},
"tep_label": {
"required": false,
"title": "The tunnel endpoint label",
"type": "integer"
},
"tep_mac_address": {
"required": false,
"title": "The tunnel endpoint MAC address",
"type": "string"
}
},
"type": "object"
}
PolicyTier1MulticastConfig (type)
{
"additionalProperties": false,
"description": "Multicast routing configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyTier1MulticastConfig",
"module_id": "PolicyMulticast",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": false,
"description": "Activate/deactivate Multicast Configuration. Whenever service router needs to be added/deleted from tier1, user needs to deactivate multicast first.",
"required": false,
"title": "Activate/deactivate Multicast Configuration",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Multicast routing configuration",
"type": "object"
}
PolicyTimeIntervalValue (type)
{
"id": "PolicyTimeIntervalValue",
"module_id": "PolicyFirewallScheduler",
"properties": {
"end_interval": {
"description": "Time in 24 hour and minutes in multiple of 30. Example, 17:30.",
"required": true,
"title": "End time of the interval",
"type": "string"
},
"start_interval": {
"description": "Time in 24 hour and minutes in multiple of 30. Example, 9:00.",
"required": true,
"title": "Start time of the interval",
"type": "string"
}
},
"title": "Time interval on which firewall schedule will be applicable",
"type": "object"
}
PolicyTraceflowObservationDelivered (type)
{
"additionalProperties": false,
"extends": {
"$ref": "TraceflowObservationDelivered
},
"id": "PolicyTraceflowObservationDelivered",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyTraceflowObservationDelivered"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"interface_path": {
"Description": "The path of the interface into which the traceflow packet was delivered (e.g.,\nTier0 Interface, Tier1 Interface, Service Interface, and Virtual Tunnel Interface).\n",
"readonly": true,
"required": false,
"title": "Path of interface",
"type": "string"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port into which the traceflow packet was delivered",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port into which the traceflow packet was delivered",
"type": "string"
},
"parent_port_path": {
"Description": "The port path of the corresponding parent port for current deliver observation point.\n",
"nsx_feature": "ChildSegment",
"required": false,
"title": "Path of parent segment port",
"type": "string"
},
"resolution_type": {
"description": "This field specifies the resolution type of ARP ARP_SUPPRESSION_PORT_CACHE - ARP request is suppressed by IP table. ARP_SUPPRESSION_TABLE - ARP request is suppressed by ARP table. ARP_SUPPRESSION_CP_QUERY - ARP request is suppressed by info derived from CP. ARP_VM - No suppression and the ARP request is resolved by VM. ARP_LRP - No suppression and the ARP request is resolved by logical router.",
"enum": [
"UNKNOWN",
"ARP_SUPPRESSION_PORT_CACHE",
"ARP_SUPPRESSION_TABLE",
"ARP_SUPPRESSION_CP_QUERY",
"ARP_VM",
"ARP_LRP"
],
"readonly": true,
"required": false,
"title": "The resolution type of the delivered message for ARP",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"segment_port_path": {
"Description": "The path of the segment port into\nwhich the traceflow packet was delivered.\n",
"readonly": true,
"required": false,
"title": "Path of segment port",
"type": "string"
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"target_mac": {
"description": "The source MAC address of form: \"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$\". For example: 00:00:00:00:00:00.",
"readonly": true,
"required": false,
"title": "MAC address of the resolved IP by ARP",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"vlan_id": {
"$ref": "VlanID,
"required": false,
"title": "VLAN on bridged network"
}
},
"type": "object"
}
PolicyTraceflowObservationDropped (type)
{
"additionalProperties": false,
"extends": {
"$ref": "TraceflowObservationDropped
},
"id": "PolicyTraceflowObservationDropped",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyTraceflowObservationDropped"
},
"properties": {
"acl_rule_id": {
"description": "This field is specified when the traceflow packet matched a L3 firewall rule.",
"readonly": true,
"required": false,
"title": "The id of the L3 firewall rule that was applied to drop the traceflow packet",
"type": "integer"
},
"acl_rule_path": {
"description": "The path of the ACL rule that was applied to forward the traceflow packet",
"readonly": true,
"title": "Access Control List Rule Path",
"type": "string"
},
"arp_fail_reason": {
"description": "This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction",
"enum": [
"ARP_UNKNOWN",
"ARP_TIMEOUT",
"ARP_CPFAIL",
"ARP_FROMCP",
"ARP_PORTDESTROY",
"ARP_TABLEDESTROY",
"ARP_NETDESTROY"
],
"readonly": true,
"required": false,
"title": "The detailed drop reason of ARP traceflow packet",
"type": "string"
},
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"interface_path": {
"Description": "The path of the interface at which the traceflow packet was dropped (e.g.,\nTier0 Interface, Tier1 Interface, Service Interface, and Virtual Tunnel Interface).\n",
"readonly": true,
"required": false,
"title": "Path of interface",
"type": "string"
},
"ipsec_fail_reason": {
"description": "This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown",
"enum": [
"IPSEC_SA_NOT_FOUND",
"IPSEC_UDP_ENC_STATE_MISMATCH",
"IPSEC_SEQ_ROLLOVER",
"IPSEC_FRAG_NEEDED",
"IPSEC_TUN_IFACE_DOWN",
"IPSEC_POLICY_NOMATCH",
"IPSEC_POLICY_BLOCK",
"IPSEC_POLICY_ERROR",
"IPSEC_REPLAY_SEQ_NUM_REPEAT",
"IPSEC_REPLAY_RECV_DELAY",
"IPSEC_REPLAY_PROC_DELAY",
"IPSEC_ZERO_SEQ_NUM_RECVD",
"IPSEC_ENQUEUE_FAIL",
"IPSEC_AUTH_DGST_MISMATCH",
"IPSEC_AUTH_DGST_SIZE_MISMATCH",
"IPSEC_AUTH_UNSUPPORTED_ALGO",
"IPSEC_CRYPTO_FAIL",
"IPSEC_CRYPTO_PROC_INCOMPLETE",
"IPSEC_CRYPTO_SESSION_INV",
"IPSEC_CRYPTO_ARGS_INV",
"IPSEC_CRYPTO_PROC_ERROR",
"IPSEC_CRYPTO_NO_BUF_SPACE",
"IPSEC_CRYPTO_UNSUPPORTED_CIPHER",
"IPSEC_MALFORMED",
"IPSEC_MALFORMED_INV_PADDING",
"IPSEC_PADDING_REMOVAL_FAILED",
"IPSEC_INNER_MALFORMED",
"IPSEC_INNER_MALFORMED_IP",
"IPSEC_INNER_MALFORMED_UDP",
"IPSEC_INNER_MALFORMED_TCP",
"IPSEC_UNKNOWN"
],
"readonly": true,
"required": false,
"title": "The detailed drop reason of IPSec VPN traceflow packet",
"type": "string"
},
"jumpto_rule_id": {
"description": "This field is specified when the traceflow packet matched a jump-to rule.",
"readonly": true,
"required": false,
"title": "The ID of the jump-to rule that was applied to the traceflow packet",
"type": "integer"
},
"l2_rule_id": {
"description": "This field is specified when the traceflow packet matched a l2 rule.",
"readonly": true,
"required": false,
"title": "The ID of the l2 rule that was applied to the traceflow packet",
"type": "integer"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port at which the traceflow packet was dropped",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port at which the traceflow packet was dropped",
"type": "string"
},
"nat_rule_id": {
"description": "This field is specified when the traceflow packet matched a NAT rule.",
"readonly": true,
"required": false,
"title": "The ID of the NAT rule that was applied to drop the traceflow packet",
"type": "integer"
},
"nat_rule_path": {
"description": "The path of the NAT rule that was applied to forward the traceflow packet",
"readonly": true,
"required": false,
"title": "Network Address Translation Rule Path",
"type": "string"
},
"reason": {
"description": "This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation.",
"enum": [
"ARP_FAIL",
"BFD",
"BROADCAST",
"DHCP",
"DLB",
"FW_RULE",
"GENEVE",
"GRE",
"IFACE",
"IP",
"IP_REASS",
"IPSEC",
"IPSEC_VTI",
"L2VPN",
"L4PORT",
"LB",
"LROUTER",
"LSERVICE",
"LSWITCH",
"MANAGEMENT",
"MD_PROXY",
"NAT",
"RTEP_TUNNEL",
"ND_NS_FAIL",
"NEIGH",
"NO_EIP_FOUND",
"NO_EIP_ASSOCIATION",
"NO_ENI_FOR_IP",
"NO_ENI_FOR_LIF",
"NO_ROUTE",
"NO_ROUTE_TABLE_FOUND",
"NO_UNDERLAY_ROUTE_FOUND",
"NOT_VDR_DOWNLINK",
"NO_VDR_FOUND",
"NO_VDR_ON_HOST",
"NOT_VDR_UPLINK",
"SERVICE_INSERT",
"SPOOFGUARD",
"TTL_ZERO",
"TUNNEL",
"VLAN",
"VXLAN",
"VXSTT",
"VMC_NO_RESPONSE",
"WRONG_UPLINK",
"FW_STATE",
"NO_MAC",
"UNKNOWN",
"FILTERED_UPLINK"
],
"readonly": true,
"required": false,
"title": "The reason traceflow packet was dropped",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"segment_port_path": {
"Description": "The path of the segment port at which the\ntraceflow packet was dropped.\n",
"readonly": true,
"required": false,
"title": "Path of segment port",
"type": "string"
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
}
},
"type": "object"
}
PolicyTraceflowObservationDroppedLogical (type)
{
"additionalProperties": false,
"extends": {
"$ref": "TraceflowObservationDroppedLogical
},
"id": "PolicyTraceflowObservationDroppedLogical",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyTraceflowObservationDroppedLogical"
},
"properties": {
"acl_rule_id": {
"description": "This field is specified when the traceflow packet matched a L3 firewall rule.",
"readonly": true,
"required": false,
"title": "The id of the L3 firewall rule that was applied to drop the traceflow packet",
"type": "integer"
},
"acl_rule_path": {
"description": "The path of the ACL rule that was applied to forward the traceflow packet",
"readonly": true,
"title": "Access Control List Rule Path",
"type": "string"
},
"arp_fail_reason": {
"description": "This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction",
"enum": [
"ARP_UNKNOWN",
"ARP_TIMEOUT",
"ARP_CPFAIL",
"ARP_FROMCP",
"ARP_PORTDESTROY",
"ARP_TABLEDESTROY",
"ARP_NETDESTROY"
],
"readonly": true,
"required": false,
"title": "The detailed drop reason of ARP traceflow packet",
"type": "string"
},
"component_id": {
"readonly": true,
"required": false,
"title": "The id of the component that dropped the traceflow packet.",
"type": "string"
},
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_path": {
"readonly": true,
"required": false,
"title": "The path of the component that dropped the traceflow packet",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"interface_path": {
"Description": "The path of the interface at which traceflow packet was dropped (e.g.,\nTier0 Interface, Tier1 Interface, Service Interface, and Virtual Tunnel Interface).\n",
"readonly": true,
"required": false,
"title": "Path of interface",
"type": "string"
},
"ipsec_fail_reason": {
"description": "This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown",
"enum": [
"IPSEC_SA_NOT_FOUND",
"IPSEC_UDP_ENC_STATE_MISMATCH",
"IPSEC_SEQ_ROLLOVER",
"IPSEC_FRAG_NEEDED",
"IPSEC_TUN_IFACE_DOWN",
"IPSEC_POLICY_NOMATCH",
"IPSEC_POLICY_BLOCK",
"IPSEC_POLICY_ERROR",
"IPSEC_REPLAY_SEQ_NUM_REPEAT",
"IPSEC_REPLAY_RECV_DELAY",
"IPSEC_REPLAY_PROC_DELAY",
"IPSEC_ZERO_SEQ_NUM_RECVD",
"IPSEC_ENQUEUE_FAIL",
"IPSEC_AUTH_DGST_MISMATCH",
"IPSEC_AUTH_DGST_SIZE_MISMATCH",
"IPSEC_AUTH_UNSUPPORTED_ALGO",
"IPSEC_CRYPTO_FAIL",
"IPSEC_CRYPTO_PROC_INCOMPLETE",
"IPSEC_CRYPTO_SESSION_INV",
"IPSEC_CRYPTO_ARGS_INV",
"IPSEC_CRYPTO_PROC_ERROR",
"IPSEC_CRYPTO_NO_BUF_SPACE",
"IPSEC_CRYPTO_UNSUPPORTED_CIPHER",
"IPSEC_MALFORMED",
"IPSEC_MALFORMED_INV_PADDING",
"IPSEC_PADDING_REMOVAL_FAILED",
"IPSEC_INNER_MALFORMED",
"IPSEC_INNER_MALFORMED_IP",
"IPSEC_INNER_MALFORMED_UDP",
"IPSEC_INNER_MALFORMED_TCP",
"IPSEC_UNKNOWN"
],
"readonly": true,
"required": false,
"title": "The detailed drop reason of IPSec VPN traceflow packet",
"type": "string"
},
"jumpto_rule_id": {
"description": "This field is specified when the traceflow packet matched a jump-to rule.",
"readonly": true,
"required": false,
"title": "The ID of the jump-to rule that was applied to the traceflow packet",
"type": "integer"
},
"jumpto_rule_path": {
"description": "The path of the jump-to rule that was applied to the traceflow packet",
"readonly": true,
"required": false,
"title": "Jump-to Rule Path",
"type": "string"
},
"l2_rule_id": {
"description": "This field is specified when the traceflow packet matched a l2 rule.",
"readonly": true,
"required": false,
"title": "The ID of the l2 rule that was applied to the traceflow packet",
"type": "integer"
},
"l2_rule_path": {
"description": "The path of the l2 rule that was applied to the traceflow packet",
"readonly": true,
"required": false,
"title": "L2 Rule Path",
"type": "string"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port at which the traceflow packet was dropped",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port at which the traceflow packet was dropped",
"type": "string"
},
"nat_rule_id": {
"description": "This field is specified when the traceflow packet matched a NAT rule.",
"readonly": true,
"required": false,
"title": "The ID of the NAT rule that was applied to drop the traceflow packet",
"type": "integer"
},
"nat_rule_path": {
"description": "The path of the NAT rule that was applied to forward the traceflow packet",
"readonly": true,
"required": false,
"title": "Network Address Translation Rule Path",
"type": "string"
},
"reason": {
"description": "This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation.",
"enum": [
"ARP_FAIL",
"BFD",
"BROADCAST",
"DHCP",
"DLB",
"FW_RULE",
"GENEVE",
"GRE",
"IFACE",
"IP",
"IP_REASS",
"IPSEC",
"IPSEC_VTI",
"L2VPN",
"L4PORT",
"LB",
"LROUTER",
"LSERVICE",
"LSWITCH",
"MANAGEMENT",
"MD_PROXY",
"NAT",
"RTEP_TUNNEL",
"ND_NS_FAIL",
"NEIGH",
"NO_EIP_FOUND",
"NO_EIP_ASSOCIATION",
"NO_ENI_FOR_IP",
"NO_ENI_FOR_LIF",
"NO_ROUTE",
"NO_ROUTE_TABLE_FOUND",
"NO_UNDERLAY_ROUTE_FOUND",
"NOT_VDR_DOWNLINK",
"NO_VDR_FOUND",
"NO_VDR_ON_HOST",
"NOT_VDR_UPLINK",
"SERVICE_INSERT",
"SPOOFGUARD",
"TTL_ZERO",
"TUNNEL",
"VLAN",
"VXLAN",
"VXSTT",
"VMC_NO_RESPONSE",
"WRONG_UPLINK",
"FW_STATE",
"NO_MAC",
"UNKNOWN",
"FILTERED_UPLINK"
],
"readonly": true,
"required": false,
"title": "The reason traceflow packet was dropped",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"segment_port_path": {
"Description": "The path of the segment port at which traceflow packet\nwas dropped.\n",
"readonly": true,
"required": false,
"title": "Path of segment port",
"type": "string"
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"service_path_index": {
"description": "The index of service path that is a chain of services represents the point where the traceflow packet was dropped.",
"readonly": true,
"required": false,
"title": "The index of service path",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
}
},
"type": "object"
}
PolicyTraceflowObservationForwardedLogical (type)
{
"additionalProperties": false,
"extends": {
"$ref": "TraceflowObservationForwardedLogical
},
"id": "PolicyTraceflowObservationForwardedLogical",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyTraceflowObservationForwardedLogical"
},
"properties": {
"acl_rule_id": {
"description": "This field is specified when the traceflow packet matched a L3 firewall rule.",
"readonly": true,
"required": false,
"title": "The id of the L3 firewall rule that was applied to forward the traceflow packet",
"type": "integer"
},
"acl_rule_path": {
"description": "The path of the ACL rule that was applied to forward the traceflow packet",
"readonly": true,
"title": "Access Control List Rule Path",
"type": "string"
},
"component_id": {
"readonly": true,
"required": false,
"title": "The id of the component that forwarded the traceflow packet.",
"type": "string"
},
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_path": {
"readonly": true,
"required": false,
"title": "The path of the component that forwarded the traceflow packet",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"dst_component_id": {
"readonly": true,
"required": false,
"title": "The id of the destination component to which the traceflow packet was forwarded.",
"type": "string"
},
"dst_component_name": {
"readonly": true,
"required": false,
"title": "The name of the destination component to which the traceflow packet was forwarded.",
"type": "string"
},
"dst_component_path": {
"readonly": true,
"required": false,
"title": "The path of the destination component to which the traceflow packet was forwarded",
"type": "string"
},
"dst_component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the destination component to which the traceflow packet was forwarded."
},
"interface_path": {
"Description": "The path of the interface through which the traceflow packet was forwarded (e.g.,\nTier0 Interface, Tier1 Interface, Service Interface, and Virtual Tunnel Interface).\n",
"readonly": true,
"required": false,
"title": "Path of interface",
"type": "string"
},
"ipsec_vpn": {
"$ref": "TraceflowObservationIpsecVpn,
"description": "This field is specified when the traceflow packet was forwarded through IPSec VPN.",
"readonly": true,
"required": false,
"title": "IPSec VPN on which the traceflow packet was forwarded"
},
"ipsec_vpn_path": {
"$ref": "PolicyTraceflowObservationIpsecVpn,
"readonly": true,
"required": false,
"title": "The related path of IPsec VPN through which the traceflow packet was forwarded"
},
"jumpto_rule_id": {
"description": "This field is specified when the traceflow packet matched a jump-to rule.",
"readonly": true,
"required": false,
"title": "The ID of the jump-to rule that was applied to the traceflow packet",
"type": "integer"
},
"jumpto_rule_path": {
"description": "The path of the jump-to rule that was applied to the traceflow packet",
"readonly": true,
"required": false,
"title": "Jump-to Rule Path",
"type": "string"
},
"l2_rule_id": {
"description": "This field is specified when the traceflow packet matched a l2 rule.",
"readonly": true,
"required": false,
"title": "The ID of the l2 rule that was applied to the traceflow packet",
"type": "integer"
},
"l2_rule_path": {
"description": "The path of the l2 rule that was applied to the traceflow packet",
"readonly": true,
"required": false,
"title": "L2 Rule Path",
"type": "string"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port through which the traceflow packet was forwarded.",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port through which the traceflow packet was forwarded.",
"type": "string"
},
"nat_rule_id": {
"description": "This field is specified when the traceflow packet matched a NAT rule.",
"readonly": true,
"required": false,
"title": "The ID of the NAT rule that was applied to forward the traceflow packet",
"type": "integer"
},
"nat_rule_path": {
"description": "The path of the NAT rule that was applied to forward the traceflow packet",
"readonly": true,
"required": false,
"title": "Network Address Translation Rule Path",
"type": "string"
},
"next_hop": {
"$ref": "IPAddress,
"description": "This field is specified when the traceflow packet was routed by logical router.",
"readonly": true,
"required": false,
"title": "Next hop IP address of matched routing entry"
},
"resend_type": {
"description": "ARP_UNKNOWN_FROM_CP - Unknown ARP query result emitted by control plane ND_NS_UNKNOWN_FROM_CP - Unknown neighbor solicitation query result emitted by control plane UNKNOWN - Unknown resend type",
"enum": [
"UNKNOWN",
"ARP_UNKNOWN_FROM_CP",
"ND_NS_UNKNWON_FROM_CP"
],
"readonly": true,
"required": false,
"title": "The type of packet resending",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"route_prefix": {
"$ref": "IPCIDRBlock,
"description": "This field is specified when the traceflow packet was routed by logical router.",
"readonly": true,
"required": false,
"title": "Prefix of matched routing entry"
},
"segment_port_path": {
"Description": "The path of the segment port through which the\ntraceflow packet was forwarded.\n",
"readonly": true,
"required": false,
"title": "Path of segment port",
"type": "string"
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"service_index": {
"readonly": true,
"required": false,
"title": "The index of the service insertion component",
"type": "integer"
},
"service_path_index": {
"readonly": true,
"required": false,
"title": "The path index of the service insertion component",
"type": "integer"
},
"service_ttl": {
"readonly": true,
"required": false,
"title": "The ttl of the service insertion component",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"spoofguard_ip": {
"$ref": "IPCIDRBlock,
"description": "This field specified the prefix IP address a traceflow packet matched in the whitelist in spoofguard.",
"readonly": true,
"required": false,
"title": "Prefix IP address matched in the whitelist in spoofguard"
},
"spoofguard_mac": {
"$ref": "MACAddress,
"description": "The source MAC address of form: \"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$\". For example: 00:00:00:00:00:00.",
"readonly": true,
"required": false,
"title": "MAC address matched in the whitelist in spoofguard"
},
"spoofguard_vlan_id": {
"$ref": "VlanID,
"description": "This field specified the VLAN id a traceflow packet matched in the whitelist in spoofguard.",
"readonly": true,
"required": false,
"title": "VLAN id matched in the whitelist in spoofguard"
},
"svc_nh_mac": {
"description": "MAC address of nexthop for service insertion(SI) in service VM(SVM) where the traceflow packet was received.",
"readonly": true,
"required": false,
"title": "MAC address of nexthop",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"translated_dst_ip": {
"$ref": "IPAddress,
"readonly": true,
"required": false,
"title": "The translated destination IP address of VNP/NAT"
},
"translated_src_ip": {
"$ref": "IPAddress,
"readonly": true,
"required": false,
"title": "The translated source IP address of VPN/NAT"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"vlan": {
"$ref": "VlanID,
"description": "This field is specified when the traceflow packet was forwarded by a VLAN logical network.",
"readonly": true,
"required": false,
"title": "VLAN for the logical network on which the traceflow packet was forwarded"
},
"vni": {
"description": "This field is specified when the traceflow packet was forwarded by an overlay logical network.",
"readonly": true,
"required": false,
"title": "VNI for the logical network on which the traceflow packet was forwarded.",
"type": "int"
}
},
"type": "object"
}
PolicyTraceflowObservationIpsecVpn (type)
{
"additionalProperties": false,
"id": "PolicyTraceflowObservationIpsecVpn",
"module_id": "PolicyConnectivity",
"properties": {
"session_path": {
"readonly": true,
"required": false,
"title": "The path of the IPsec VPN session",
"type": "string"
},
"vti_path": {
"readonly": true,
"required": false,
"title": "The path of the virtual tunnel interface for Route-Based IPsec VPN",
"type": "string"
}
},
"title": "The related policy path of IPsec VPN traceflow observations",
"type": "object"
}
PolicyTraceflowObservationReceivedLogical (type)
{
"additionalProperties": false,
"extends": {
"$ref": "TraceflowObservationReceivedLogical
},
"id": "PolicyTraceflowObservationReceivedLogical",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyTraceflowObservationReceivedLogical"
},
"properties": {
"component_id": {
"readonly": true,
"required": false,
"title": "The id of the component that received the traceflow packet.",
"type": "string"
},
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_path": {
"readonly": true,
"required": false,
"title": "The path of the component that received the traceflow packet",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"interface_path": {
"Description": "The path of the interface at which the traceflow packet was received (e.g.,\nTier0 Interface, Tier1 Interface, Service Interface, and Virtual Tunnel Interface).\n",
"readonly": true,
"required": false,
"title": "Path of interface",
"type": "string"
},
"ipsec_vpn": {
"$ref": "TraceflowObservationIpsecVpn,
"description": "This field is specified when the traceflow packet was received on IPSec VPN.",
"readonly": true,
"required": false,
"title": "IPSec VPN on which the traceflow packet was received."
},
"ipsec_vpn_path": {
"$ref": "PolicyTraceflowObservationIpsecVpn,
"readonly": true,
"required": false,
"title": "The related path of IPsec VPN on which the traceflow packet was received"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port at which the traceflow packet was received",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port at which the traceflow packet was received",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"segment_port_path": {
"Description": "The path of the segment port at which the\ntraceflow packet was received.\n",
"readonly": true,
"required": false,
"title": "Path of segment port",
"type": "string"
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"src_component_id": {
"readonly": true,
"required": false,
"title": "The id of the source component from which the traceflow packet was received.",
"type": "string"
},
"src_component_name": {
"readonly": true,
"required": false,
"title": "The name of source component from which the traceflow packet was received.",
"type": "string"
},
"src_component_path": {
"readonly": true,
"required": false,
"title": "The path of the source component from which the traceflow packet was received",
"type": "string"
},
"src_component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the source component from which the traceflow packet was received."
},
"svc_mac": {
"description": "MAC address of SAN volume controller for service insertion(SI) in service VM(SVM) where the traceflow packet was received.",
"readonly": true,
"required": false,
"title": "MAC address of SAN volume controller",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"vlan": {
"$ref": "VlanID,
"description": "This field is specified when the traceflow packet was received by a VLAN logical network.",
"readonly": true,
"required": false,
"title": "VLAN for the logical network on which the traceflow packet was received."
},
"vni": {
"description": "This field is specified when the traceflow packet was received by an overlay logical network.",
"readonly": true,
"required": false,
"title": "VNI for the logical network on which the traceflow packet was received.",
"type": "int"
}
},
"type": "object"
}
PolicyTraceflowObservationRelayedLogical (type)
{
"extends": {
"$ref": "TraceflowObservationRelayedLogical
},
"id": "PolicyTraceflowObservationRelayedLogical",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "PolicyTraceflowObservationRelayedLogical"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"dst_server_address": {
"$ref": "IPAddress,
"description": "This field specified the IP address of the destination which the packet will be relayed.",
"readonly": true,
"required": true,
"title": "The IP address of the destination"
},
"logical_comp_uuid": {
"description": "This field specified the logical component that relay service located.",
"readonly": true,
"required": false,
"title": "The id of the component which relay service located",
"type": "string"
},
"logical_component_path": {
"description": "This field specifies the logical component that relay service located on.",
"readonly": true,
"required": false,
"title": "The path of the component on which relay service located",
"type": "string"
},
"message_type": {
"default": "REQUEST",
"description": "This field specified the message type of the relay service REQUEST - The relay service will relay a request message to the destination server REPLY - The relay service will relay a reply message to the client",
"enum": [
"REQUEST",
"REPLY"
],
"readonly": true,
"required": true,
"title": "The type of the relay service",
"type": "string"
},
"relay_server_address": {
"$ref": "IPAddress,
"description": "This field specified the IP address of the relay service.",
"readonly": true,
"required": true,
"title": "The IP address of relay service"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
}
},
"type": "object"
}
PolicyTransportZone (type)
{
"description": "Transport Zone.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyTransportZone",
"module_id": "PolicyTransportZone",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"authorized_vlans": {
"description": "This field lists vlan ids allowed on logical network entities, eg. Segments, bridges, etc. created under this transport zone. Can be empty, VLAN id or a range of VLAN ids specified with '-' in between. An empty list allows all vlan ids.",
"items": {
"type": "string"
},
"required": false,
"title": "Authorized VLAN ids for this TransportZone",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"forwarding_mode": {
"description": "Transport Zone Forwarding Mode, must be one of either IPV4_ONLY or IPV6_ONLY or IPV4_AND_IPV6. Default is IPV4_ONLY.",
"enum": [
"IPV4_ONLY",
"IPV6_ONLY",
"IPV4_AND_IPV6"
],
"nsx_feature": "L2Ipv6",
"title": "Transport Zone Forwarding Mode",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_default": {
"default": false,
"description": "Flag to indicate if the transport zone is the default one. Only one transport zone can be the default one for a given transport zone type.",
"title": "Flag to indicate if the transport zone is the default one",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"nested_nsx": {
"default": false,
"description": "This flag should be set to true in nested NSX environment. When the \"allow_changing_vdr_mac_in_use\" property in the global config object RoutingGlobalConfig is false, this flag can not be changed if this transport zone is OVERLAY and the change will make any transport node in this transport zone to change the VDR MAC used in any host switch. When this flag is true and this transport zone is OVERLAY, all host switches in this transport zone will use the VDR MAC in the \"vdr_mac_nested\" property in the global config object RoutingGlobalConfig.",
"required": false,
"title": "Flag to indicate if all transport nodes in this transport zone are connected through nested NSX.",
"type": "boolean"
},
"nsx_id": {
"description": "UUID of transport zone on NSX-T enforcement point.",
"readonly": true,
"title": "Transport Zone UUID on NSX-T Enforcement Point",
"type": "string"
},
"origin_id": {
"description": "This field is populated only if the transport zone was created by NSX system to support security on vSphere Distributed Switch (vDS). The origin_id will refer to the identifier of corresponding vDS from it's parent vCenter server.",
"readonly": true,
"required": false,
"title": "The host switch id generated by the system.",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_zone_profile_paths": {
"description": "Policy Transport Zone Profile paths",
"items": {
"type": "string"
},
"required": false,
"title": "Policy Transport Zone Profile paths",
"type": "array"
},
"tz_type": {
"description": "Transport Zone Traffic type, must be one of either VLAN_BACKED or OVERLAY_BACKED. OVERLAY_STANDARD, OVERLAY_ENS and UNKNOWN are DEPRECATED. STANDARD, ENS and ENS_INTERRUPT are hostSwitch modes and same need to be given in HostTransportNode.HostSwitchSpec.",
"enum": [
"OVERLAY_STANDARD",
"OVERLAY_ENS",
"VLAN_BACKED",
"OVERLAY_BACKED",
"UNKNOWN"
],
"required": true,
"title": "Transport Zone Type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"uplink_teaming_policy_names": {
"additionalProperties": false,
"description": "The names of switching uplink teaming policies that all transport nodes in this transport zone support. Uplinkin teaming policies are only valid for VLAN backed transport zones.",
"items": {
"type": "string"
},
"required": false,
"title": "Names of the switching uplink teaming policies that are supported by this transport zone.",
"type": "array"
}
},
"search_dsl_name": [
"transport zone"
],
"title": "Transport Zone",
"type": "object"
}
PolicyTransportZoneListRequestParameters (type)
{
"additionalProperties": false,
"description": "Policy Transport Zone list request parameters.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyTransportZoneListRequestParameters",
"module_id": "PolicyTransportZone",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Transport Zone List Request Parameters",
"type": "object"
}
PolicyTransportZoneListResult (type)
{
"description": "Paged Collection of Transport Zone",
"extends": {
"$ref": "ListResult
},
"id": "PolicyTransportZoneListResult",
"module_id": "PolicyTransportZone",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"additionalProperties": false,
"description": "Transport Zone list result.",
"items": {
"$ref": "PolicyTransportZone
},
"required": true,
"title": "Transport Zone List Result",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Transport Zone",
"type": "object"
}
PolicyTransportZoneProfile (type)
{
"description": "Transport Zone Profile.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyTransportZoneProfile",
"module_id": "PolicyTransportZoneProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"bfd_config": {
"$ref": "BfdHealthMonitoringConfig,
"additionalProperties": false,
"description": "Bfd Health Monitoring Options",
"required": true,
"title": "Bfd Profile Options"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tz_profile_type": {
"description": "Policy Transport Zone Type.",
"enum": [
"BFD"
],
"required": true,
"title": "Policy Transport Zone Type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Transport Zone Profile",
"type": "object"
}
PolicyTransportZoneProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PolicyTransportZoneProfileListRequestParameters",
"module_id": "PolicyTransportZoneProfile",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Policy Transport Zone Profile request parameters",
"type": "object"
}
PolicyTransportZoneProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PolicyTransportZoneProfileListResult",
"module_id": "PolicyTransportZoneProfile",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyTransportZoneProfile
},
"required": true,
"title": "Policy Transport Zone profile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Policy Transport Zone Profiles",
"type": "object"
}
PolicyTunnelDigestAlgorithm (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.",
"enum": [
"SHA1",
"SHA2_256",
"SHA2_384",
"SHA2_512"
],
"id": "PolicyTunnelDigestAlgorithm",
"module_id": "PolicyL3Vpn",
"title": "Digest Algorithms used in tunnel establishment",
"type": "string"
}
PolicyTunnelEncryptionAlgorithm (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication.",
"enum": [
"AES_128",
"AES_256",
"AES_GCM_128",
"AES_GCM_192",
"AES_GCM_256"
],
"id": "PolicyTunnelEncryptionAlgorithm",
"module_id": "PolicyL3Vpn",
"title": "Encryption algorithm used in tunnel",
"type": "string"
}
PolicyUrlCategorizationConfig (type)
{
"additionalProperties": false,
"description": "The type contains information about the configuration of the feature for a specific node. It contains information like the whether the feature is activated/deactivated, the context profiles defining the category list to detect.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyUrlCategorizationConfig",
"module_id": "PolicyUrlCategorization",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"context_profiles": {
"deprecated": true,
"description": "The ids of the context profiles that provides the list of categories to be detected. This field is deprecated. URL Categorization will not be supported in association with context profiles.",
"items": {
"type": "string"
},
"required": false,
"title": "Context profiles",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"description": "Property which specifies the activating/deactivating of the feature.",
"required": true,
"title": "Enabled",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"update_frequency": {
"default": 30,
"description": "The frequency in minutes at which the updates are downloaded from the URL categorization cloud service. The minimum allowed value is 5 minutes.",
"minimum": 5,
"required": false,
"title": "Policy URL Categorization Update Frequency",
"type": "int"
}
},
"title": "URL categorization entity",
"type": "object"
}
PolicyVpcNatRule (type)
{
"additionalProperties": false,
"description": "Represents a NAT rule between source and destination at for a given VPC.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PolicyVpcNatRule",
"module_id": "PolicyVpcNat",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "Source NAT(SNAT) - translates a source IP address into an outbound packet so that the packet appears to originate from a different network. Destination NAT(DNAT) - translates the destination IP address of inbound packets so that packets are delivered to a target address into another network. Reflexive NAT(REFLEXIVE) - one-to-one mapping of source and destination IP addresses.",
"enum": [
"SNAT",
"DNAT",
"REFLEXIVE"
],
"required": true,
"title": "Represents action of NAT Rule SNAT, DNAT, REFLEXIVE",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_network": {
"$ref": "IPElementList,
"description": "This supports single IP address and it does not support IP range or IP sets. For DNAT rules, this is a mandatory field, and represents the destination network for the incoming packets. For other type of rules, optionally it can contain destination network of outgoing packets. NULL value for this field represents ANY network. In case of DNAT NATRule, destination network address should be IPv4 address allocated from External Block associated with VPC.",
"required": false,
"title": "Represents the destination network"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "The flag, which suggests whether the NAT rule is enabled or disabled. The default is True.",
"title": "Policy NAT Rule enabled flag",
"type": "boolean"
},
"firewall_match": {
"default": "MATCH_INTERNAL_ADDRESS",
"description": "It indicates how the firewall matches the address after NATing if firewall stage is not skipped. MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped.",
"enum": [
"MATCH_EXTERNAL_ADDRESS",
"MATCH_INTERNAL_ADDRESS",
"BYPASS"
],
"required": false,
"title": "Represents the firewall match flag",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"logging": {
"default": false,
"description": "The flag, which suggests whether the logging of NAT rule is enabled or disabled. The default is False.",
"title": "Policy NAT Rule logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sequence_number": {
"default": 0,
"description": "The sequence_number decides the rule_priority of a NAT rule. Sequence_number and rule_priority have 1:1 mapping.For each NAT section, there will be reserved rule_priority numbers.The valid range of rule_priority number is from 0 to 2147483647(MAX_INT). 1. INTERNAL section rule_priority reserved from 0 - 1023 (1024 rules) valid sequence_number range 0 - 1023 2. USER section rule_priority reserved from 1024 - 2147482623 (2147481600 rules) valid sequence_number range 0 - 2147481599 3. DEFAULT section rule_priority reserved from 2147482624 - 2147483647 (1024 rules) valid sequence_number range 0 - 1023",
"title": "Sequence number of the Nat Rule",
"type": "int"
},
"source_network": {
"$ref": "IPElementList,
"description": "This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT and REFLEXIVE rules, this is a mandatory field and represents the source network of the packets leaving the network. For DNAT rules, optionally it can contain source network of incoming packets. NULL value for this field represents ANY network.",
"required": false,
"title": "Represents the source network address"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"translated_network": {
"$ref": "IPElementList,
"description": "This supports single IP address or comma separated list of single IP addresses or CIDR. If user specify the CIDR, this value is actually used as an IP pool that includes both the subnet and broadcast addresses as valid for NAT translations. This does not support IP range or IP sets. For SNAT, DNAT and REFLEXIVE rules, this ia a mandatory field, which represents the translated network address. In case of SNAT and Refelexive NATRule, translated network address should be single IPv4 address allocated from External Block associated with VPC.",
"required": false,
"title": "Represents the translated network address"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents a NAT rule between source and destination for a given VPC",
"type": "object"
}
PoolMemberAdminStateType (type)
{
"additionalProperties": false,
"description": "User can set the admin state of a member to ENABLED or DISABLED or GRACEFUL_DISABLED. By default, when a member is added, it is ENABLED. If a member is set to DISABLED, it is not selected for any new connections. Active connections, however, will continue to be processed by it. New connections with matching persistence entries pointing to DISABLED members are not sent to those DISABLED members. Those connections are assigned to other members of the pool and the corresponding persistence entries are updated to point to the newly selected server. To allow for a more graceful way of taking down servers for maintenance, a routine task, another admin state GRACEFUL_DISABLED is supported. Existing connections to a member in GRACEFUL_DISABLED state continue to be processed.",
"enum": [
"ENABLED",
"DISABLED",
"GRACEFUL_DISABLED"
],
"id": "PoolMemberAdminStateType",
"module_id": "LoadBalancer",
"title": "pool member admin state",
"type": "string"
}
PoolMemberSetting (type)
{
"additionalProperties": false,
"description": "The setting is used to add, update or remove pool members from pool. For static pool members, admin_state, display_name and weight can be updated. For dynamic pool members, only admin_state can be updated.",
"id": "PoolMemberSetting",
"module_id": "LoadBalancer",
"properties": {
"admin_state": {
"$ref": "PoolMemberAdminStateType,
"default": "ENABLED",
"required": false,
"title": "Member admin state"
},
"display_name": {
"description": "Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail.",
"required": false,
"title": "Pool member display name",
"type": "string"
},
"ip_address": {
"$ref": "IPAddress,
"required": true,
"title": "Pool member IP address"
},
"port": {
"$ref": "PortElement,
"required": false,
"title": "Pool member port number"
},
"weight": {
"description": "Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail.",
"maximum": 255,
"minimum": 1,
"required": false,
"title": "Pool member weight",
"type": "integer"
}
},
"title": "Pool member setting",
"type": "object"
}
PortAddressBindingEntry (type)
{
"additionalProperties": false,
"description": "Detailed information about static address for the port.",
"id": "PortAddressBindingEntry",
"module_id": "PolicyConnectivity",
"properties": {
"ip_address": {
"description": "IP Address for port binding",
"required": false,
"title": "IP address",
"type": "string"
},
"mac_address": {
"$ref": "MACAddress,
"description": "Mac address for port binding",
"required": false,
"title": "MAC address"
},
"vlan_id": {
"$ref": "VlanID,
"description": "VLAN ID for port binding",
"required": false,
"title": "VLAN ID"
}
},
"title": "Address binding information",
"type": "object"
}
PortAttacher (type) (Deprecated)
{
"deprecated": true,
"id": "PortAttacher",
"module_id": "LogicalPort",
"properties": {
"entity": {
"description": "This is a vmknic name if the attacher is vmknic. Otherwise, it is full path of the attached VM's config file",
"readonly": false,
"required": true,
"title": "Reference to the attached entity",
"type": "string"
},
"host": {
"readonly": false,
"required": true,
"title": "TransportNode on which the attacher resides",
"type": "string"
}
},
"title": "VM or vmknic entity attached to LogicalPort",
"type": "object"
}
PortAttachment (type)
{
"additionalProperties": false,
"description": "Detail information about port attachment",
"id": "PortAttachment",
"module_id": "PolicyConnectivity",
"properties": {
"allocate_addresses": {
"description": "Indicate how IP will be allocated for the port. Enum BOTH references IP pool and MAC pool. Enum NONE is no allocation.",
"enum": [
"IP_POOL",
"MAC_POOL",
"BOTH",
"DHCP",
"DHCPV6",
"SLAAC",
"NONE"
],
"required": false,
"title": "Allocate addresses",
"type": "string"
},
"app_id": {
"description": "ID used to identify/look up a child attachment behind a parent attachment",
"required": false,
"title": "App Id",
"type": "string"
},
"bms_interface_config": {
"$ref": "AttachedInterfaceEntry,
"description": "Indicate application interface configuration for Bare Metal Server.",
"required": false,
"title": "Application interface configuration for Bare metal server"
},
"context_id": {
"description": "If type is CHILD and the parent port is on the same segment as the child port, then this field should be VIF ID of the parent port. If type is CHILD and the parent port is on a different segment, then this field should be policy path of the parent port. If type is INDEPENDENT/STATIC, then this field should be transport node ID.",
"required": false,
"title": "Context ID based on the type",
"type": "string"
},
"context_type": {
"description": "Set to PARENT when type field is CHILD. Read only field.",
"enum": [
"PARENT"
],
"readonly": true,
"title": "Context Type",
"type": "string"
},
"evpn_vlans": {
"description": "List of Evpn tenant VLAN IDs the Parent logical-port serves in Evpn Route-Server mode. Only effective when attachment type is PARENT and the logical-port is attached to vRouter VM.",
"items": {
"type": "string"
},
"maxItems": 1000,
"minItems": 0,
"required": false,
"title": "Evpn tenant VLAN IDs the Parent logical-port serves.",
"type": "array"
},
"hyperbus_mode": {
"default": "DISABLE",
"description": "Flag to indicate if hyperbus configuration is required.",
"enum": [
"ENABLE",
"DISABLE"
],
"title": "Hyperbus mode",
"type": "string"
},
"id": {
"description": "VIF UUID on NSX Manager. If the attachement type is PARENT, this property is required.",
"required": false,
"title": "Port attachment ID",
"type": "string"
},
"traffic_tag": {
"$ref": "VlanID,
"description": "Not valid when type field is INDEPENDENT, mainly used to identify traffic from different ports in container use case.",
"required": false,
"title": "VLAN ID"
},
"type": {
"description": "Type of port attachment. PARENT type is automatically set if evpn_vlans or hyperbus_mode is configured. INDEPENDENT type is automatically set for ports that belong to Segment of type DVPortgroup.",
"enum": [
"PARENT",
"CHILD",
"INDEPENDENT",
"STATIC"
],
"required": false,
"title": "Attachement type",
"type": "string"
}
},
"title": "Attachment information on the port",
"type": "object"
}
PortDiscoveryProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between discovery profile and Port. Using this entity, user can specify intent for applying discovery profile to particular Port. Port here is Logical Port.",
"extends": {
"$ref": "DiscoveryProfileBindingMap
},
"id": "PortDiscoveryProfileBindingMap",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_discovery_profile_path": {
"description": "PolicyPath of associated IP Discovery Profile",
"required": false,
"title": "IP Discovery Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PortDiscoveryProfileBindingMap"
],
"relationshipType": "PORT_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
}
]
},
"mac_discovery_profile_path": {
"description": "PolicyPath of associated Mac Discovery Profile",
"required": false,
"title": "Mac Discovery Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PortDiscoveryProfileBindingMap"
],
"relationshipType": "PORT_BINDINGMAP_MACDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"MacDiscoveryProfile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Port Discovery Profile binding map",
"type": "object"
}
PortDiscoveryProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PortDiscoveryProfileBindingMapListRequestParameters",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Port Discovery Profile Binding Map list request parameters",
"type": "object"
}
PortDiscoveryProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PortDiscoveryProfileBindingMapListResult",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PortDiscoveryProfileBindingMap
},
"required": true,
"title": "Port Discovery Profile Binding Map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Port Discovery Profile Binding Maps",
"type": "object"
}
PortElement (type)
{
"description": "Examples- Single port \"8080\", Range of ports \"8090-8095\"",
"format": "port-or-range",
"id": "PortElement",
"module_id": "Common",
"title": "A port or a port range",
"type": "string"
}
PortMirrorFilter (type)
{
"additionalProperties": false,
"id": "PortMirrorFilter",
"module_id": "PolicyPortMirroring",
"properties": {
"destination_ips": {
"$ref": "IPAddresses,
"description": "Destination IP in the form of IPAddresses, used to match the destination IP of a packet. If not provided, no filtering by destination IPs is performed.",
"title": "Destination IP used to filter packets"
},
"destination_ports": {
"$ref": "PortElement,
"description": "Destination port in the form of a port or port range, used to match the destination port of a packet. If not provided, no filtering by destination port is performed.",
"title": "Destination port or port range used to filter packets"
},
"protocol": {
"description": "The transport protocols of TCP or UDP, used to match the transport protocol of a packet. If not provided, no filtering by IP protocols is performed.",
"enum": [
"TCP",
"UDP"
],
"title": "The protocol used to filter packets.",
"type": "string"
},
"source_ips": {
"$ref": "IPAddresses,
"description": "Source IP in the form of IPAddresses, used to match the source IP of a packet. If not provided, no filtering by source IPs is performed.",
"title": "Source IP used to filter packets"
},
"source_ports": {
"$ref": "PortElement,
"description": "Source port in the form of a port or port range, used to match the source port of a packet. If not provided, no filtering by source port is performed.",
"title": "Source port or port range used to filter packets"
}
},
"type": "object"
}
PortMirroringProfile (type)
{
"additionalProperties": false,
"description": "Mirrors Data from source to destination",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PortMirroringProfile",
"module_id": "PolicyPortMirroring",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_group": {
"description": "Data from source group will be copied to members of destination group. Only IPSET group and group with membership criteria VM is supported. IPSET group allows only three ip's.",
"required": true,
"title": "Destination group path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PortMirroringProfile"
],
"relationshipType": "PORT_MIRRORING_DESTINATION_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
},
"direction": {
"default": "BIDIRECTIONAL",
"description": "Port mirroring profile direction",
"enum": [
"INGRESS",
"EGRESS",
"BIDIRECTIONAL"
],
"title": "Direction",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"encapsulation_type": {
"default": "GRE",
"description": "User can provide Mirror Destination type e.g GRE, ERSPAN_TWO or ERSPAN_THREE.If profile type is REMOTE_L3_SPAN, encapsulation type is used else ignored.",
"enum": [
"GRE",
"ERSPAN_TWO",
"ERSPAN_THREE"
],
"required": false,
"title": "Mirror Destination encapsulation type",
"type": "string"
},
"erspan_id": {
"default": 0,
"description": "Used by physical switch for the mirror traffic forwarding. Must be provided and only effective when encapsulation type is ERSPAN type II or type III.",
"maximum": 1023,
"minimum": 0,
"required": false,
"title": "ERSPAN session id",
"type": "int"
},
"filter_action": {
"default": "INCLUDE",
"description": "If set to INCLUDE, packets matching all filters will be mirrored. If set to EXCLUDE, packets NOT matching any filters will be mirrored.",
"enum": [
"INCLUDE",
"EXCLUDE"
],
"title": "Action to include or exclude traffic for all filter in port_mirroring_filters",
"type": "string"
},
"gre_key": {
"default": 0,
"description": "User-configurable 32-bit key only for GRE",
"minimum": 0,
"required": false,
"title": "GRE encapsulation key",
"type": "int"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"port_mirroring_filters": {
"description": "An array of 5-tuples used to filter packets for the mirror session. If not provided, all the packets will be mirrored. This field is with filter_action which defines whether packets matching the filter will be included or excluded",
"items": {
"$ref": "PortMirrorFilter
},
"maxItems": 1,
"minItems": 0,
"title": "Port mirroring filter",
"type": "array"
},
"profile_type": {
"default": "REMOTE_L3_SPAN",
"description": "Allows user to select type of port mirroring session.",
"enum": [
"REMOTE_L3_SPAN",
"LOGICAL_SPAN"
],
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"snap_length": {
"description": "If this property is set, the packet will be truncated to the provided length. If this property is unset, entire packet will be mirrored.",
"maximum": 65535,
"minimum": 60,
"required": false,
"title": "Maximum packet length for packet truncation",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_ip_stack": {
"default": "Default",
"description": "User can provide Mirror stack or Default stack to send mirror traffic. If profile type is REMOTE_L3_SPAN, tcp_ip_stack type is used else ignored.",
"enum": [
"Default",
"Mirror"
],
"title": "Mirror Destination encapsulation type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Mirrors Data from source to destination",
"type": "object"
}
PortMonitoringProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between monitoring profile and Port. Using this entity, user can specify intent for applying monitoring profile to particular Port. Port here is Segment Port.",
"extends": {
"$ref": "MonitoringProfileBindingMap
},
"id": "PortMonitoringProfileBindingMap",
"module_id": "PolicyMonitoringProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ipfix_l2_profile_path": {
"description": "PolicyPath of associated IPFIX L2 Profile",
"required": false,
"title": "IPFIX L2 Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PortMonitoringProfileBindingMap"
],
"relationshipType": "IPFIX_L2_PROFILE_COLLECTOR_PROFILE_RELATIONSHIP",
"rightType": [
"IPFIXL2CollectorProfile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"port_mirroring_profile_path": {
"description": "PolicyPath of associated Port Mirroring Profile",
"required": false,
"title": "Port Mirroring Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PortMonitoringProfileBindingMap"
],
"relationshipType": "PORT_MIRRORING_PROFILE_PORT_BINDING_MAP_RELATIONSHIP",
"rightType": [
"PortMirroringProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Port Monitoring Profile binding map",
"type": "object"
}
PortQoSProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between qos profile and Port. Using this entity, you can specify intent for applying qos profile to particular Port. Port here is Segment Port.",
"extends": {
"$ref": "QoSProfileBindingMap
},
"id": "PortQoSProfileBindingMap",
"module_id": "PolicyQoSProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"qos_profile_path": {
"description": "PolicyPath of associated QoS Profile",
"required": false,
"title": "QoS Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PortQoSProfileBindingMap"
],
"relationshipType": "QOS_PROFILE_PORT_BINDING_MAP_RELATIONSHIP",
"rightType": [
"QoSProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_name": [
"port qos profile binding map"
],
"title": "Port QoS Profile binding map",
"type": "object"
}
PortQoSProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "PortQoSProfileBindingMapListRequestParameters",
"module_id": "PolicyQoSProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Port QoS Profile Binding Map list request parameters",
"type": "object"
}
PortQoSProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PortQoSProfileBindingMapListResult",
"module_id": "PolicyQoSProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PortQoSProfileBindingMap
},
"required": true,
"title": "Port QoS Profile Binding Map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Port QoS Profile Binding Maps",
"type": "object"
}
PortSecurityProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Contains the binding relationship between port and security profile.",
"extends": {
"$ref": "SecurityProfileBindingMap
},
"id": "PortSecurityProfileBindingMap",
"module_id": "PolicySecurityProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"segment_security_profile_path": {
"description": "The policy path of the asscociated Segment Security profile",
"required": false,
"title": "Segment Security Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PortSecurityProfileBindingMap"
],
"relationshipType": "PORT_SECURITY_BINDING_MAP_SEGMENT_SECURITY_RELATIONSHIP",
"rightType": [
"SegmentSecurityProfile"
]
}
]
},
"spoofguard_profile_path": {
"description": "The policy path of the asscociated SpoofGuard profile",
"required": false,
"title": "SpoofGuard Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PortSecurityProfileBindingMap"
],
"relationshipType": "PORT_SECURITY_BINDING_MAP_SPOOFGUARD_RELATIONSHIP",
"rightType": [
"SpoofGuardProfile",
"IPDiscoveryProfile"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Security profile binding map for port",
"type": "object"
}
PortSecurityProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "PortSecurityProfileBindingMapListRequestParameters",
"module_id": "PolicySecurityProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Port security profile binding map request parameters",
"type": "object"
}
PortSecurityProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PortSecurityProfileBindingMapListResult",
"module_id": "PolicySecurityProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PortSecurityProfileBindingMap
},
"required": true,
"title": "Port security profile binding map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of port security profile binding maps",
"type": "object"
}
PreReqCondition (type)
{
"enum": [
"WAVE_FRONT",
"TSDB",
"TRACE"
],
"id": "PreReqCondition",
"module_id": "PolicySha",
"title": "Valid pre-req condition",
"type": "string"
}
PreUpgradeHealthCheckInfo (type)
{
"description": "Information about the ESX health perspective check.",
"id": "PreUpgradeHealthCheckInfo",
"module_id": "EHP",
"properties": {
"check": {
"default": "",
"description": "Identifier of the check.",
"readonly": false,
"required": true,
"title": "Check Identifier",
"type": "string"
},
"description": {
"$ref": "PreUpgradeHealthCheckMessage,
"description": "Description of the check.",
"readonly": false,
"required": true,
"title": "PreUpgradeHealthCheck description"
},
"name": {
"$ref": "PreUpgradeHealthCheckMessage,
"description": "Name of the check.",
"readonly": false,
"required": true,
"title": "PreUpgradeHealthCheck name"
}
},
"title": "ESX health perspective check information",
"type": "object"
}
PreUpgradeHealthCheckMessage (type)
{
"additionalProperties": false,
"description": "Localized message object related to host health perspective.",
"id": "PreUpgradeHealthCheckMessage",
"module_id": "EHP",
"properties": {
"default_message": {
"default": "",
"description": "The value of this localizable string or message template in the en_US (English) locale.",
"readonly": false,
"required": true,
"title": "Default message",
"type": "string"
},
"id": {
"default": "",
"description": "Unique identifier of the localizable string or message template.",
"readonly": false,
"required": true,
"title": "Identifier of Localizable String",
"type": "string"
},
"localized": {
"description": "Localized string value as per request requirements.",
"readonly": false,
"required": false,
"title": "Localized string",
"type": "string"
}
},
"title": "host health perspective localized message",
"type": "object"
}
PreUpgradeHealthCheckRequest (type)
{
"id": "PreUpgradeHealthCheckRequest",
"module_id": "EHP",
"properties": {
"entity-id": {
"description": "Unique identifier of host moref.",
"readonly": false,
"required": true,
"title": "Entity Identifier",
"type": "string"
},
"vcenter-uuid": {
"description": "Instance uuid of vCenter. To get the instance id refer the <b>instanceUuid</b> field of https://<nsx-mgr>/api/v1/fabric/compute-managers API response.",
"readonly": false,
"required": true,
"title": "vCenter uuid",
"type": "string"
}
},
"title": "Health perspective check request",
"type": "object"
}
PreUpgradeHealthCheckStatus (type)
{
"description": "Status of an host health perspective check.",
"id": "PreUpgradeHealthCheckStatus",
"module_id": "EHP",
"properties": {
"info": {
"$ref": "PreUpgradeHealthCheckInfo,
"description": "Status of the check.",
"readonly": false,
"required": true,
"title": "Check Information"
},
"issues": {
"default": [],
"description": "List of issues reported by the check.",
"items": {
"$ref": "PreUpgradeHealthCheckMessage
},
"readonly": false,
"required": true,
"title": "List of issues",
"type": "array"
},
"status": {
"enum": [
"OK",
"WAIT",
"NOT_OK"
],
"readonly": false,
"required": true,
"title": "Status of check",
"type": "string"
},
"wait_duration": {
"description": "Duration in milliseconds to wait before issuing status check again. This field is optional and is only populated when status is WAIT.",
"readonly": true,
"required": false,
"title": "Wait duration",
"type": "int"
}
},
"title": "ESX health perspective check status",
"type": "object"
}
PreUpgradeHostHealthCheckStatuses (type)
{
"description": "Aggregated status list of performed host pre-upgrade checks.",
"id": "PreUpgradeHostHealthCheckStatuses",
"module_id": "EHP",
"properties": {
"check_statuses": {
"default": [],
"description": "List of pre check statuses.",
"items": {
"$ref": "PreUpgradeHealthCheckStatus
},
"readonly": false,
"required": true,
"title": "Check statuses",
"type": "array"
},
"status": {
"description": "Aggregated status of all individual checks. It will be OK only when all executed checks return OK.",
"enum": [
"OK",
"WAIT",
"NOT_OK"
],
"readonly": true,
"required": true,
"title": "Aggregated status of all checks",
"type": "string"
},
"wait_duration": {
"description": "Duration in milliseconds to wait before issuing status check again. This field is optional and is only populated when status is WAIT.",
"readonly": true,
"required": false,
"title": "Wait duration",
"type": "int"
}
},
"title": "host health perspective checks status list",
"type": "object"
}
PrefixEntry (type)
{
"additionalProperties": false,
"id": "PrefixEntry",
"module_id": "PolicyConnectivity",
"properties": {
"action": {
"default": "PERMIT",
"description": "Action for the prefix list.",
"enum": [
"PERMIT",
"DENY"
],
"required": false,
"title": "Action for the prefix list",
"type": "string"
},
"ge": {
"description": "Prefix length greater than or equal to.",
"maximum": 128,
"minimum": 1,
"title": "Prefix length greater than or equal to",
"type": "int"
},
"le": {
"description": "Prefix length less than or equal to.",
"maximum": 128,
"minimum": 1,
"title": "Prefix length less than or equal to",
"type": "int"
},
"network": {
"description": "Network prefix in CIDR format. \"ANY\" matches all networks.",
"required": true,
"title": "Network prefix in CIDR format",
"type": "string"
}
},
"title": "Network prefix entry",
"type": "object"
}
PrefixList (type)
{
"additionalProperties": false,
"description": "A named list of prefixes for routing purposes.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "PrefixList",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"prefixes": {
"description": "Specify ordered list of network prefixes.",
"items": {
"$ref": "PrefixEntry
},
"minItems": 1,
"required": true,
"title": "Ordered list of network prefixes",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A named list of prefixes for routing purposes",
"type": "object"
}
PrefixListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "PrefixListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "PrefixList request parameters",
"type": "object"
}
PrefixListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PrefixListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PrefixList
},
"required": true,
"title": "PrefixList results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of PrefixLists",
"type": "object"
}
Principal (type)
{
"additionalProperties": false,
"id": "Principal",
"module_id": "CertificateManager",
"properties": {
"attributes": {
"description": "Attribute list.",
"items": {
"$ref": "KeyValue
},
"readonly": false,
"required": true,
"type": "array"
}
},
"type": "object"
}
PrincipalIdentity (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "PrincipalIdentity",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"certificate_id": {
"description": "Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required.",
"readonly": false,
"required": false,
"title": "Id of the stored certificate",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_protected": {
"description": "Indicator whether the entities created by this principal should be protected.",
"readonly": false,
"required": false,
"title": "Protection indicator",
"type": "boolean"
},
"name": {
"description": "Name of the principal.",
"maxLength": 255,
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Name",
"type": "string"
},
"node_id": {
"description": "Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string.",
"maxLength": 255,
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Unique node-id",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"role": {
"deprecated": true,
"deprecation_advice": "Deprecated in favor of roles_for_paths",
"description": "The roles that are associated with this PI.",
"pattern": "^[_a-z0-9-]+$",
"readonly": false,
"required": false,
"title": "Role",
"type": "string"
},
"roles_for_paths": {
"description": "The roles that are associated with this PI, limiting them to a policy path like '/infra'. In case the path is '/', the roles apply everywhere.",
"items": {
"$ref": "RolesForPath
},
"readonly": false,
"required": false,
"title": "Roles for Paths",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
PrincipalIdentityList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "PrincipalIdentityList",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "PrincipalIdentity list.",
"items": {
"$ref": "PrincipalIdentity
},
"readonly": false,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "PrincipalIdentity query result",
"type": "object"
}
PrincipalIdentityWithCertificate (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PrincipalIdentity
},
"id": "PrincipalIdentityWithCertificate",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"certificate_id": {
"description": "Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required.",
"readonly": false,
"required": false,
"title": "Id of the stored certificate",
"type": "string"
},
"certificate_pem": {
"description": "PEM encoding of the new certificate.",
"readonly": false,
"required": true,
"title": "PEM encoding of the new certificate",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_protected": {
"description": "Indicator whether the entities created by this principal should be protected.",
"readonly": false,
"required": false,
"title": "Protection indicator",
"type": "boolean"
},
"name": {
"description": "Name of the principal.",
"maxLength": 255,
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Name",
"type": "string"
},
"node_id": {
"description": "Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string.",
"maxLength": 255,
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Unique node-id",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"role": {
"deprecated": true,
"deprecation_advice": "Deprecated in favor of roles_for_paths",
"description": "The roles that are associated with this PI.",
"pattern": "^[_a-z0-9-]+$",
"readonly": false,
"required": false,
"title": "Role",
"type": "string"
},
"roles_for_paths": {
"description": "The roles that are associated with this PI, limiting them to a policy path like '/infra'. In case the path is '/', the roles apply everywhere.",
"items": {
"$ref": "RolesForPath
},
"readonly": false,
"required": false,
"title": "Roles for Paths",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
ProfileBindingListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "ProfileBindingListRequestParameters",
"module_id": "PolicyProfile",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Profile binding map list request parameters",
"type": "object"
}
ProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between profile and policy entities.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ProfileBindingMap",
"module_id": "PolicyProfile",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profile_path": {
"description": "PolicyPath of associated Profile",
"required": true,
"title": "Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupDiscoveryProfileBindingMap"
],
"relationshipType": "GROUP_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
},
{
"leftType": [
"PolicyFirewallFloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"FloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"PolicyFirewallCPUMemThresholdsProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FirewallCPUMemoryThresholdsProfile"
]
},
{
"leftType": [
"SessionTimerProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
},
{
"leftType": [
"DnsSecurityProfileBindingMap"
],
"relationshipType": "DNS_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"DnsSecurityProfile"
]
},
{
"leftType": [
"GeneralSecurityProfileBindingMap"
],
"relationshipType": "GATEWAY_GENERAL_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"GeneralSecurityProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy base profile binding map",
"type": "object"
}
ProfileSeverity (type)
{
"enum": [
"CRITICAL",
"HIGH",
"MEDIUM",
"LOW",
"SUSPICIOUS"
],
"id": "ProfileSeverity",
"module_id": "PolicyIDS",
"title": "Intrusion Detection System Profile severity",
"type": "string"
}
ProfileSupportedAttributeTypesResult (type)
{
"additionalProperties": false,
"id": "ProfileSupportedAttributeTypesResult",
"module_id": "PolicyContextProfile",
"properties": {
"attribute_types": {
"items": {
"type": "string"
},
"readonly": true,
"title": "List of ProfileSupportedAttributes types",
"type": "array"
}
},
"title": "Context Profile SupportedAttributes Types",
"type": "object"
}
ProfileSupportedAttributesListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "ProfileSupportedAttributesListRequestParameters",
"module_id": "PolicyContextProfile",
"properties": {
"attribute_key": {
"description": "It fetches attributes and subattributes for the given attribute key supported in the system which can be used for Policy Context Profile creation.",
"required": false,
"title": "Fetch attributes and sub-attributes for the given attribute key",
"type": "string"
},
"attribute_source": {
"default": "SYSTEM",
"description": "It fetches attributes and sub attributes for the given attribute key based on the source of attribute which can be used for Policy Context Profile creation.",
"enum": [
"ALL",
"CUSTOM",
"SYSTEM"
],
"required": false,
"title": "Source of the attribute, System Defined or custom",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Profile Attributes list request parameters.",
"type": "object"
}
ProgressItem (type)
{
"id": "ProgressItem",
"module_id": "SiteManagerModule",
"properties": {
"description": {
"required": true,
"title": "Item description",
"type": "string"
},
"name": {
"required": true,
"title": "Name of the item",
"type": "string"
},
"parts": {
"items": {
"$ref": "ProgressItemPart
},
"title": "Finer details, usually there is only one part",
"type": "array"
}
},
"type": "object"
}
ProgressItemPart (type)
{
"id": "ProgressItemPart",
"module_id": "SiteManagerModule",
"properties": {
"description": {
"required": true,
"title": "Description of the process",
"type": "string"
},
"error": {
"required": false,
"title": "Error message, if ran into error",
"type": "string"
},
"name": {
"required": true,
"title": "Name of the process",
"type": "string"
},
"percentage": {
"required": true,
"title": "0 - 100 of the task being completed",
"type": "integer"
},
"status": {
"enum": [
"RUNNING",
"ERROR",
"COMPLETE"
],
"required": true,
"title": "Status of this process",
"type": "string"
}
},
"type": "object"
}
Project (type)
{
"additionalProperties": false,
"description": "Project is a construct that provides network isolation for all its contents out of the box, where the compute and networking elements within are isolated from other Projects. The Project will also be used to provide hybridity across on-prem datacenters and the cloud, thus providing a means of building private clouds with elements both on-prem and in the cloud. The project can be created by users with Org Admin role and read access to Tier0s and Edge clusters. Read access to Tier0s and Edge clusters can be achieved by either associating the user with another role with the required permissions (say Auditor), or by sharing the Tier0s and Edge clusters with the Org before creating the project. The project can also be created by users with Enterprise Admin role without explicit sharing of Tier0s and Edge clusters.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Project",
"module_id": "PolicyProject",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"activate_default_dfw_rules": {
"description": "By default, Project is created with default distributed firewall rules, this flag allows to deactivate those default rules . If not set, the default rules are enabled. The system will expect the API user to pass this flag as \"false\" when the system is not entitled to distributed firewall.",
"nsx_feature": "LicenseDistinctCheck",
"required": false,
"title": "Activate the default DFW rules for the Project",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"dedicated_resources": {
"$ref": "DedicatedResources,
"required": false
},
"default": {
"description": "true - the project is a default project. Default projects are non-editable, system create ones.",
"readonly": true,
"required": false,
"title": "Flag to indicate that the project is a default project",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"external_ipv4_blocks": {
"description": "IP block used for allocating CIDR blocks for public subnets. IP block can be consumed by all the VPCs under this project. CIDR that must be unique across Org/provider and will be auto advertised up to Org/Provider Tier0 gateway.",
"items": {
"type": "string"
},
"required": false,
"title": "PolicyPath of public ip block",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Project"
],
"relationshipType": "PROJECT_EXTERNAL_IPV4BLOCK_RELATIONSHIP",
"rightType": [
"IpAddressBlock"
]
}
]
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"short_id": {
"description": "Defaults to id if id is less than equal to 8 characters or defaults to random generated id if not set.",
"maxLength": 8,
"title": "Identifier to use when displaying project context in logs",
"type": "string"
},
"site_infos": {
"description": "Information related to sites applicable for given Project. For on-prem deployment, only 1 is allowed.",
"items": {
"$ref": "SiteInfo
},
"maxItems": 16,
"required": false,
"title": "Collection of Site information",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tier_0s": {
"description": "The tier 0 path or label of type Tier0 has to be pre-created before Project is created. The tier 0 typically provides connectivity to external world. List of sites for Project has to be subset of sites where the tier 0 spans. Label should have reference of Tier0 path.",
"items": {
"type": "string"
},
"required": false,
"title": "Array of Tier 0s path or label associated with this Project.",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Project"
],
"relationshipType": "PROJECT_TIER0_RELATIONSHIP",
"rightType": [
"Tier0"
]
},
{
"leftType": [
"Project"
],
"relationshipType": "PROJECT_TIER0_LABEL_RELATIONSHIP",
"rightType": [
"Label"
]
}
]
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"vc_folder": {
"nsx_feature": "VCFolder",
"required": false,
"title": "Flag to specify whether the DVPGs created for project segments are grouped under a folder on the VC.",
"type": "boolean"
}
},
"title": "Policy Project",
"type": "object"
}
ProjectRouteFilter (type)
{
"additionalProperties": false,
"description": "Project route filter to control routes advertised from Project's Tier1 Gateway to Tier0 Gateway. If project route filter configured for project then match_prefix_list must permit prefixes including public blocks for route advertisement from Tier1 gateway and VPC. Project route filter can only be configured by Enterprise Admin in case of LM and Org Admin or EA in case of NSX+.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ProjectRouteFilter",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"match_prefix_list": {
"description": "Policy path to prefixList to filter routes advertised from Tier1 Gateway.",
"items": {
"type": "string"
},
"maxItems": 2,
"required": true,
"title": "Policy path to PrefixList",
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"projects_list": {
"description": "Prefix list will be applied to all Tier-1s and VPCs under the specified list of project Paths. Project cannot be part of multiple route filter configurations.",
"items": {
"type": "string"
},
"required": true,
"title": "List of project paths",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Project route filter",
"type": "object"
}
PropertyItem (type)
{
"additionalProperties": false,
"description": "Represents a label-value pair.",
"id": "PropertyItem",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"condition": {
"description": "If the condition is met then the property will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"title": "Id of drilldown widget",
"type": "string"
},
"field": {
"description": "Represents field value of the property.",
"maxLength": 1024,
"required": true,
"title": "Field of the Property",
"type": "string"
},
"heading": {
"default": false,
"description": "Set to true if the field is a heading. Default is false.",
"title": "If true, represents the field as a heading",
"type": "boolean"
},
"label": {
"$ref": "Label,
"description": "If a field represents a heading, then label is not needed",
"title": "Label of the property"
},
"label_value_separator": {
"description": "Label value separator used between label and value. It can be any separator like \":\" or \"-\".",
"title": "Labale value separator used between label and value",
"type": "string"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details. This will be linked with value of the property.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"render_configuration": {
"description": "Render configuration to be applied, if any.",
"items": {
"$ref": "RenderConfiguration
},
"title": "Render Configuration",
"type": "array"
},
"rowspan": {
"description": "Represent the vertical span of the widget / container",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"separator": {
"default": false,
"description": "If true, separates this property in a widget.",
"title": "A separator after this property",
"type": "boolean"
},
"span": {
"description": "Represent the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"style": {
"description": "A style object applicable for the property item. It could be the any padding, margin style sheet applicable to the property item. A 'style' property is supported in case of layout 'AUTO' only.",
"title": "A Style object applicable for the Property Item",
"type": "object"
},
"type": {
"default": "String",
"description": "Data type of the field.",
"enum": [
"String",
"Number",
"Date",
"Url"
],
"maxLength": 255,
"required": true,
"title": "field data type",
"type": "string"
}
},
"title": "LabelValue Property",
"type": "object"
}
Protocol (type)
{
"abstract": true,
"additionalProperties": {},
"id": "Protocol",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "name"
},
"properties": {
"name": {
"enum": [
"http",
"https",
"scp",
"sftp"
],
"required": true,
"title": "Protocol name",
"type": "string"
}
},
"type": "object"
}
ProtocolVersion (type)
{
"additionalProperties": false,
"id": "ProtocolVersion",
"module_id": "ApiServiceConfig",
"properties": {
"enabled": {
"required": true,
"title": "Enable status for this protocol version",
"type": "boolean"
},
"name": {
"required": true,
"title": "Name of the TLS protocol version",
"type": "string"
}
},
"title": "HTTP protocol version",
"type": "object"
}
QoSBaseRateLimiter (type)
{
"abstract": true,
"id": "QoSBaseRateLimiter",
"module_id": "PolicyQoS",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"enabled": {
"required": true,
"type": "boolean"
},
"resource_type": {
"default": "IngressRateLimiter",
"description": "Type rate limiter",
"enum": [
"IngressRateLimiter",
"IngressBroadcastRateLimiter",
"EgressRateLimiter"
],
"required": true,
"type": "string"
}
},
"title": "A Limiter configuration entry that specifies type and metrics",
"type": "object"
}
QoSDscp (type)
{
"description": "Dscp value is ignored in case of 'TRUSTED' DscpTrustMode.",
"id": "QoSDscp",
"module_id": "PolicyQoS",
"properties": {
"mode": {
"$ref": "DscpTrustMode
},
"priority": {
"default": 0,
"maximum": 63,
"minimum": 0,
"title": "Internal Forwarding Priority",
"type": "int"
}
},
"required": true,
"title": "One of QoS or Encapsulated-Remote-Switched-Port-Analyzer",
"type": "object"
}
QoSProfile (type)
{
"extends": {
"$ref": "PolicyConfigResource
},
"id": "QoSProfile",
"module_id": "PolicyQoS",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"class_of_service": {
"description": "Class of service groups similar types of traffic in the network and each type of traffic is treated as a class with its own level of service priority. The lower priority traffic is slowed down or in some cases dropped to provide better throughput for higher priority traffic. If the field is not provided during PUT / PATCH call, a default value is assigned.",
"maximum": 7,
"minimum": 0,
"required": false,
"title": "Class of service",
"type": "int"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dscp": {
"$ref": "QoSDscp
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"shaper_configurations": {
"description": "Array of Rate limiter configurations to applied on Segment or Port.",
"items": {
"$ref": "QoSBaseRateLimiter
},
"maxItems": 3,
"minItems": 0,
"required": false,
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_name": [
"qos segment profile"
],
"type": "object"
}
QoSProfileBindingMap (type)
{
"abstract": true,
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "QoSProfileBindingMap",
"module_id": "PolicyQoSProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base QoS Profile Binding Map",
"type": "object"
}
QoSProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "QoSProfileListRequestParameters",
"module_id": "PolicyQoS",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "QoS Profile request parameters",
"type": "object"
}
QoSProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "QoSProfileListResult",
"module_id": "PolicyQoS",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "QoSProfile
},
"required": true,
"title": "QoS profiles list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of QoS profiles",
"type": "object"
}
RAConfig (type)
{
"additionalProperties": false,
"id": "RAConfig",
"module_id": "Routing",
"properties": {
"hop_limit": {
"default": 64,
"description": "The maximum number of hops through which packets can pass before being discarded.",
"maximum": 255,
"minimum": 0,
"required": false,
"title": "Hop limit",
"type": "integer"
},
"prefix_lifetime": {
"default": 2592000,
"description": "The time interval in seconds, in which the prefix is advertised as valid.",
"maximum": 4294967295,
"minimum": 0,
"required": false,
"title": "Lifetime of prefix",
"type": "integer"
},
"prefix_preferred_time": {
"default": 604800,
"description": "The time interval in seconds, in which the prefix is advertised as preferred.",
"maximum": 4294967295,
"minimum": 0,
"required": false,
"title": "Prefix preferred time",
"type": "integer"
},
"ra_interval": {
"default": 600,
"description": "Interval between 2 Router advertisement in seconds.",
"maximum": 1800,
"minimum": 4,
"required": false,
"title": "RA interval",
"type": "integer"
},
"router_lifetime": {
"default": 1800,
"description": "Router lifetime value in seconds. A value of 0 indicates the router is not a default router for the receiving end. Any other value in this field specifies the lifetime, in seconds, associated with this router as a default router.",
"maximum": 65520,
"minimum": 0,
"required": false,
"title": "Lifetime of router",
"type": "integer"
},
"router_preference": {
"$ref": "NDRAPreference,
"default": "MEDIUM",
"description": "NDRA Router preference value with MEDIUM as default. If the router_lifetime is 0, the preference must be set to MEDIUM.",
"required": false,
"title": "Router preference"
}
},
"type": "object"
}
RAMode (type)
{
"additionalProperties": false,
"description": "Router Advertisement Modes. DISABLED - RA is disabled SLAAC_DNS_THROUGH_RA - Stateless address auto-configuration RA for address and configuration SLAAC_DNS_THROUGH_DHCP - SLAAC RA for address and DHCPv6 for configuration DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - DHCPv6 for address and configurations SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP - SLAAC RA and DHCPv6 for address and configurations",
"enum": [
"DISABLED",
"SLAAC_DNS_THROUGH_RA",
"SLAAC_DNS_THROUGH_DHCP",
"DHCP_ADDRESS_AND_DNS_THROUGH_DHCP",
"SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP"
],
"id": "RAMode",
"module_id": "Routing",
"title": "Router Advertisement Mode",
"type": "string"
}
RaDNSConfig (type)
{
"additionalProperties": false,
"id": "RaDNSConfig",
"module_id": "Routing",
"properties": {
"dns_server": {
"description": "DNS server.",
"items": {
"$ref": "IPv6Address
},
"maxItems": 8,
"required": false,
"title": "DNS server",
"type": "array"
},
"dns_server_lifetime": {
"default": 1800000,
"maximum": 4294967295,
"minimum": 0,
"required": false,
"title": "Lifetime of DNS server in milliseconds",
"type": "integer"
},
"domain_name": {
"description": "Domain name in RA message.",
"items": {
"type": "string"
},
"maxItems": 8,
"required": false,
"title": "Domain name",
"type": "array"
},
"domain_name_lifetime": {
"default": 1800000,
"maximum": 4294967295,
"minimum": 0,
"required": false,
"title": "Lifetime of Domain names in milliseconds",
"type": "integer"
}
},
"type": "object"
}
RdPerEdgeEntry (type)
{
"id": "RdPerEdgeEntry",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"edge_display_name": {
"title": "display name of the edge",
"type": "string"
},
"edge_path": {
"title": "edge path",
"type": "string"
},
"rd": {
"title": "Route Distinguisher",
"type": "string"
}
},
"title": "Route Distinguisher per edge",
"type": "object"
}
RdPerEdgeMapping (type)
{
"description": "This object holds route distinguishers per edge.",
"id": "RdPerEdgeMapping",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"rd_per_edge_mapping": {
"items": {
"$ref": "RdPerEdgeEntry
},
"title": "List of Route Distinguisher per edge",
"type": "array"
}
},
"title": "Route Distinguisher per edge node",
"type": "object"
}
Reaction (type)
{
"additionalProperties": false,
"description": "Reaction represents a programmable entity which encapsulates the events and the actions in response to the events, or simply \"If This Then That\".",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Reaction",
"module_id": "PolicyReaction",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"actions": {
"description": "Actions that need to be taken when the events occur. These actions must appear in the order that they need to be taken in. This field can be interpreted as the HOW of the Reaction, or simply as \"Then That\".",
"items": {
"$ref": "Action
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "Reaction Actions",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"events": {
"description": "Events that provide contextual variables about what the reaction should react to. This field can be interpreted as the WHAT of the Reaction, or simply as \"If This\" Clause.",
"items": {
"$ref": "Event
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "Reaction Events",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Reaction",
"type": "object"
}
RealizationListRequestParameters (type)
{
"additionalProperties": false,
"description": "List request params for the pass through type api that get data from the Enforcement point. The basic requirement for these kind of APIs is filtering by Enforcement point.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "RealizationListRequestParameters",
"module_id": "PolicyGroupRealization",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Realization list request params",
"type": "object"
}
RealizedStateRequestParameter (type)
{
"description": "Request parameter that represents a binding between an intent path and enforcement point path. A request on the realized state can be parameterized with this pair and will be evaluted as follows: - {intent_path}: the request is evaluated on all enforcement points for the given intent. - {intent_path, enforcement_point_path}: the request is evaluated only on the given enforcement point for the given intent.",
"id": "RealizedStateRequestParameter",
"module_id": "PolicyRealizedState",
"properties": {
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"intent_path": {
"description": "Intent path of object, forward slashes must be escaped using %2F",
"required": true,
"title": "String Path of the intent object",
"type": "string"
}
},
"title": "Binding between Intent and Enforcement Point Paths",
"type": "object"
}
RealizedVirtualMachine (type)
{
"additionalProperties": false,
"experimental": true,
"extends": {
"$ref": "PolicyRealizedResource
},
"id": "RealizedVirtualMachine",
"module_id": "PolicyRealizedState",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alarms": {
"items": {
"$ref": "PolicyAlarmResource
},
"required": false,
"title": "Alarm info detail",
"type": "array"
},
"compute_ids": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx']",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"host_id": {
"readonly": true,
"required": false,
"title": "Id of the host on which the vm exists.",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"intent_reference": {
"items": {
"type": "string"
},
"required": false,
"title": "Desire state paths of this object",
"type": "array"
},
"local_id_on_host": {
"readonly": true,
"required": false,
"title": "Id of the vm unique within the host.",
"type": "string"
},
"operational_status": {
"description": "Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive.",
"required": false,
"title": "String representation of operational status",
"type": "string"
},
"operational_status_error": {
"description": "It defines the root cause for operational status error.",
"required": false,
"title": "String representation of operational status error",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"deprecated": true,
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"deprecated": true,
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"power_state": {
"enum": [
"VM_RUNNING",
"VM_STOPPED",
"VM_SUSPENDED",
"UNKNOWN"
],
"readonly": true,
"required": false,
"title": "Current power state of this virtual machine in the system.",
"type": "string"
},
"publish_status": {
"description": "Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive.",
"required": false,
"title": "String representation of publish status",
"type": "string"
},
"publish_status_error": {
"description": "It defines the root cause for publish status error.",
"required": false,
"title": "String representation of publish status error",
"type": "string"
},
"publish_status_error_code": {
"description": "It defines error code for publish status error.",
"required": false,
"title": "Represents error code for publish status.",
"type": "int"
},
"publish_status_error_details": {
"description": "Error details for publish status.",
"items": {
"$ref": "ConfigurationStateElement
},
"required": false,
"title": "Details for publich status error.",
"type": "array"
},
"publish_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time",
"readonly": true,
"title": "Publish time of the intent"
},
"realization_api": {
"required": false,
"title": "Realization API of this object on enforcement point",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"realization_specific_identifier": {
"required": false,
"title": "Realization id of this object",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"runtime_error": {
"description": "It define the root cause for runtime error.",
"required": false,
"title": "String representation of runtime error",
"type": "string"
},
"runtime_status": {
"deprecated": true,
"description": "Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive.",
"required": false,
"title": "String representation of runtime status",
"type": "string"
},
"state": {
"enum": [
"UNAVAILABLE",
"UNREALIZED",
"REALIZED",
"ERROR"
],
"required": true,
"title": "Realization state of this object",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"time_taken_for_realization": {
"description": "This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization",
"title": "Appoximate time taken in milliseconds for end to end realization.",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Realized Virtual Machine",
"type": "object"
}
RealizedVirtualMachineListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "RealizedVirtualMachineListResult",
"module_id": "PolicyGroupStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "RealizedVirtualMachine,
"title": "Virtual machine list result"
},
"required": false,
"title": "Paged Collection of VMs",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
RecommendedFeaturePermission (type)
{
"id": "RecommendedFeaturePermission",
"module_id": "AAA",
"properties": {
"recommended_permissions": {
"items": {
"type": "string"
},
"required": true,
"title": "Permission",
"type": "array"
},
"src_features": {
"items": {
"type": "string"
},
"required": true,
"title": "List of source features",
"type": "array"
},
"target_feature": {
"required": true,
"title": "Feature",
"type": "string"
}
},
"title": "Recommended Feature Permission",
"type": "object"
}
RecommendedFeaturePermissionListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "RecommendedFeaturePermissionListResult",
"module_id": "AAA",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "RecommendedFeaturePermission
},
"required": true,
"title": "List results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
RedirectionPolicy (type)
{
"additionalProperties": false,
"description": "Ordered list of rules long with the path of PolicyServiceInstance to which the traffic needs to be redirected. | Please note that the scope property must be provided for NS redirection | policy if redirect to is a service chain. For NS, when redirect to is not | to the service chain, and scope is specified on RedirectionPolicy, it | will be ignored. The scope will be determined from redirect to path | instead. For EW policy, scope must not be supplied in the request. | Path to either Tier0 or Tier1 is allowed as the scope. Only 1 path | can be specified as a scope. | Also, note that, if stateful flag is not sent, it will be treated as true. If statelessness is intended, false must be sent explicitly as the value | for stateful field.",
"extends": {
"$ref": "Policy
},
"id": "RedirectionPolicy",
"module_id": "PolicyServiceInsertion",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"north_south": {
"description": "This is the read only flag which will state the direction of this | redirection policy. True denotes that it is NORTH-SOUTH and false | value means it is an EAST-WEST redirection policy.",
"readonly": true,
"title": "Flag to denote whether it is north south policy",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"redirect_to": {
"description": "Paths to which traffic will be redirected to. As of now, only 1 is | supported. Paths allowed are | 1. Policy Service Instance | 2. Service Instance Endpoint | 3. Virtual Endpoint | 4. Policy Service Chain",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "List of redirect to target paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_POLICY_SERVICE_INSTANCE_RELATIONSHIP",
"rightType": [
"PolicyServiceInstance"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_POLICY_SERVICE_INSTANCE_ENDPOINT_RELATIONSHIP",
"rightType": [
"ServiceInstanceEndpoint"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_VIRTUAL_ENDPOINT_RELATIONSHIP",
"rightType": [
"VirtualEndpoint"
]
}
]
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"rules": {
"description": "Redirection rules that are a part of this RedirectionPolicy. At max, there can be 1000 rules in a given RedirectPolicy.",
"items": {
"$ref": "RedirectionRule
},
"maxItems": 1000,
"required": false,
"title": "Redirection rules that are a part of this RedirectionPolicy",
"type": "array"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of rules and path to PolicyServiceInstance\n",
"type": "object"
}
RedirectionRule (type)
{
"additionalProperties": false,
"extends": {
"$ref": "BaseRule
},
"id": "RedirectionRule",
"module_id": "PolicyServiceInsertion",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "The action to be applied to all the services",
"enum": [
"REDIRECT",
"DO_NOT_REDIRECT"
],
"required": false,
"title": "Action",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Destination group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"destinations_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups",
"readonly": false,
"required": false,
"title": "Negation of destination groups",
"type": "boolean"
},
"direction": {
"default": "IN_OUT",
"description": "Define direction of traffic.",
"enum": [
"IN",
"OUT",
"IN_OUT"
],
"required": false,
"title": "Direction",
"type": "string"
},
"disabled": {
"default": false,
"description": "Flag to deactivate the rule. Default is activated.",
"readonly": false,
"required": false,
"title": "Flag to deactivate the rule",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_protocol": {
"description": "Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.",
"enum": [
"IPV4",
"IPV6",
"IPV4_IPV6"
],
"readonly": false,
"required": false,
"title": "IPv4 vs IPv6 packet type",
"type": "string"
},
"is_default": {
"description": "A flag to indicate whether rule is a default rule.",
"readonly": true,
"required": false,
"title": "Default rule flag",
"type": "boolean"
},
"logged": {
"default": false,
"description": "Flag to enable packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"notes": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.",
"maxLength": 2048,
"readonly": false,
"required": false,
"title": "Text for additional notes on changes",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profiles": {
"description": "Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Layer 7 service profiles or TLS action profile",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"Rule"
],
"relationshipType": "COMMUNICATION_ENTRY_L7_ACCESS_PROFILE_RELATIONSHIP",
"rightType": [
"L7AccessProfile"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_id": {
"description": "This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.",
"readonly": true,
"required": false,
"title": "Unique rule ID",
"type": "integer"
},
"scope": {
"description": "The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier0Interface",
"Tier1Interface",
"Tier0",
"Tier1",
"IPSecVpnSession",
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number",
"minimum": 0,
"required": false,
"title": "Sequence number of the this Rule",
"type": "int"
},
"service_entries": {
"description": "In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.",
"items": {
"$ref": "ServiceEntry
},
"maxItems": 128,
"required": false,
"title": "Raw services",
"type": "array"
},
"services": {
"description": "In order to specify all services, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Names of services",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"source_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Source group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sources_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups",
"readonly": false,
"required": false,
"title": "Negation of source groups",
"type": "boolean"
},
"tag": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.",
"required": false,
"title": "Tag applied on the rule",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "It define redirection rule for service insertion",
"type": "object"
}
RegTokenQuery (type)
{
"id": "RegTokenQuery",
"module_id": "RegistrationTokenEndPoint",
"properties": {
"token": {
"description": "Get roles from registration token",
"required": true,
"sensitive": true,
"title": "Registration token",
"type": "string"
}
},
"title": "Registration token",
"type": "object"
}
RegistrationToken (type)
{
"id": "RegistrationToken",
"module_id": "RegistrationTokenEndPoint",
"properties": {
"roles": {
"items": {
"type": "string"
},
"required": true,
"title": "List results",
"type": "array"
},
"token": {
"required": true,
"sensitive": true,
"title": "Access token",
"type": "string"
},
"user": {
"required": false,
"title": "User delegated by token",
"type": "string"
}
},
"title": "Appliance registration access token",
"type": "object"
}
RelatedApiError (type)
{
"id": "RelatedApiError",
"module_id": "Common",
"properties": {
"details": {
"title": "Further details about the error",
"type": "string"
},
"error_code": {
"title": "A numeric error code",
"type": "integer"
},
"error_data": {
"title": "Additional data about the error",
"type": "object"
},
"error_message": {
"title": "A description of the error",
"type": "string"
},
"module_name": {
"title": "The module name where the error occurred",
"type": "string"
}
},
"title": "Detailed information about a related API error",
"type": "object"
}
RelatedAttribute (type)
{
"additionalProperties": false,
"description": "Related attribute on the target resource for conditional constraints based on related attribute value. Example - destinationGroups/service/action is related attribute of sourceGroups in communcation entry.",
"id": "RelatedAttribute",
"module_id": "PolicyConstraints",
"properties": {
"attribute": {
"required": true,
"title": "Related attribute name on the target entity.",
"type": "string"
}
},
"title": "Related attribute details.",
"type": "object"
}
RelatedAttributeConditionalExpression (type)
{
"additionalProperties": false,
"description": "Represents the leaf level type expression to express constraint as value of realted attribute to the target. Example - Constraint traget attribute 'X' (example in Constraint), if destinationGroups contains 'vCeneter' then allow only values \"HTTPS\", \"HTTP\" for attribute X. { \"target\":{ \"target_resource_type\":\"CommunicationEntry\", \"attribute\":\"services\", \"path_prefix\": \"/infra/domains/{{DOMAIN}}/edge-communication-maps/default/communication-entries/\" }, \"constraint_expression\": { \"resource_type\": \"RelatedAttributeConditionalExpression\", \"related_attribute\":{ \"attribute\":\"destinationGroups\" }, \"condition\" : { \"operator\":\"INCLUDES\", \"rhs_value\": [\"/infra/domains/mgw/groups/VCENTER\"], \"value_constraint\": { \"resource_type\": \"ValueConstraintExpression\", \"operator\":\"INCLUDES\", \"values\":[\"/infra/services/HTTP\", \"/infra/services/HTTPS\"] } } } }",
"extends": {
"$ref": "ConstraintExpression
},
"id": "RelatedAttributeConditionalExpression",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"type-identifier": "RelatedAttributeConditionalExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"$ref": "ConditionalValueConstraintExpression,
"description": "Conditional value expression for target based on realted attribute value.",
"required": true,
"title": "Conditiona value constraint expression."
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"related_attribute": {
"$ref": "RelatedAttribute,
"required": true,
"title": "Related attribute."
},
"resource_type": {
"enum": [
"ValueConstraintExpression",
"RelatedAttributeConditionalExpression",
"EntityInstanceCountConstraintExpression",
"FieldSanityConstraintExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Represents the leaf level type expression to express constraint as\nvalue of realted attribute to the target. Uses\nConditionalValueConstraintExpression to constrain the target value\nbased on the related attribute value on the same resource.\n",
"type": "object"
}
RemainingSupportBundleNode (type)
{
"additionalProperties": false,
"id": "RemainingSupportBundleNode",
"properties": {
"node_display_name": {
"readonly": true,
"required": true,
"title": "Display name of node",
"type": "string"
},
"node_id": {
"readonly": true,
"required": true,
"title": "UUID of node",
"type": "string"
},
"node_ip": {
"readonly": true,
"required": true,
"title": "IPv4 address of node",
"type": "string"
},
"node_ipv6": {
"readonly": true,
"required": true,
"title": "IPv6 address of node",
"type": "string"
},
"status": {
"enum": [
"PENDING",
"PROCESSING"
],
"readonly": true,
"required": true,
"title": "Status of node",
"type": "string"
}
},
"type": "object"
}
RemoteFileServer (type)
{
"additionalProperties": false,
"id": "RemoteFileServer",
"module_id": "BackupConfiguration",
"properties": {
"directory_path": {
"pattern": "^\\/[\\w\\-.\\+~\\/]+$",
"required": true,
"title": "Remote server directory to copy bundle files to",
"type": "string",
"validation_msg_key": "com.vmware.nsx.validation.constraints.BackupRestore.directory_path_pattern.message"
},
"port": {
"default": 22,
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"protocol": {
"$ref": "FileTransferProtocol,
"required": true,
"title": "Protocol to use to copy file"
},
"server": {
"format": "hostname-or-ip",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
}
},
"title": "Remote file server",
"type": "object"
}
RemoteServerFingerprint (type)
{
"additionalProperties": false,
"id": "RemoteServerFingerprint",
"module_id": "BackupConfiguration",
"properties": {
"port": {
"default": 22,
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"server": {
"format": "hostname-or-ip",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
},
"ssh_fingerprint": {
"required": true,
"title": "SSH fingerprint of server",
"type": "string"
}
},
"title": "Remote server",
"type": "object"
}
RemoteServerFingerprintRequest (type)
{
"additionalProperties": false,
"id": "RemoteServerFingerprintRequest",
"module_id": "BackupConfiguration",
"properties": {
"port": {
"default": 22,
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"server": {
"format": "hostname-or-ip",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
}
},
"title": "Remote server",
"type": "object"
}
RemoteSiteCompatibilityInfo (type)
{
"id": "RemoteSiteCompatibilityInfo",
"module_id": "SiteManagerModule",
"properties": {
"is_compatible": {
"title": "are the 2 sites compatible",
"type": "boolean"
},
"local_site": {
"$ref": "SiteCompatibilityInfo,
"title": "local site compatibility"
},
"remote_site": {
"$ref": "SiteCompatibilityInfo,
"title": "remote site compatibility"
}
},
"type": "object"
}
RemoteSiteCredential (type)
{
"description": "Contains the information needed to communicate with another site.",
"id": "RemoteSiteCredential",
"module_id": "SiteManagerModule",
"properties": {
"address": {
"required": true,
"title": "Address of the site (IPv4:port)",
"type": "string"
},
"password": {
"required": true,
"sensitive": true,
"title": "Password of the site",
"type": "string"
},
"thumbprint": {
"required": true,
"sensitive": true,
"title": "Sha256 thumbprint of API certificate of the remote site",
"type": "string"
},
"username": {
"required": true,
"title": "Username of the site",
"type": "string"
}
},
"title": "Credential of remote site",
"type": "object"
}
RenderConfiguration (type)
{
"additionalProperties": false,
"description": "Render configuration to be applied to the widget.",
"id": "RenderConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"color": {
"description": "The color to use when rendering an entity. For example, set color as 'RED' to render a portion of donut in red.",
"title": "Color of the entity",
"type": "string"
},
"condition": {
"description": "If the condition is met then the rendering specified for the condition will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"display_value": {
"description": "If specified, overrides the field value. This can be used to display a meaningful value in situations where field value is not available or not configured.",
"maxLength": 255,
"title": "Overridden value to display, if any",
"type": "string"
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"minItems": 0,
"title": "Icons",
"type": "array"
},
"tooltip": {
"description": "Multi-line text to be shown on tooltip while hovering over the UI element if the condition is met.",
"items": {
"$ref": "Tooltip
},
"minItems": 0,
"title": "Multi-line tooltip",
"type": "array"
}
},
"title": "Render Configuration",
"type": "object"
}
ReorderRequest (type)
{
"additionalProperties": false,
"id": "ReorderRequest",
"module_id": "Upgrade",
"properties": {
"id": {
"readonly": false,
"required": true,
"title": "id of the upgrade unit group/upgrade unit before/after which the upgrade unit group/upgrade unit is to be placed",
"type": "string"
},
"is_before": {
"default": true,
"readonly": false,
"required": false,
"title": "flag indicating whether the upgrade unit group/upgrade unit is to be placed before or after the specified upgrade unit group/upgrade unit",
"type": "boolean"
}
},
"type": "object"
}
RepoSyncStatusReport (type)
{
"id": "RepoSyncStatusReport",
"module_id": "ClusterNodeVMDeployment",
"properties": {
"failure_code": {
"description": "In case of repo sync related failure, the code for the error will be stored here.",
"required": false,
"title": "Error code for failure",
"type": "integer"
},
"failure_message": {
"description": "In case if repo sync fails due to some issue, an error message will be stored here.",
"required": false,
"title": "Error message for failure",
"type": "string"
},
"status": {
"description": "Status of the repo sync operation on the single nsx-manager",
"enum": [
"NOT_STARTED",
"IN_PROGRESS",
"FAILED",
"SUCCESS"
],
"required": true,
"title": "Repository Synchronization Status",
"type": "string"
},
"status_message": {
"description": "Describes the steps which repo sync operation is performing currently.",
"required": false,
"title": "Status message",
"type": "string"
}
},
"type": "object"
}
ResetNodeUserOwnPasswordProperties (type)
{
"additionalProperties": false,
"id": "ResetNodeUserOwnPasswordProperties",
"properties": {
"old_password": {
"description": "If the old_password is not given, a 400 BAD REQUEST is returned with an error message.",
"required": true,
"sensitive": true,
"title": "The old password of the user",
"type": "string"
},
"password": {
"required": true,
"sensitive": true,
"title": "The new password for user",
"type": "string"
}
},
"type": "object"
}
ResetStatsRequestParameters (type)
{
"additionalProperties": false,
"description": "Request parameters that represents an enforcement point path and category. A request on statistics can be parameterized with this enforcement point path and will be evaluated as follows: - no enforcement point path specified: the request is evaluated on all enforcement points. - {enforcement_point_path}: the request is evaluated only on the given enforcement point.",
"extends": {
"$ref": "StatisticsRequestParameters
},
"id": "ResetStatsRequestParameters",
"module_id": "PolicyBaseStatistics",
"properties": {
"category": {
"description": "Aggregation statistic category to perform reset operation.",
"enum": [
"DFW",
"EDGE"
],
"required": true,
"title": "Aggregation statistic category",
"type": "string"
},
"container_cluster_path": {
"description": "Path to the container cluster entity where the request will be executed.",
"required": false,
"title": "String Path of the Container Cluster entity",
"type": "string"
},
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
}
},
"title": "Reset Statistics Request Parameters",
"type": "object"
}
Resource (type)
{
"abstract": true,
"id": "Resource",
"module_id": "Common",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
}
},
"title": "Base class for resources",
"type": "object"
}
ResourceFieldPointer (type)
{
"additionalProperties": false,
"description": "Resource Field Pointer representing the exact value within a policy object.",
"id": "ResourceFieldPointer",
"module_id": "PolicyReaction",
"properties": {
"field_pointer": {
"description": "Field Pointer referencing the exact field within the policy object.",
"required": true,
"title": "Field Pointer",
"type": "string"
},
"path": {
"description": "Policy Path referencing a policy object. If not supplied, the field pointer will be applied to the event source.",
"title": "Resource Path",
"type": "string"
}
},
"title": "Resource Field Pointer",
"type": "object"
}
ResourceInfo (type)
{
"additionalProperties": false,
"description": "It represents the resource information which could identify resource.",
"id": "ResourceInfo",
"module_id": "PolicyTag",
"properties": {
"resource_ids": {
"description": "It will represent resource identifiers. For example, policy objects will be represented with paths and virtual machine will be represented with external ids.",
"items": {
"type": "string"
},
"required": true,
"title": "Resource identifiers",
"type": "array"
},
"resource_type": {
"description": "It will represent resource type on which tag bulk operation to be performed. Supported resource type is VirtualMachine.",
"required": true,
"title": "Resource type",
"type": "string"
}
},
"title": "Represents resources information",
"type": "object"
}
ResourceInfoListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ResourceInfoListResult",
"module_id": "PolicyFineTuning",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "PolicyFineTuningResourceInfo
},
"required": true,
"title": "Resource info list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Collection of resource info objects",
"type": "object"
}
ResourceInfoSearchParameters (type)
{
"additionalProperties": false,
"description": "This object presents additional search capabilities over any API through free text query string. e.g. type=\"FirewallRuleDto\".",
"experimental": true,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "ResourceInfoSearchParameters",
"module_id": "PolicyFineTuning",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"type": {
"required": false,
"title": "Type query",
"type": "string"
}
},
"title": "Represents search object that provides additional search capabilities",
"type": "object"
}
ResourceLink (type)
{
"additionalProperties": false,
"id": "ResourceLink",
"module_id": "Common",
"properties": {
"action": {
"readonly": true,
"title": "Optional action",
"type": "string"
},
"href": {
"readonly": true,
"required": true,
"title": "Link to resource",
"type": "string"
},
"rel": {
"description": "Custom relation type (follows RFC 5988 where appropriate definitions exist)",
"readonly": true,
"required": true,
"title": "Link relation type",
"type": "string"
}
},
"title": "A link to a related resource",
"type": "object"
}
ResourceObject (type)
{
"additionalProperties": false,
"description": "A ResourceObject contains the path and properties of the resource that needs to be shared.",
"id": "ResourceObject",
"module_id": "PolicyShare",
"properties": {
"include_children": {
"default": false,
"description": "Whether the children of the shared resource_path are shared (true) or just the entity represented by the path is shared (false). The default value is false.",
"required": false,
"title": "Denotes if the children of the shared path are also shared",
"type": "boolean"
},
"resource_path": {
"description": "Represents the path of the resource to be shared. The entity represented by this shared resources is shared with all the Orgs or Projects contexts that the Share container references.",
"required": true,
"title": "Path of the resource to be shared",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SharedResource"
],
"relationshipType": "SHARED_RESOURCE_RELATIONSHIP",
"rightType": []
}
]
}
},
"title": "Policy resource object for sharing",
"type": "object"
}
ResourceOperation (type)
{
"additionalProperties": false,
"description": "Resource Operation is an Event Source that represents a resource that is being changed at very specific points of time, with regard to its interaction with dao layer.",
"extends": {
"$ref": "Source
},
"id": "ResourceOperation",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"type-identifier": "ResourceOperation"
},
"properties": {
"operation_types": {
"description": "Operation types.",
"items": {
"$ref": "ResourceOperationType
},
"minItems": 1,
"required": true,
"title": "Operation Types",
"type": "array"
},
"resource_pointer": {
"description": "Regex path representing a regex expression on resources. This regex is used to identify the object(s) that is/are the source of the Event. For instance: specifying \"Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default\" as a source means that ANY resource starting with Lb or ANY resource with \"/infra/tier-0s/vmc/ipsec-vpn-services/default\" as path would be the source of the event in question.",
"required": true,
"title": "Resource Pointer",
"type": "string"
},
"resource_type": {
"description": "Event Source resource type.",
"enum": [
"ResourceOperation",
"ApiRequestBody"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Resource Operation",
"type": "object"
}
ResourceOperationType (type)
{
"additionalProperties": false,
"description": "Resource Operation Type represents a change in state of a resource with regard to the interaction with DAO layer: POST_CREATE: post-create change event. POST_UPDATE: post-update change event. PRE_DELETE: pre-delete change event.",
"enum": [
"POST_CREATE",
"POST_UPDATE",
"PRE_DELETE"
],
"id": "ResourceOperationType",
"module_id": "PolicyReaction",
"title": "Resource Operation Type",
"type": "string"
}
ResourceReference (type)
{
"description": "A weak reference to an NSX resource.",
"id": "ResourceReference",
"module_id": "Common",
"properties": {
"is_valid": {
"description": "Will be set to false if the referenced NSX resource has been deleted.",
"readonly": true,
"required": false,
"title": "Target validity",
"type": "boolean"
},
"target_display_name": {
"description": "Display name of the NSX resource.",
"maxLength": 255,
"readonly": true,
"required": false,
"title": "Target display name",
"type": "string"
},
"target_id": {
"description": "Identifier of the NSX resource.",
"maxLength": 64,
"readonly": false,
"required": false,
"title": "Target ID",
"type": "string"
},
"target_type": {
"description": "Type of the NSX resource.",
"maxLength": 255,
"readonly": false,
"required": false,
"title": "Target type",
"type": "string"
}
},
"type": "object"
}
ResourceSummaryDetail (type)
{
"additionalProperties": false,
"description": "Resource summary details represents list of resources for given resource type with its total count.",
"id": "ResourceSummaryDetail",
"module_id": "GmConfigOnboarding",
"properties": {
"resource_count": {
"description": "Total resource count",
"readonly": true,
"required": true,
"title": "Resource count",
"type": "integer"
},
"resource_list": {
"description": "List of homogenous resources of resource type.",
"items": {
"$ref": "OnboardingAttribute
},
"maxItems": 100,
"readonly": true,
"required": false,
"title": "Resource List",
"type": "array"
},
"resource_type": {
"description": "Policy resource entity type, for example: CommunicationMap, Group etc.",
"readonly": true,
"required": true,
"title": "Policy Resource Type",
"type": "string"
}
},
"title": "Resource Summary Detail",
"type": "object"
}
ResourceTagStatus (type)
{
"additionalProperties": false,
"description": "It represents tag operation status for a resource and details of the failure if any.",
"id": "ResourceTagStatus",
"module_id": "PolicyTag",
"properties": {
"details": {
"title": "Details about the error if any",
"type": "string"
},
"resource_display_name": {
"title": "Resource display name",
"type": "string"
},
"resource_id": {
"required": true,
"title": "Resource id",
"type": "string"
},
"tag_status": {
"enum": [
"Success",
"Error"
],
"required": true,
"title": "Status of tag apply or remove operation",
"type": "string"
}
},
"title": "Tag operation status for a resource",
"type": "object"
}
ResourceTypeTagStatus (type)
{
"additionalProperties": false,
"description": "Tag operation status for particular resource type and resource ids.",
"id": "ResourceTypeTagStatus",
"module_id": "PolicyTag",
"properties": {
"resource_tag_status": {
"description": "List of resources on which tag needs to be applied.",
"items": {
"$ref": "ResourceTagStatus
},
"title": "List of resources on which tag needs to be applied",
"type": "array"
},
"resource_type": {
"required": true,
"title": "Resource type",
"type": "string"
}
},
"title": "Tag operation status for particular resource type and resource ids.",
"type": "object"
}
RestoreStep (type)
{
"id": "RestoreStep",
"module_id": "ClusterRestore",
"properties": {
"description": {
"readonly": true,
"required": true,
"title": "Restore step description",
"type": "string"
},
"status": {
"$ref": "PerStepRestoreStatus
},
"step_number": {
"readonly": true,
"required": true,
"title": "Restore step number",
"type": "integer"
},
"value": {
"readonly": true,
"required": true,
"title": "Restore step value",
"type": "string"
}
},
"title": "Restore step info",
"type": "object"
}
RevisionedResource (type)
{
"abstract": true,
"extends": {
"$ref": "Resource
},
"id": "RevisionedResource",
"module_id": "Common",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
}
},
"title": "A base class for types that track revisions",
"type": "object"
}
Role (type)
{
"id": "Role",
"module_id": "AAA",
"properties": {
"role": {
"description": "Short identifier for the role. Must be all lower case with no spaces.",
"pattern": "^[_a-z0-9-]+$",
"required": true,
"title": "Role identifier",
"type": "string"
},
"role_display_name": {
"description": "A short, human-friendly display name of the role.",
"required": false,
"title": "Display name for role",
"type": "string"
}
},
"title": "Role",
"type": "object"
}
RoleAssignmentPermissionConfig (type)
{
"description": "Configuration that controls whether project admins and VPC admins can do role assignment to other users.",
"id": "RoleAssignmentPermissionConfig",
"module_id": "AAA",
"properties": {
"allow_role_assignment": {
"required": false,
"title": "Specifies whether user with this role is allowed to assign roles to other users.",
"type": "boolean"
}
},
"title": "Role Assignment Permission config.",
"type": "object"
}
RoleBinding (type)
{
"extends": {
"$ref": "ManagedResource
},
"id": "RoleBinding",
"module_id": "AAA",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"identity_source_id": {
"description": "The ID of the external identity source that holds the referenced external entity. Currently, only external LDAP and OIDC servers are allowed.",
"required": false,
"title": "ID of the external identity source",
"type": "string"
},
"identity_source_type": {
"default": "VIDM",
"enum": [
"VIDM",
"LDAP",
"OIDC",
"CSP"
],
"required": false,
"title": "Identity source type",
"type": "string"
},
"name": {
"readonly": true,
"required": true,
"title": "User/Group's name",
"type": "string"
},
"read_roles_for_paths": {
"description": "Set this property to true to cause the user's role definition to be read from the roles_for_paths property. Set it to false to cause the user's role definition to be read from the roles property.",
"readonly": false,
"required": false,
"title": "Read from roles_for_paths instead of roles",
"type": "boolean"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"roles": {
"deprecated": true,
"deprecation_advice": "This property is deprecated in favour of roles_for_paths.",
"items": {
"$ref": "Role
},
"readonly": true,
"required": false,
"title": "Roles",
"type": "array"
},
"roles_for_paths": {
"description": "The roles that are associated with the user, limiting them to a path. In case the path is '/', the roles apply everywhere i.e. it is same as the deprecated property roles.",
"items": {
"$ref": "RolesForPath
},
"readonly": false,
"required": false,
"title": "Roles for Paths",
"type": "array"
},
"stale": {
"description": "Property 'stale' can be considered to have these values - absent - This type of rolebinding does not support stale property TRUE - Rolebinding is stale in vIDM meaning the user is no longer present in vIDM FALSE - Rolebinding is available in vIDM UNKNOWN - Rolebinding's state of staleness in unknown Once rolebindings become stale, they can be deleted using the API POST /aaa/role-bindings?action=delete_stale_bindings",
"enum": [
"TRUE",
"FALSE",
"UNKNOWN"
],
"readonly": true,
"required": false,
"title": "Stale in vIDM",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"type": {
"description": "Indicates the type of the user. remote_user - This is a user which is external to NSX. remote_group - This is a group of users which is external to NSX. local_user - This is a user local to NSX. These are linux users. principal_identity - This is a principal identity user. remote - The the principal is remote but whether it is a user or group is not known. Currently this is applicable only to LDAP identity_source_type.",
"enum": [
"remote_user",
"remote_group",
"local_user",
"principal_identity",
"remote"
],
"readonly": true,
"required": true,
"title": "Type",
"type": "string"
},
"user_id": {
"description": "Local user's numeric id on the system.",
"readonly": true,
"required": false,
"title": "Local user's numeric id",
"type": "string"
}
},
"title": "User/Group's role binding",
"type": "object"
}
RoleBindingListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "RoleBindingListResult",
"module_id": "AAA",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "RoleBinding
},
"required": true,
"title": "List results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
RoleBindingRequestParameters (type)
{
"description": "Pagination and Filtering parameters to get only a subset of users/groups.",
"extends": {
"$ref": "ListRequestParameters
},
"id": "RoleBindingRequestParameters",
"module_id": "AAA",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"identity_source_id": {
"description": "If provided, only return role bindings for the given identity source. Currently only supported for LDAP and OIDC identity source types.",
"required": false,
"title": "Identity source ID",
"type": "string"
},
"identity_source_type": {
"enum": [
"VIDM",
"LDAP",
"OIDC"
],
"required": false,
"title": "Identity source type",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"name": {
"required": false,
"title": "User/Group name",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"path": {
"required": false,
"title": "Exact path of the context",
"type": "string"
},
"role": {
"required": false,
"title": "Role ID",
"type": "string"
},
"root_path": {
"required": false,
"title": "Prefix path of the context",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"type": {
"enum": [
"remote_user",
"remote_group",
"local_user",
"principal_identity"
],
"required": false,
"title": "Type",
"type": "string"
}
},
"title": "Parameters to filter list of role bindings.",
"type": "object"
}
RoleListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "RoleListResult",
"module_id": "AAA",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Role
},
"required": true,
"title": "List results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
RoleWithFeatures (type)
{
"extends": {
"$ref": "ManagedResource
},
"id": "RoleWithFeatures",
"module_id": "AAA",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"features": {
"items": {
"$ref": "FeaturePermission
},
"required": true,
"title": "Features",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"role": {
"description": "Short identifier for the role. Must be all lower case with no spaces.",
"pattern": "^[_a-z0-9-]+$",
"readonly": true,
"required": true,
"title": "Role identifier",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Role",
"type": "object"
}
RoleWithFeaturesListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "RoleWithFeaturesListResult",
"module_id": "AAA",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "RoleWithFeatures
},
"required": true,
"title": "List results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
RolesForPath (type)
{
"description": "The roles that are limited only to the path specified. In case the path is null, the roles apply everywhere.",
"id": "RolesForPath",
"module_id": "AAA",
"properties": {
"delete_path": {
"default": false,
"description": "Flag to delete the path in role-binding update operation. If false then path will not be deleted while updating the role-binding. If true then path will be deleted while updating the role-binding. Please note: This flag will be used only in role-binding PUT api.",
"required": false,
"title": "Flag to delete the path in role-binding update operation.",
"type": "boolean"
},
"path": {
"description": "Path of the entity in parent hierarchy.",
"readonly": false,
"required": true,
"title": "Path",
"type": "string"
},
"roles": {
"description": "Applicable roles.",
"items": {
"$ref": "Role
},
"readonly": false,
"required": true,
"title": "Roles",
"type": "array"
}
},
"title": "Roles for path",
"type": "object"
}
RolesListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "RolesListRequestParameters",
"module_id": "AAA",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"scope": {
"enum": [
"ROOT",
"ORG",
"PROJECT",
"VPC"
],
"required": false,
"title": "List only the roles which are applicable for this scope.",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Roles list request parameters",
"type": "object"
}
RouteAdvertisementRule (type)
{
"additionalProperties": false,
"id": "RouteAdvertisementRule",
"module_id": "PolicyConnectivity",
"properties": {
"action": {
"default": "PERMIT",
"description": "Action to advertise filtered routes to the connected Tier0 gateway. PERMIT: Enables the advertisment DENY: Disables the advertisement",
"enum": [
"PERMIT",
"DENY"
],
"required": true,
"title": "Action to advertise routes",
"type": "string"
},
"name": {
"description": "Display name should be unique.",
"required": true,
"title": "Display name for rule",
"type": "string"
},
"prefix_operator": {
"default": "GE",
"description": "Prefix operator to filter subnets. GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured. EQ prefix operator filter all the routes with prefix length equal to the subnets configured.",
"enum": [
"GE",
"EQ"
],
"required": false,
"title": "Prefix operator to match subnets",
"type": "string"
},
"route_advertisement_types": {
"description": "Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised.",
"items": {
"$ref": "Tier1RouteAdvertisentTypes
},
"required": false,
"title": "Enable different types of route advertisements",
"type": "array"
},
"subnets": {
"description": "Network CIDRs to be routed.",
"items": {
"format": "ip-cidr-block",
"type": "string"
},
"required": false,
"title": "Network CIDRs",
"type": "array"
}
},
"title": "Route advertisement rules and filtering",
"type": "object"
}
RouteAggregationEntry (type)
{
"additionalProperties": false,
"id": "RouteAggregationEntry",
"module_id": "PolicyConnectivity",
"properties": {
"prefix": {
"description": "CIDR of aggregate address",
"format": "ip-cidr-block",
"required": true,
"title": "CIDR of aggregate address",
"type": "string"
},
"summary_only": {
"default": true,
"description": "Send only summarized route. Summarization reduces number of routes advertised by representing multiple related routes with prefix property.",
"required": false,
"title": "Send only summarized route",
"type": "boolean"
}
},
"title": "List of routes to be aggregated",
"type": "object"
}
RouteBasedIPSecVpnSession (type)
{
"additionalProperties": false,
"description": "A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.",
"extends": {
"$ref": "IPSecVpnSession
},
"id": "RouteBasedIPSecVpnSession",
"module_id": "PolicyVpnIPSecVpn",
"polymorphic-type-descriptor": {
"type-identifier": "RouteBasedIPSecVpnSession"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"authentication_mode": {
"default": "PSK",
"description": "Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication.",
"enum": [
"PSK",
"CERTIFICATE"
],
"title": "Authentication Mode",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"compliance_suite": {
"description": "Compliance suite.",
"enum": [
"CNSA",
"SUITE_B_GCM_128",
"SUITE_B_GCM_256",
"PRIME",
"FOUNDATION",
"FIPS",
"NONE"
],
"title": "Compliance suite",
"type": "string"
},
"connection_initiation_mode": {
"default": "INITIATOR",
"description": "Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.",
"enum": [
"INITIATOR",
"RESPOND_ONLY",
"ON_DEMAND"
],
"title": "Connection initiation mode",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"dpd_profile_path": {
"description": "Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.",
"title": "Dead peer detection (DPD) profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_DPD_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnDpdProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_DPD_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnDpdProfile"
]
}
]
},
"enabled": {
"default": true,
"description": "Enable/Disable IPSec VPN session.",
"title": "Enable/Disable IPSec VPN session",
"type": "boolean"
},
"force_whitelisting": {
"default": false,
"deprecated": true,
"description": "If true the default firewall rule Action is set to DROP, otherwise set to ALLOW. This field is deprecated and recommended to change Rule action field. Note that this field is not synchornied with default rule field.",
"required": false,
"title": "Flag to add default whitelisting Gateway Policy rule for the VTI interface.",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ike_profile_path": {
"description": "Policy path referencing IKE profile to be used. Default is set according to system default profile.",
"title": "Internet key exchange (IKE) profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_IKE_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnIkeProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_IKE_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnIkeProfile"
]
}
]
},
"local_endpoint_path": {
"description": "Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.",
"required": false,
"title": "Local endpoint path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_LOCAL_ENDPOINT_RELATIONSHIP",
"rightType": [
"IPSecVpnLocalEndpoint"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_LOCAL_ENDPOINT_RELATIONSHIP",
"rightType": [
"IPSecVpnLocalEndpoint"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"peer_address": {
"$ref": "IPAddress,
"description": "Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.",
"required": false,
"title": "IPV4 or IPV6 address of peer endpoint on remote site"
},
"peer_id": {
"description": "Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.",
"required": false,
"title": "Peer id",
"type": "string"
},
"psk": {
"description": "IPSec Pre-shared key. Maximum length of this field is 128 characters.",
"sensitive": true,
"title": "Pre-shared key",
"type": "secure_string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "IPSecVpnSessionResourceType,
"required": true
},
"site_overrides": {
"description": "A collection of site specific attributes specificed only on GM",
"items": {
"$ref": "SiteOverride
},
"maxItems": 128,
"required": false,
"title": "SiteOverride list",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_mss_clamping": {
"$ref": "TcpMaximumSegmentSizeClamping,
"description": "TCP Maximum Segment Size Clamping Direction and Value.",
"title": "TCP MSS Clamping"
},
"tunnel_interfaces": {
"description": "IP Tunnel interfaces. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.",
"items": {
"$ref": "IPSecVpnTunnelInterface
},
"maxItems": 1,
"minItems": 1,
"required": false,
"title": "IP Tunnel interfaces",
"type": "array"
},
"tunnel_profile_path": {
"description": "Policy path referencing Tunnel profile to be used. Default is set to system default profile.",
"title": "IPSec tunnel profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"PolicyBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_TUNNEL_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnTunnelProfile"
]
},
{
"leftType": [
"RouteBasedIPSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_TUNNEL_PROFILE_RELATIONSHIP",
"rightType": [
"IPSecVpnTunnelProfile"
]
}
]
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Route based VPN session",
"type": "object"
}
RouteBasedL3VpnSession (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn.",
"extends": {
"$ref": "L3VpnSession
},
"id": "RouteBasedL3VpnSession",
"module_id": "PolicyL3Vpn",
"polymorphic-type-descriptor": {
"type-identifier": "RouteBasedL3VpnSession"
},
"properties": {
"default_rule_logging": {
"default": false,
"description": "Indicates if logging should be enabled for the default whitelisting rule for the VTI interface.",
"required": false,
"title": "Enable logging for whitelisted rule for the VTI interface",
"type": "boolean"
},
"force_whitelisting": {
"default": false,
"description": "The default firewall rule Action is set to DROP if true otherwise set to ALLOW.",
"required": false,
"title": "Flag to add default whitelisting FW rule for the VTI interface.",
"type": "boolean"
},
"resource_type": {
"$ref": "L3VpnSessionResourceType,
"required": true
},
"routing_config_path": {
"deprecated": true,
"description": "This is a deprecated field. Any specified value is not saved and will be ignored.",
"title": "Routing configuration policy path",
"type": "string"
},
"tunnel_subnets": {
"description": "Virtual tunnel interface (VTI) port IP subnets to be used to configure route-based L3Vpn session. A max of one tunnel subnet is allowed.",
"items": {
"$ref": "TunnelSubnet
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "Virtual Tunnel Interface (VTI) IP subnets",
"type": "array",
"uniqueItems": true
}
},
"title": "Route based L3Vpn Session",
"type": "object"
}
RouteDetails (type)
{
"additionalProperties": false,
"description": "BGP route details.",
"id": "RouteDetails",
"module_id": "AggSvcLogicalRouter",
"properties": {
"as_path": {
"description": "BGP AS path attribute.",
"readonly": true,
"required": false,
"title": "AS path",
"type": "string"
},
"local_pref": {
"description": "BGP Local Preference attribute.",
"readonly": true,
"required": false,
"title": "Local preference",
"type": "integer"
},
"med": {
"description": "BGP Multi Exit Discriminator attribute.",
"readonly": true,
"required": false,
"title": "Multi Exit Discriminator",
"type": "integer"
},
"network": {
"$ref": "IPCIDRBlock,
"description": "CIDR network address.",
"readonly": true,
"required": true,
"title": "CIDR network address"
},
"next_hop": {
"$ref": "IPAddress,
"description": "Next hop IP address.",
"readonly": true,
"required": false,
"title": "Next hop IP address"
},
"weight": {
"description": "BGP Weight attribute.",
"readonly": true,
"required": false,
"title": "Weight",
"type": "integer"
}
},
"title": "BGP route details",
"type": "object"
}
RouteMapEntry (type)
{
"additionalProperties": false,
"id": "RouteMapEntry",
"module_id": "PolicyConnectivity",
"properties": {
"action": {
"description": "Action for the route map entry",
"enum": [
"PERMIT",
"DENY"
],
"required": true,
"title": "Action for the route map entry",
"type": "string"
},
"community_list_matches": {
"description": "Community list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry.",
"items": {
"$ref": "CommunityMatchCriteria
},
"required": false,
"title": "Community list match criteria",
"type": "array"
},
"prefix_list_matches": {
"description": "Prefix list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry.",
"items": {
"type": "string"
},
"maxItems": 500,
"required": false,
"title": "Prefix list match criteria",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0RouteMap"
],
"relationshipType": "ROUTEMAP_PREFIX_LIST_RELATIONSHIP",
"rightType": [
"PrefixList"
]
}
]
},
"set": {
"$ref": "RouteMapEntrySet,
"description": "Set criteria for route map entry",
"required": false,
"title": "Set criteria for route map entry"
}
},
"title": "Route map entry",
"type": "object"
}
RouteMapEntrySet (type)
{
"additionalProperties": false,
"id": "RouteMapEntrySet",
"module_id": "PolicyConnectivity",
"properties": {
"as_path_prepend": {
"description": "AS path prepend to influence route selection.",
"required": false,
"title": "AS path prepend to influence route selection",
"type": "string"
},
"community": {
"description": "Set BGP regular or large community for matching routes. A maximum of one value for each community type separated by space. Well-known community name, community value in aa:nn (2byte:2byte) format for regular community and community value in aa:bb:nn (4byte:4byte:4byte) format for large community are supported.",
"required": false,
"title": "Set BGP community",
"type": "string"
},
"local_preference": {
"default": 100,
"description": "Local preference indicates the degree of preference for one BGP route over other BGP routes. The path with highest local preference is preferred.",
"maximum": 4294967295,
"title": "Local preference to set for matching BGP routes",
"type": "integer"
},
"med": {
"description": "Multi exit descriminator (MED) is a hint to BGP neighbors about the preferred path into an autonomous system (AS) that has multiple entry points. A lower MED value is preferred over a higher value.",
"maximum": 4294967295,
"minimum": 0,
"required": false,
"title": "Multi exit descriminator",
"type": "int"
},
"prefer_global_v6_next_hop": {
"description": "For incoming and import route_maps on receiving both v6 global and v6 link-local address for the route, prefer to use the global address as the next hop. By default, it prefers the link-local next hop.",
"required": false,
"title": "Prefer global v6 next hop over local next hop",
"type": "boolean"
},
"weight": {
"description": "Weight is used to select a route when multiple routes are available to the same network. Route with the highest weight is preferred.",
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Weight used to select certain path",
"type": "int"
}
},
"title": "Set criteria for route map entry",
"type": "object"
}
RouterLinkRuntimeRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "RouterLinkRuntimeRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_path": {
"description": "Policy path of edge node. Edge should be member of enforcement point. It is mandantory for router link interface statistics and ARP-table APIs.",
"title": "Policy path of edge node",
"type": "string"
},
"enforcement_point_path": {
"description": "Enforcement point path.",
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"tier1_path": {
"description": "Policy path of tier1.",
"required": true,
"title": "Policy path of tier1",
"type": "string"
}
},
"title": "Router link runtime status request parameters",
"type": "object"
}
RouterNexthop (type)
{
"additionalProperties": false,
"id": "RouterNexthop",
"module_id": "PolicyConnectivity",
"properties": {
"admin_distance": {
"default": 1,
"description": "Cost associated with next hop route",
"maximum": 255,
"minimum": 1,
"required": false,
"title": "Cost associated with next hop route",
"type": "int"
},
"ip_address": {
"$ref": "IPAddress,
"description": "Next hop gateway IP address",
"required": false,
"title": "Next hop gateway IP address"
},
"scope": {
"description": "Interface path associated with current route. For example: specify a policy path referencing the IPSec VPN Session. Should not be provided while creating routes under VPC.",
"items": {
"type": "string"
},
"minItems": 1,
"required": false,
"title": "Interface path associated with current route",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"StaticRoutes"
],
"relationshipType": "PROVIDER_INTERFACE_STATIC_ROUTE_RELATIONSHIP",
"rightType": [
"IPSecVpnSession",
"Tier1Interface",
"Tier0Interface",
"Segment",
"LocaleServices",
"Tier0"
]
}
]
}
},
"title": "Next hop configuration for network",
"type": "object"
}
RoutesPerTransportNode (type)
{
"additionalProperties": false,
"description": "BGP routes per transport node.",
"id": "RoutesPerTransportNode",
"module_id": "AggSvcLogicalRouter",
"properties": {
"routes": {
"description": "Array of BGP neighbor route details for this transport node.",
"items": {
"$ref": "RouteDetails
},
"readonly": true,
"required": false,
"title": "BGP neighbor route details",
"type": "array"
},
"source_address": {
"$ref": "IPAddress,
"description": "BGP neighbor source address.",
"readonly": true,
"required": false,
"title": "BGP neighbor source address"
},
"transport_node_id": {
"readonly": true,
"required": true,
"title": "Transport node id",
"type": "string"
}
},
"title": "Routes per transport node",
"type": "object"
}
RoutesRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "BaseListRequestParameters
},
"id": "RoutesRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"component_type": {
"description": "Component type define to take the route from CCP.",
"enum": [
"DR_ROUTES"
],
"title": "Define the DR routes.",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"edge_id": {
"description": "UUID of edge node. Edge should be member of enforcement point.",
"title": "UUID of edge node",
"type": "string"
},
"edge_path": {
"description": "Policy path of edge node. Edge should be member of enforcement point.",
"title": "Policy path of edge node",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.",
"title": "Enforcement point path",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"network_prefix": {
"$ref": "IPAddressOrCIDRBlock,
"description": "IPAddress or CIDR network address to filter entries in the table.",
"title": "Network address filter parameter"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"route_source": {
"description": "Filter routes based on the source from which route is learned.",
"enum": [
"BGP",
"STATIC",
"CONNECTED",
"OSPF"
],
"title": "Filter routes based on the source from which route is learned",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Routes request parameters",
"type": "object"
}
RoutingEntry (type)
{
"additionalProperties": false,
"description": "Routing table entry.",
"id": "RoutingEntry",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"admin_distance": {
"description": "Admin distance.",
"readonly": true,
"title": "Admin distance",
"type": "int"
},
"black_hole": {
"description": "Value of this field will be true if given routes are null routes",
"readonly": true,
"required": false,
"title": "BlackHole",
"type": "boolean"
},
"interface": {
"required": false,
"title": "The policy path of the interface which is used as the next hop",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"lr_component_id": {
"required": false,
"title": "Logical router component(Service Router/Distributed Router) id",
"type": "string"
},
"lr_component_type": {
"required": false,
"title": "Logical router component(Service Router/Distributed Router) type",
"type": "string"
},
"network": {
"description": "Network CIDR.",
"readonly": true,
"title": "Network CIDR",
"type": "string"
},
"next_hop": {
"$ref": "IPAddress,
"description": "Next hop address.",
"readonly": true,
"title": "Next hop address"
},
"next_hop_gateway": {
"required": false,
"title": "Next hop gateway path",
"type": "string"
},
"route_type": {
"description": "Route type in routing table. t0c - Tier-0 Connected t0s - Tier-0 Static b - BGP t0n - Tier-0 NAT t1s - Tier-1 Static t1c - Tier-1 Connected t1n: Tier-1 NAT t1l: Tier-1 LB VIP t1ls: Tier-1 LB SNAT t1d: Tier-1 DNS FORWARDER t1ipsec: Tier-1 IPSec isr: Inter-SR",
"readonly": true,
"title": "Route type (USER, CONNECTED, NSX_INTERNAL,..)",
"type": "string"
}
},
"title": "Routing table entry",
"type": "object"
}
RoutingTable (type)
{
"additionalProperties": false,
"description": "Routing table.",
"id": "RoutingTable",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"count": {
"description": "Entry count.",
"readonly": true,
"title": "Entry count",
"type": "int"
},
"edge_node": {
"description": "Transport node ID.",
"readonly": true,
"title": "Transport node ID",
"type": "string"
},
"error_message": {
"description": "Routing table fetch error message, populated only if status if failure.",
"readonly": true,
"title": "Routing table fetch error.",
"type": "string"
},
"route_entries": {
"description": "Route entries.",
"items": {
"$ref": "RoutingEntry
},
"required": true,
"title": "Route entries",
"type": "array"
},
"status": {
"description": "Routing table fetch status from Transport node.",
"enum": [
"SUCCESS",
"FAILURE",
"NOT_FOUND"
],
"readonly": true,
"title": "Routing table fetch status.",
"type": "string"
}
},
"title": "Routing table",
"type": "object"
}
RoutingTableListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "RoutingTableListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Paged Collection of Routes per transport node ID.",
"items": {
"$ref": "RoutingTable,
"title": "Routing table"
},
"required": false,
"title": "Paged Collection of Routes per transport node ID",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
RowListField (type)
{
"additionalProperties": false,
"description": "Root of the api result set for forming rows.",
"id": "RowListField",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"alias": {
"description": "Short name or alias of row list field, if any. If unspecified, the row list field can be referenced by its index in the array of row list fields as $<index> (for example, $0).",
"maxLength": 255,
"title": "Alias Name",
"type": "string"
},
"path": {
"description": "JSON path to the root of the api result set for forming rows.",
"maxLength": 1024,
"required": true,
"title": "JSON path",
"type": "string"
}
},
"title": "List of fields from which rows are formed",
"type": "object"
}
RpAddressMulticastRanges (type)
{
"additionalProperties": false,
"description": "Static IPv4 multicast address and assciated multicast group ranges.",
"id": "RpAddressMulticastRanges",
"module_id": "PolicyMulticast",
"properties": {
"multicast_ranges": {
"description": "Assciated multicast group ranges configuration.",
"items": {
"$ref": "IPCIDRBlock
},
"required": false,
"title": "Assciated multicast group ranges configuration",
"type": "array"
},
"rp_address": {
"$ref": "IPAddress,
"description": "Static IPv4 multicast address configuration.",
"required": true,
"title": "Static IPv4 multicast address configuration"
}
},
"title": "Static IPv4 multicast address and assciated multicast group ranges",
"type": "object"
}
Rule (type)
{
"additionalProperties": false,
"description": "A rule indicates the action to be performed for various types of traffic flowing between workload groups.",
"extends": {
"$ref": "BaseRule
},
"id": "Rule",
"module_id": "Policy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"action": {
"description": "The action to be applied to all the services The JUMP_TO_APPLICATION action is only supported for rules created in the Environment category. Once a match is hit then the rule processing will jump to the rules present in the Application category, skipping all further rules in the Environment category. If no rules match in the Application category then the default application rule will be hit. This is applicable only for DFW.",
"enum": [
"ALLOW",
"DROP",
"REJECT",
"JUMP_TO_APPLICATION"
],
"required": false,
"title": "Action",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Destination group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"destinations_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups",
"readonly": false,
"required": false,
"title": "Negation of destination groups",
"type": "boolean"
},
"direction": {
"default": "IN_OUT",
"description": "Define direction of traffic.",
"enum": [
"IN",
"OUT",
"IN_OUT"
],
"required": false,
"title": "Direction",
"type": "string"
},
"disabled": {
"default": false,
"description": "Flag to deactivate the rule. Default is activated.",
"readonly": false,
"required": false,
"title": "Flag to deactivate the rule",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_protocol": {
"description": "Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.",
"enum": [
"IPV4",
"IPV6",
"IPV4_IPV6"
],
"readonly": false,
"required": false,
"title": "IPv4 vs IPv6 packet type",
"type": "string"
},
"is_default": {
"description": "A flag to indicate whether rule is a default rule.",
"readonly": true,
"required": false,
"title": "Default rule flag",
"type": "boolean"
},
"logged": {
"default": false,
"description": "Flag to enable packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"notes": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.",
"maxLength": 2048,
"readonly": false,
"required": false,
"title": "Text for additional notes on changes",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profiles": {
"description": "Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Layer 7 service profiles or TLS action profile",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"Rule"
],
"relationshipType": "COMMUNICATION_ENTRY_L7_ACCESS_PROFILE_RELATIONSHIP",
"rightType": [
"L7AccessProfile"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_id": {
"description": "This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.",
"readonly": true,
"required": false,
"title": "Unique rule ID",
"type": "integer"
},
"scope": {
"description": "The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier0Interface",
"Tier1Interface",
"Tier0",
"Tier1",
"IPSecVpnSession",
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number",
"minimum": 0,
"required": false,
"title": "Sequence number of the this Rule",
"type": "int"
},
"service_entries": {
"description": "In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.",
"items": {
"$ref": "ServiceEntry
},
"maxItems": 128,
"required": false,
"title": "Raw services",
"type": "array"
},
"services": {
"description": "In order to specify all services, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Names of services",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"source_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Source group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sources_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups",
"readonly": false,
"required": false,
"title": "Negation of source groups",
"type": "boolean"
},
"tag": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.",
"required": false,
"title": "Tag applied on the rule",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A rule specifies the security policy rule between the workload groups",
"type": "object"
}
RuleInsertParameters (type)
{
"description": "Parameters to let the admin specify a relative position of a rule w.r.t to another one in the same security policy. If the rule specified in the anchor_path belongs to another security policy an error will be thrown.",
"extends": {
"$ref": "PolicyInsertParameters
},
"id": "RuleInsertParameters",
"module_id": "Policy",
"properties": {
"anchor_path": {
"required": false,
"title": "The security policy/rule path if operation is 'insert_after' or\n'insert_before'\n",
"type": "string"
},
"operation": {
"default": "insert_top",
"enum": [
"insert_top",
"insert_bottom",
"insert_after",
"insert_before"
],
"required": false,
"title": "Operation",
"type": "string"
}
},
"title": "Parameters to tell where rule needs to be placed",
"type": "object"
}
RuleListRequestParameters (type)
{
"additionalProperties": false,
"description": "By default, if sort_by is missing, then rules will be sorted based on sequence_number and then on rule_id as second level sorting criteria.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "RuleListRequestParameters",
"module_id": "Policy",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Rule list request parameters",
"type": "object"
}
RuleListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "BaseRuleListResult
},
"id": "RuleListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Rule
},
"required": true,
"title": "Rule list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Rules",
"type": "object"
}
RuleStatistics (type)
{
"extends": {
"$ref": "Resource
},
"id": "RuleStatistics",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"byte_count": {
"description": "Aggregated number of bytes processed by the rule.",
"readonly": true,
"required": false,
"title": "Bytes count",
"type": "integer"
},
"hit_count": {
"description": "Aggregated number of hits received by the rule.",
"readonly": true,
"required": false,
"title": "Hits count",
"type": "integer"
},
"internal_rule_id": {
"description": "Realized id of the rule on NSX MP. Policy Manager can create more than one rule per policy rule, in which case this identifier helps to distinguish between the multple rules created.",
"readonly": true,
"required": false,
"title": "NSX internal rule id",
"type": "string"
},
"l7_accept_count": {
"description": "Aggregated number of L7 Profile Accepted counters received by the rule.",
"readonly": true,
"required": false,
"title": "L7 Accept count",
"type": "integer"
},
"l7_reject_count": {
"description": "Aggregated number of L7 Profile Rejected counters received by the rule.",
"readonly": true,
"required": false,
"title": "L7 Reject count",
"type": "integer"
},
"l7_reject_with_response_count": {
"description": "Aggregated number of L7 Profile Rejected with Response counters received by the rule.",
"readonly": true,
"required": false,
"title": "L7 Reject with response count",
"type": "integer"
},
"lr_path": {
"description": "Path of the LR on which the section is applied in case of Edge FW.",
"readonly": true,
"required": false,
"title": "Logical Router (Tier-0/Tier1) path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"max_popularity_index": {
"description": "Maximum value of popularity index of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.",
"readonly": true,
"required": false,
"title": "The maximum popularity index",
"type": "integer"
},
"max_session_count": {
"description": "Maximum value of sessions count of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.",
"readonly": true,
"required": false,
"title": "Maximum Sessions count",
"type": "integer"
},
"packet_count": {
"description": "Aggregated number of packets processed by the rule.",
"readonly": true,
"required": false,
"title": "Packets count",
"type": "integer"
},
"popularity_index": {
"description": "This is calculated by sessions count divided by age of the rule.",
"readonly": true,
"required": false,
"title": "The index of the popularity of rule",
"type": "integer"
},
"rule": {
"description": "Path of the rule.",
"readonly": true,
"required": false,
"title": "Rule path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"session_count": {
"description": "Aggregated number of sessions processed by the rule.",
"readonly": true,
"required": false,
"title": "sessions count",
"type": "integer"
},
"total_session_count": {
"description": "Aggregated number of sessions processed by all the rules This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.",
"readonly": true,
"required": false,
"title": "Total Sessions count",
"type": "integer"
}
},
"type": "object"
}
RuleStatisticsForEnforcementPoint (type)
{
"description": "Rule statistics for a specfic enforcement point.",
"id": "RuleStatisticsForEnforcementPoint",
"module_id": "Policy",
"properties": {
"container_cluster_path": {
"description": "Rule statistics for a single container cluster",
"readonly": true,
"required": false,
"title": "Cluster container path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"enforcement_point": {
"description": "Rule statistics for a single enforcement point",
"readonly": true,
"required": false,
"title": "Enforcement point path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"statistics": {
"$ref": "RuleStatistics,
"description": "Statistics for the specified enforcement point",
"readonly": true,
"required": false,
"title": "Rule Statistics"
}
},
"title": "Rule statistics for an enforcement point",
"type": "object"
}
RuleStatisticsListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "RuleStatisticsListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "RuleStatisticsForEnforcementPoint
},
"required": true,
"title": "RuleStatistics list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of rule statistics",
"type": "object"
}
RuntimeState (type)
{
"additionalProperties": false,
"description": "Runtime State.",
"enum": [
"UNINITIALIZED",
"UNKNOWN",
"UP",
"DOWN",
"DEGRADED",
"SUCCESS",
"FAILURE",
"IN_PROGRESS"
],
"id": "RuntimeState",
"module_id": "PolicyRealizationStatus",
"title": "Runtime State",
"type": "string"
}
SamlTokenLoginCredential (type)
{
"additionalProperties": false,
"description": "Details of saml token based credential to login to server.",
"extends": {
"$ref": "LoginCredential
},
"id": "SamlTokenLoginCredential",
"module_id": "Types",
"polymorphic-type-descriptor": {
"type-identifier": "SamlTokenLoginCredential"
},
"properties": {
"credential_type": {
"description": "Possible values are 'UsernamePasswordLoginCredential', 'VerifiableAsymmetricLoginCredential', 'SessionLoginCredential'.",
"required": true,
"title": "Login credential, for example username-password-thumbprint, certificate or session based, etc",
"type": "string"
},
"thumbprint": {
"description": "Thumbprint of the server.",
"readonly": false,
"required": false,
"title": "Thumbprint of the server",
"type": "string"
},
"token": {
"description": "The saml token to login to server.",
"readonly": false,
"required": false,
"sensitive": true,
"title": "The saml token to login to server",
"type": "secure_string"
}
},
"title": "A login credential specifying saml token",
"type": "object"
}
ScimSearchListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ScimSearchListResult",
"module_id": "CertificateManager",
"nsx_feature": "OIDC",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ScimSearchResult
},
"required": true,
"title": "Search results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SCIM search list result",
"type": "object"
}
ScimSearchRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "ScimSearchRequestParameters",
"module_id": "CertificateManager",
"nsx_feature": "OIDC",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"search_string": {
"description": "Search for users and groups whose name or login ID begins with the given string. If the string contains any special characters such as ' ' or '/', they must be escaped by replacing the special character with '%XX', where XX is a two-digit hexadecimal number.",
"required": true,
"title": "Search filter\n",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SCIM search request parameters",
"type": "object"
}
ScimSearchResult (type)
{
"description": "One user or group entry in a list of SCIM search results",
"id": "ScimSearchResult",
"module_id": "CertificateManager",
"nsx_feature": "OIDC",
"properties": {
"display_name": {
"readonly": true,
"required": true,
"title": "User's Full Name Or User Group's Display Name",
"type": "string"
},
"domain": {
"readonly": true,
"required": true,
"title": "Domain name information",
"type": "string"
},
"name": {
"description": "The unique name of the user or group.",
"readonly": true,
"required": true,
"title": "User name or group name",
"type": "string"
},
"type": {
"enum": [
"remote_user",
"remote_group"
],
"readonly": true,
"required": true,
"title": "Type",
"type": "string"
}
},
"title": "SCIM search result",
"type": "object"
}
ScpProtocol (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Protocol
},
"id": "ScpProtocol",
"polymorphic-type-descriptor": {
"type-identifier": "scp"
},
"properties": {
"authentication_scheme": {
"$ref": "PasswordAuthenticationScheme,
"required": true,
"title": "Scheme to authenticate if required"
},
"host_key_algorithms": {
"default": [
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521"
],
"description": "Supported host key algorithms for SSH/SFTP connection.<br /> <i>Algorithms are preferred in the order they are specified in list.</i>",
"items": {
"$ref": "HostKeyAlgorithms
},
"minItems": 1,
"required": false,
"title": "Host key algorithms",
"type": "array"
},
"name": {
"enum": [
"http",
"https",
"scp",
"sftp"
],
"required": true,
"title": "Protocol name",
"type": "string"
},
"ssh_fingerprint": {
"required": true,
"title": "SSH fingerprint of server",
"type": "string"
}
},
"type": "object"
}
SearchQueryRequest (type)
{
"additionalProperties": false,
"description": "Search query request.",
"extends": {
"$ref": "ListRequestParameters
},
"id": "SearchQueryRequest",
"module_id": "Search",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"query": {
"description": "The syntax of query is described in Search API documentation.",
"required": true,
"title": "Search query",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SearchQueryRequest",
"type": "object"
}
SearchResponse (type)
{
"additionalProperties": false,
"description": "Search response",
"extends": {
"$ref": "ListResult
},
"id": "SearchResponse",
"module_id": "Search",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "List of records matching the search query.",
"items": {
"type": "object"
},
"readonly": true,
"title": "Search results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SearchResponse",
"type": "object"
}
SecurityFeature (type)
{
"additionalProperties": false,
"extends": {
"$ref": "SecurityFeatureBase
},
"id": "SecurityFeature",
"module_id": "PolicyGatewaySecurityFeature",
"properties": {
"enable": {
"default": false,
"description": "true - activate the feature, false - deactivate the feture",
"required": true,
"title": "Flag to activate/deactivate",
"type": "boolean"
},
"feature": {
"$ref": "SecurityFeaturesSupported,
"required": true
}
},
"title": "T1 Security feature entity with feature details",
"type": "object"
}
SecurityFeatureBase (type)
{
"additionalProperties": false,
"id": "SecurityFeatureBase",
"module_id": "PolicyGatewaySecurityFeature",
"properties": {
"enable": {
"default": false,
"description": "true - activate the feature, false - deactivate the feture",
"required": true,
"title": "Flag to activate/deactivate",
"type": "boolean"
}
},
"title": "Security Feature feature entity",
"type": "object"
}
SecurityFeatures (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "SecurityFeatures",
"module_id": "PolicyGatewaySecurityFeature",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"features": {
"items": {
"$ref": "SecurityFeature
},
"required": true,
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "T1 Security features entity with feature details",
"type": "object"
}
SecurityFeaturesSupported (type)
{
"description": "Feature to be activated/deactivated. IDPS - Intrusion Detection System TLS - Transport Layer Security Inspection MALWAREPREVENTION - Malware Prevention GFW_MULTICAST - Multicast on GFW Use any one of this to enable/disabe it.",
"enum": [
"MALWAREPREVENTION",
"IDFW",
"IDPS",
"TLS"
],
"id": "SecurityFeaturesSupported",
"module_id": "PolicyGatewaySecurityFeature",
"readonly": true,
"required": false,
"title": "Collection of T1 supported security features",
"type": "string"
}
SecurityPolicy (type)
{
"description": "Ordered list of Rules.",
"extends": {
"$ref": "Policy
},
"id": "SecurityPolicy",
"module_id": "Policy",
"policy_hierarchical_children": [
"ChildRule"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"application_connectivity_strategy": {
"description": "This field indicates the application connectivity policy for the security policy.",
"items": {
"$ref": "ApplicationConnectivityStrategy
},
"maxItems": 3,
"required": false,
"title": "List of Application Connectivity strategy for this SecurityPolicy",
"type": "array"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"connectivity_preference": {
"description": "This field indicates the default connectivity policy for the security policy. Based on the connectivity preference, a default rule for this security policy will be created. An appropriate action will be set on the rule based on the value of the connectivity preference. If NONE is selected or no connectivity preference is specified, then no default rule for the security policy gets created. The default rule that gets created will be a any-any rule and applied to entities specified in the scope of the security policy. Specifying the connectivity_preference without specifying the scope is not allowed. The scope has to be a Group and one cannot specify IPAddress directly in the group that is used as scope. This default rule is only applicable for the Layer3 security policies. ALLOWLIST - Adds a default drop rule. Administrator can then use \"allow\" rules to allow traffic between groups DENYLIST - Adds a default allow rule. Admin can then use \"drop\" rules to block traffic between groups ALLOWLIST_ENABLE_LOGGING - Allowlisting with logging enabled DENYLIST_ENABLE_LOGGING - Denylisting with logging enabled NONE - No default rule is created.",
"enum": [
"ALLOWLIST",
"DENYLIST",
"ALLOWLIST_ENABLE_LOGGING",
"DENYLIST_ENABLE_LOGGING",
"NONE"
],
"required": false,
"title": "Connectivity preference applicable for this SecurityPolicy",
"type": "string"
},
"connectivity_strategy": {
"deprecated": true,
"description": "This field indicates the default connectivity policy for the security policy. Based on the connectivity strategy, a default rule for this security policy will be created. An appropriate action will be set on the rule based on the value of the connectivity strategy. If NONE is selected or no connectivity strategy is specified, then no default rule for the security policy gets created. The default rule that gets created will be a any-any rule and applied to entities specified in the scope of the security policy. Specifying the connectivity_strategy without specifying the scope is not allowed. The scope has to be a Group and one cannot specify IPAddress directly in the group that is used as scope. This default rule is only applicable for the Layer3 security policies. This property is deprecated. Use the type connectivity_preference instead. WHITELIST - Adds a default drop rule. Administrator can then use \"allow\" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use \"drop\" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rule is created.",
"enum": [
"WHITELIST",
"BLACKLIST",
"WHITELIST_ENABLE_LOGGING",
"BLACKLIST_ENABLE_LOGGING",
"NONE"
],
"required": false,
"title": "Connectivity strategy applicable for this SecurityPolicy",
"type": "string"
},
"default_rule_id": {
"description": "Based on the value of the connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule.",
"readonly": true,
"required": false,
"title": "Default rule ID associated with the connectivity_preference",
"type": "integer"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"logging_enabled": {
"default": false,
"deprecated": true,
"description": "This property is deprecated. Flag to enable logging for all the rules in the security policy. If the value is true then logging will be enabled for all the rules in the security policy. If the value is false, then the rule level logging value will be honored.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"rules": {
"items": {
"$ref": "Rule
},
"required": false,
"title": "Rules that are a part of this SecurityPolicy",
"type": "array"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of Rules",
"type": "object"
}
SecurityPolicyInsertParameters (type)
{
"description": "Parameters to let the admin specify a relative position of a security policy w.r.t to another one.",
"extends": {
"$ref": "PolicyInsertParameters
},
"id": "SecurityPolicyInsertParameters",
"module_id": "Policy",
"properties": {
"anchor_path": {
"required": false,
"title": "The security policy/rule path if operation is 'insert_after' or\n'insert_before'\n",
"type": "string"
},
"operation": {
"default": "insert_top",
"enum": [
"insert_top",
"insert_bottom",
"insert_after",
"insert_before"
],
"required": false,
"title": "Operation",
"type": "string"
}
},
"title": "Parameters to tell where security policy needs to be placed",
"type": "object"
}
SecurityPolicyListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "SecurityPolicyListRequestParameters",
"module_id": "Policy",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"include_rule_count": {
"default": false,
"description": "If true, populate the rule_count field with the count of rules in the particular policy. By default, rule_count will not be populated.",
"required": false,
"title": "Include the count of rules in policy",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SecurityPolicy list request parameters",
"type": "object"
}
SecurityPolicyListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListResult
},
"id": "SecurityPolicyListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SecurityPolicy
},
"required": true,
"title": "SecurityPolicy list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of security policies",
"type": "object"
}
SecurityPolicyStatistics (type)
{
"description": "Aggregate statistics of all the rules in a security policy.",
"id": "SecurityPolicyStatistics",
"module_id": "Policy",
"properties": {
"internal_section_id": {
"description": "Realized id of the section on NSX MP. Policy Manager can create more than one section per SecurityPolicy, in which case this identifier helps to distinguish between the multiple sections created.",
"readonly": true,
"required": false,
"title": "NSX internal section id",
"type": "string"
},
"lr_path": {
"description": "Path of the LR on which the section is applied in case of Gateway Firewall.",
"readonly": true,
"required": false,
"title": "Logical Router (Tier-0/Tier1) path",
"type": "string"
},
"result_count": {
"description": "Total count for rule statistics",
"readonly": true,
"required": true,
"title": "Rule stats count",
"type": "integer"
},
"results": {
"description": "List of rule statistics.",
"items": {
"$ref": "RuleStatistics
},
"maxItems": 1000,
"readonly": true,
"required": false,
"title": "Statistics for all rules",
"type": "array"
}
},
"title": "Security policy statistics",
"type": "object"
}
SecurityPolicyStatisticsForEnforcementPoint (type)
{
"description": "Aggregate statistics of all the rules in a security policy for a specific enforcement point.",
"id": "SecurityPolicyStatisticsForEnforcementPoint",
"module_id": "Policy",
"properties": {
"container_cluster_path": {
"description": "Security Policy statistics for a single container cluster",
"readonly": true,
"required": false,
"title": "Cluster container path",
"type": "string"
},
"enforcement_point": {
"description": "Enforcement point to fetch the statistics from.",
"readonly": true,
"required": false,
"title": "Enforcement point path",
"type": "string"
},
"statistics": {
"$ref": "SecurityPolicyStatistics,
"description": "Statistics for the specified enforcement point",
"readonly": true,
"required": false,
"title": "Security Policy Statistics"
}
},
"title": "Security policy statistics for an enforcement point",
"type": "object"
}
SecurityPolicyStatisticsListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SecurityPolicyStatisticsListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SecurityPolicyStatisticsForEnforcementPoint
},
"required": true,
"title": "Security Policy statistics list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Security Policy statistics",
"type": "object"
}
SecurityProfileBindingMap (type)
{
"abstract": true,
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "SecurityProfileBindingMap",
"module_id": "PolicySecurityProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Base security profile binding map",
"type": "object"
}
Segment (type)
{
"additionalProperties": false,
"description": "Segment configuration to attach workloads.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Segment",
"module_id": "PolicyConnectivity",
"policy_hierarchical_children": [
"ChildDhcpStaticBindingConfig",
"ChildSegmentDiscoveryProfileBindingMap",
"ChildSegmentPort",
"ChildSegmentQoSProfileBindingMap",
"ChildSegmentSecurityProfileBindingMap",
"ChildStaticARPConfig"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"address_bindings": {
"deprecated": true,
"description": "Static address binding used for the Segment. This field is deprecated and will be removed in a future release. Please use address_bindings in SegmentPort to configure static bindings.",
"items": {
"$ref": "PortAddressBindingEntry
},
"maxItems": 512,
"required": false,
"title": "Address bindings for the Segment",
"type": "array"
},
"admin_state": {
"default": "UP",
"description": "Admin state represents desired state of segment. It does not reflect the state of other logical entities connected/attached to the segment.",
"enum": [
"UP",
"DOWN"
],
"required": false,
"title": "Represents Desired state of the Segment",
"type": "string"
},
"advanced_config": {
"$ref": "SegmentAdvancedConfig,
"description": "Advanced configuration for Segment.",
"required": false,
"title": "Advanced configuration for Segment"
},
"bridge_profiles": {
"description": "Multiple distinct L2 bridge profiles can be configured.",
"items": {
"$ref": "BridgeProfileConfig
},
"title": "Bridge Profile Configuration",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"connectivity_path": {
"description": "Policy path to the connecting Tier-0 or Tier-1 or label of type Tier0. Valid only for segments created under Infra. This field can only be used for overlay segments. VLAN backed segments cannot have connectivity path set.",
"required": false,
"title": "Policy path to the connecting Tier-0 or Tier-1 or label of type Tier0",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "NETWORK_INFRA_SEGMENT_RELATIONSHIP",
"rightType": [
"Tier1"
]
},
{
"leftType": [
"Segment"
],
"relationshipType": "PROVIDER_INFRA_SEGMENT_RELATIONSHIP",
"rightType": [
"Tier0"
]
},
{
"leftType": [
"Segment"
],
"relationshipType": "SEGMENT_TIER0_LABEL_RELATIONSHIP",
"rightType": [
"Label"
]
}
]
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_config_path": {
"description": "Policy path to DHCP server or relay configuration to use for all IPv4 & IPv6 subnets configured on this segment.",
"required": false,
"title": "Policy path to DHCP configuration",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "DHCP_SERVER_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpServerConfig"
]
},
{
"leftType": [
"Segment"
],
"relationshipType": "DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"domain_name": {
"required": false,
"title": "DNS domain name",
"type": "string"
},
"evpn_segment": {
"description": "Flag to indicate if the Segment is a Child-Segment of type EVPN.",
"readonly": true,
"title": "Evpn Segment Flag.",
"type": "boolean"
},
"evpn_tenant_config_path": {
"description": "Policy path to the EvpnTenantConfig resource. Supported only for Route-Server Evpn Mode. Supported only for Overlay Segments. This will be populated for both Parent and Child segments participating in Evpn Route-Server Mode.",
"required": false,
"title": "Policy path to the EvpnTenantConfig",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "SEGMENT_EVPN_TENANT_CONFIG_RELATIONSHIP",
"rightType": [
"EvpnTenantConfig"
]
}
]
},
"extra_configs": {
"description": "This property could be used for vendor specific configuration in key value string pairs, the setting in extra_configs will be automatically inheritted by segment ports in the Segment.",
"items": {
"$ref": "SegmentExtraConfig
},
"required": false,
"title": "Extra configs on Segment",
"type": "array"
},
"federation_config": {
"$ref": "FederationConnectivityConfig,
"description": "Additional config for federation.",
"readonly": true,
"title": "Federation releated config"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"l2_extension": {
"$ref": "L2Extension,
"required": false,
"title": "Configuration for extending Segment through L2 VPN"
},
"ls_id": {
"deprecated": true,
"description": "This property is deprecated. The property will continue to work as expected for existing segments. The segments that are newly created with ls_id will be ignored. Sepcify pre-creted logical switch id for Segment.",
"required": false,
"title": "Pre-created logical switch id for Segment",
"type": "string"
},
"mac_pool_id": {
"description": "Mac pool id that associated with a Segment.",
"required": false,
"title": "Allocation mac pool associated with the Segment",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"metadata_proxy_paths": {
"description": "Policy path to metadata proxy configuration. Multiple distinct MD proxies can be configured.",
"items": {
"type": "string"
},
"title": "Metadata Proxy Configuration Paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "SEGMENT_METADATA_PROXY_RELATIONSHIP",
"rightType": [
"MetadataProxyConfig"
]
}
]
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overlay_id": {
"description": "Used for overlay connectivity of segments. The overlay_id should be allocated from the pool as definied by enforcement-point. If not provided, it is auto-allocated from the default pool on the enforcement-point.",
"maximum": 2147483647,
"minimum": 0,
"required": false,
"title": "Overlay connectivity ID for this Segment",
"type": "int"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"replication_mode": {
"default": "MTEP",
"description": "If this field is not set for overlay segment, then the default of MTEP will be used.",
"enum": [
"MTEP",
"SOURCE"
],
"required": false,
"title": "Replication mode of the Segment",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"subnets": {
"items": {
"$ref": "SegmentSubnet
},
"required": false,
"title": "Subnet configuration. Max 1 subnet",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_zone_path": {
"description": "Policy path to the transport zone. Supported for VLAN backed segments as well as Overlay Segments. - This field is required for VLAN backed Segments. - For overlay Segments, it is auto assigned if only one transport zone exists in the enforcement point. Default transport zone is auto assigned for overlay segments if none specified.",
"required": false,
"title": "Policy path to the transport zone",
"type": "string"
},
"type": {
"description": "Segment type based on configuration.",
"enum": [
"ROUTED",
"EXTENDED",
"ROUTED_AND_EXTENDED",
"DISCONNECTED"
],
"readonly": true,
"title": "Segment type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"vlan_ids": {
"description": "VLAN ids for a VLAN backed Segment. Can be a VLAN id or a range of VLAN ids specified with '-' in between.",
"items": {
"type": "string"
},
"required": false,
"title": "VLAN ids for VLAN backed Segment",
"type": "array"
}
},
"title": "Segment configuration",
"type": "object"
}
SegmentAdvancedConfig (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ConnectivityAdvancedConfig
},
"id": "SegmentAdvancedConfig",
"module_id": "PolicyConnectivity",
"properties": {
"address_pool_paths": {
"description": "Policy path to IP address pools.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "Policy path to IP address pools",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "IP_POOL_CONSUMER_RELATIONSHIP",
"rightType": [
"IpAddressPool"
]
}
]
},
"connectivity": {
"default": "ON",
"description": "Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity.",
"enum": [
"ON",
"OFF"
],
"required": false,
"title": "Connectivity configuration",
"type": "string"
},
"hybrid": {
"default": false,
"description": "When set to true, all the ports created on this segment will behave in a hybrid fashion. The hybrid port indicates to NSX that the VM intends to operate in underlay mode, but retains the ability to forward egress traffic to the NSX overlay network. This property is only applicable for segment created with transport zone type OVERLAY_STANDARD. This property cannot be modified after segment is created.",
"required": false,
"title": "Flag to identify a hybrid logical switch",
"type": "boolean"
},
"inter_router": {
"default": false,
"description": "When set to true, any port attached to this logical switch will not be visible through VC/ESX UI",
"required": false,
"title": "Flag to indicate if the logical switch will provide inter-router connectivity",
"type": "boolean"
},
"local_egress": {
"default": false,
"description": "This property is used to enable proximity routing with local egress. When set to true, logical router interface (downlink) connecting Segment to Tier0/Tier1 gateway is configured with prefix-length 32.",
"required": false,
"title": "Flag to enable local egress",
"type": "boolean"
},
"local_egress_routing_policies": {
"description": "An ordered list of routing policies to forward traffic to the next hop.",
"items": {
"$ref": "LocalEgressRoutingEntry
},
"minItems": 1,
"required": false,
"title": "Local egress routing policies",
"type": "array"
},
"multicast": {
"description": "Enable multicast on the downlink LRP created to connect the segment to Tier0/Tier1 gateway.",
"required": false,
"title": "Enable multicast on the downlink",
"type": "boolean"
},
"ndra_profile_path": {
"description": "This profile is applie dto the downlink logical router port created while attaching this semgnet to tier-0 or tier-1. If this field is empty, NDRA profile of the router is applied to the newly created port.",
"required": false,
"title": "Policy path of Neighbor Discovery Router Advertisement profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Segment"
],
"relationshipType": "SEGMENT_NDRA_PROFILE_RELATIONSHIP",
"rightType": [
"Ipv6NdraProfile"
]
}
]
},
"node_local_switch": {
"description": "A behaviour required for Firewall As A Service (FaaS) where the segment BUM traffic is confined within the edge node that this segment belongs to.",
"required": false,
"title": "Prevent BUM (broadcast, unknown-unicast and multicast) traffic from reaching the other spanned edges",
"type": "boolean"
},
"origin_id": {
"description": "ID populated by NSX when NSX on DVPG is used to indicate the source DVPG. Currently, only DVPortgroups are identified as Discovered Segments. The origin_id is the identifier of DVPortgroup from the source vCenter server.",
"required": false,
"title": "ID of the discovered Segment representing a network managed by non-NSX entity.",
"type": "string"
},
"origin_type": {
"description": "The type of source from where the DVPortgroup is discovered",
"enum": [
"VCENTER"
],
"title": "The DVPortgroup origin type",
"type": "string"
},
"uplink_teaming_policy_name": {
"description": "The name of the switching uplink teaming policy for the Segment. This name corresponds to one of the switching uplink teaming policy names listed in TransportZone associated with the Segment. See transport_zone_path property above for more details. When this property is not specified, the segment will not have a teaming policy associated with it and the host switch's default teaming policy will be used by MP.",
"title": "Uplink Teaming Policy Name",
"type": "string"
},
"urpf_mode": {
"default": "STRICT",
"description": "This URPF mode is applied to the downlink logical router port created while attaching this segment to tier-0 or tier-1.",
"enum": [
"NONE",
"STRICT"
],
"required": false,
"title": "Unicast Reverse Path Forwarding mode",
"type": "string"
}
},
"title": "Advanced configuration for Segment",
"type": "object"
}
SegmentConfigurationState (type)
{
"additionalProperties": false,
"description": "Segment state on specific Enforcement Point. The details section in SegmentConfigurationState contains the list of out of sync hosts which are present in the transport zone that is associated with the segment. Out of Sync hosts are the host transport nodes which are not fully synced.",
"extends": {
"$ref": "ConfigurationState
},
"id": "SegmentConfigurationState",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"details": {
"items": {
"$ref": "ConfigurationStateElement
},
"readonly": true,
"required": false,
"title": "Array of configuration state of various sub systems",
"type": "array"
},
"failure_code": {
"readonly": true,
"required": false,
"title": "Error code",
"type": "integer"
},
"failure_message": {
"readonly": true,
"required": false,
"title": "Error message in case of failure",
"type": "string"
},
"segment_path": {
"readonly": true,
"required": false,
"title": "Segment path",
"type": "string"
},
"state": {
"description": "Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. \"in_sync\" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to \"success\". Please note, failed state is deprecated.",
"enum": [
"pending",
"in_progress",
"success",
"failed",
"partial_success",
"orphaned",
"unknown",
"error",
"in_sync",
"NOT_AVAILABLE",
"VM_DEPLOYMENT_QUEUED",
"VM_DEPLOYMENT_IN_PROGRESS",
"VM_DEPLOYMENT_FAILED",
"VM_POWER_ON_IN_PROGRESS",
"VM_POWER_ON_FAILED",
"REGISTRATION_PENDING",
"NODE_NOT_READY",
"NODE_READY",
"VM_POWER_OFF_IN_PROGRESS",
"VM_POWER_OFF_FAILED",
"VM_UNDEPLOY_IN_PROGRESS",
"VM_UNDEPLOY_FAILED",
"VM_UNDEPLOY_SUCCESSFUL",
"EDGE_CONFIG_ERROR",
"VM_DEPLOYMENT_RESTARTED",
"REGISTRATION_FAILED",
"TRANSPORT_NODE_SYNC_PENDING",
"TRANSPORT_NODE_CONFIGURATION_MISSING",
"EDGE_HARDWARE_NOT_SUPPORTED",
"MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED",
"TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER",
"TZ_ENDPOINTS_NOT_SPECIFIED",
"NO_PNIC_PREPARED_IN_EDGE",
"APPLIANCE_INTERNAL_ERROR",
"VTEP_DHCP_NOT_SUPPORTED",
"UNSUPPORTED_HOST_SWITCH_PROFILE",
"UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED",
"HOSTSWITCH_PROFILE_NOT_FOUND",
"LLDP_SEND_ENABLED_NOT_SUPPORTED",
"UNSUPPORTED_NAMED_TEAMING_POLICY",
"LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM",
"LACP_NOT_SUPPORTED_FOR_EDGE_VM",
"STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM",
"MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE",
"UNSUPPORTED_LACP_LB_ALGO_FOR_NODE",
"EDGE_NODE_VERSION_NOT_SUPPORTED",
"NO_PNIC_SPECIFIED_IN_TN",
"INVALID_PNIC_DEVICE_NAME",
"TRANSPORT_NODE_READY",
"VM_NETWORK_EDIT_PENDING",
"UNSUPPORTED_DEFAULT_TEAMING_POLICY",
"MPA_DISCONNECTED",
"VM_RENAME_PENDING",
"VM_CONFIG_EDIT_PENDING",
"VM_NETWORK_EDIT_FAILED",
"VM_RENAME_FAILED",
"VM_CONFIG_EDIT_FAILED",
"VM_CONFIG_DISCREPANCY",
"VM_NODE_REFRESH_FAILED",
"VM_PLACEMENT_REFRESH_FAILED",
"REGISTRATION_TIMEDOUT",
"REPLACE_FAILED",
"UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED",
"LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING",
"DELETE_VM_IN_REDEPLOY_FAILED",
"DEPLOY_VM_IN_REDEPLOY_FAILED",
"INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE",
"VM_RESOURCE_RESERVATION_FAILED",
"DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER",
"DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"EDGE_NODE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE",
"EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE",
"EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE",
"COMPUTE_MANAGER_NOT_FOUND",
"DELETE_IN_PROGRESS",
"ADVANCED_CONFIG_EDIT_FAILED",
"UPT_MODE_REALIZATION_POLL_TIMED_OUT",
"DATAPATH_CONFIGURATION_EDIT_FAILED",
"MAINTENANCE_MODE_ENABLED",
"ERROR_IN_ENABLE_MAINTENANCE_MODE",
"ERROR_IN_DISABLE_MAINTENANCE_MODE",
"CONFIGURE_UPT_ON_VM_FAILED",
"VM_VERSION_IS_UPT_INCOMPATIBLE",
"DELETE_FAILED_FOR_DIFFERENT_MOREF_ID",
"DELETE_FAILED_ON_VM_NOT_FOUND",
"DELETE_FAILED_FOR_NON_LCM_EDGE",
"ADVANCED_CONFIG_EDIT_PENDING",
"DUPLICATE_VLANS_SHARING_SAME_PNIC",
"MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING",
"REDEPLOY_ACTIVITY_FAILED",
"REDEPLOY_ACTIVITY_IN_PROGRESS",
"REDEPLOY_ACTIVITY_SCHEDULED",
"REDEPLOY_ACTIVITY_SUCCESSFUL",
"REPLACE_ACTIVITY_FAILED",
"REPLACE_ACTIVITY_IN_PROGRESS",
"REPLACE_ACTIVITY_SCHEDULED",
"REPLACE_ACTIVITY_SUCCESSFUL",
"REPLACED_RPC_CLIENT_OF_TN",
"RETRYING_REPLACE",
"UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR",
"VM_REDEPLOY_FAILED",
"VM_RESOURCE_RESERVATION_EDIT_PENDING",
"REDEPLOYED_VM_REGISTRATION_PENDING"
],
"readonly": true,
"required": true,
"title": "Overall state of desired configuration",
"type": "string"
}
},
"title": "Segment state on specific Enforcement Point",
"type": "object"
}
SegmentConfigurationStateListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SegmentConfigurationStateListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Paged Collection of Segment State on specific Enforcement Point",
"items": {
"$ref": "SegmentConfigurationState
},
"required": false,
"title": "Paged Collection of Segment State on specific Enforcement Point",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
SegmentConnectionBindingMap (type)
{
"additionalProperties": false,
"description": "Segment with this binding map indicates the connection between this segment and another one to enable advances in IPAM, Routing, and NAT for Kubernetes workloads with Antrea",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "SegmentConnectionBindingMap",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"segment_path": {
"description": "Path of the parent segment with VIF port",
"required": true,
"title": "Policy path to the segment",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SegmentConnectionBindingMap"
],
"relationshipType": "SEGMENT_CONNECTION_BINDING_MAP_RELATIONSHIP",
"rightType": [
"Segment"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"vlan_traffic_tag": {
"$ref": "VlanID,
"description": "VLAN ID used to identify traffic between segment and parent segment",
"required": true,
"title": "VLAN id indicates which connected segment the package should be forwarded"
}
},
"title": "Vendor specific configuration on Segment for Kubernetes workloads with Antrea",
"type": "object"
}
SegmentCrossSiteTrafficStats (type)
{
"additionalProperties": false,
"description": "Provides the cross-site traffic statistics of a global segment. It provides the aggregated incoming and outgoing cross-site packet statistics and packet drops.",
"id": "SegmentCrossSiteTrafficStats",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the l2 forwarder statistics was last updated.",
"readonly": true,
"required": true,
"title": "Last updated timestamp"
},
"rx_stats": {
"$ref": "InterSitePortCounters,
"description": "Provides the aggregated incoming cross-site packet counters on the global segment. It includes the total number of packets received and dropped while receiving.",
"readonly": true,
"title": "Received data counters"
},
"segment_path": {
"description": "Policy path of Segment to attach interface.",
"readonly": true,
"required": true,
"title": "Policy path of Segment to attach interface",
"type": "string"
},
"tx_stats": {
"$ref": "InterSitePortCounters,
"description": "Provides the aggregated outgoing cross-site packet counters on the global segment. It includes the total number of packets sent and dropped while sending.",
"readonly": true,
"title": "Sent data counters"
}
},
"title": "Segment cross-site statistics",
"type": "object"
}
SegmentDeleteRequestParameters (type)
{
"additionalProperties": false,
"id": "SegmentDeleteRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cascade": {
"default": false,
"description": "When the flag is true, all segment ports associated with this segment are detached and deleted.",
"required": false,
"title": "Flag to specify whether to delete related segment ports",
"type": "boolean"
}
},
"title": "Segment delete request parameters",
"type": "object"
}
SegmentDhcpConfig (type)
{
"abstract": true,
"additionalProperties": false,
"description": "DHCP IPv4 and IPv6 configurations are extended from this abstract class.",
"id": "SegmentDhcpConfig",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"dns_servers": {
"description": "IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property.",
"items": {
"$ref": "IPAddress
},
"maxItems": 2,
"required": false,
"title": "DNS servers for subnet",
"type": "array"
},
"lease_time": {
"default": 86400,
"description": "DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config.",
"maximum": 4294967295,
"minimum": 60,
"required": false,
"title": "DHCP lease time for subnet",
"type": "integer"
},
"resource_type": {
"enum": [
"SegmentDhcpV4Config",
"SegmentDhcpV6Config"
],
"required": true,
"type": "string"
},
"server_address": {
"$ref": "IPCIDRBlock,
"description": "IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment.",
"required": false,
"title": "IP address of the DHCP server"
}
},
"title": "DHCP configuration for segment subnet",
"type": "object"
}
SegmentDhcpV4Config (type)
{
"additionalProperties": false,
"extends": {
"$ref": "SegmentDhcpConfig
},
"id": "SegmentDhcpV4Config",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "SegmentDhcpV4Config"
},
"properties": {
"dns_servers": {
"description": "IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property.",
"items": {
"$ref": "IPAddress
},
"maxItems": 2,
"required": false,
"title": "DNS servers for subnet",
"type": "array"
},
"lease_time": {
"default": 86400,
"description": "DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config.",
"maximum": 4294967295,
"minimum": 60,
"required": false,
"title": "DHCP lease time for subnet",
"type": "integer"
},
"options": {
"$ref": "DhcpV4Options,
"description": "IPv4 DHCP options for segment subnet.",
"required": false,
"title": "DHCP options"
},
"resource_type": {
"enum": [
"SegmentDhcpV4Config",
"SegmentDhcpV6Config"
],
"required": true,
"type": "string"
},
"server_address": {
"$ref": "IPCIDRBlock,
"description": "IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment.",
"required": false,
"title": "IP address of the DHCP server"
}
},
"title": "DHCP configuration of IPv4 subnet in a segment",
"type": "object"
}
SegmentDhcpV6Config (type)
{
"additionalProperties": false,
"extends": {
"$ref": "SegmentDhcpConfig
},
"id": "SegmentDhcpV6Config",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "SegmentDhcpV6Config"
},
"properties": {
"dns_servers": {
"description": "IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property.",
"items": {
"$ref": "IPAddress
},
"maxItems": 2,
"required": false,
"title": "DNS servers for subnet",
"type": "array"
},
"domain_names": {
"description": "Domain names for subnet.",
"items": {
"type": "string"
},
"required": false,
"title": "Domain names for subnet",
"type": "array"
},
"excluded_ranges": {
"description": "Excluded addresses to define dynamic ip allocation ranges.",
"items": {
"$ref": "IPElement
},
"maxItems": 128,
"minItems": 0,
"required": false,
"title": "Excluded range of IPv6 addresses",
"type": "array"
},
"lease_time": {
"default": 86400,
"description": "DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config.",
"maximum": 4294967295,
"minimum": 60,
"required": false,
"title": "DHCP lease time for subnet",
"type": "integer"
},
"preferred_time": {
"description": "The length of time that a valid address is preferred. When the preferred lifetime expires, the address becomes deprecated.",
"maximum": 4294967295,
"minimum": 60,
"required": false,
"title": "Preferred time",
"type": "integer"
},
"resource_type": {
"enum": [
"SegmentDhcpV4Config",
"SegmentDhcpV6Config"
],
"required": true,
"type": "string"
},
"server_address": {
"$ref": "IPCIDRBlock,
"description": "IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment.",
"required": false,
"title": "IP address of the DHCP server"
},
"sntp_servers": {
"description": "IPv6 address of SNTP servers for subnet.",
"items": {
"$ref": "IPv6Address
},
"maxItems": 2,
"required": false,
"title": "SNTP servers for subnet",
"type": "array"
}
},
"title": "DHCP configuration of IPv6 subnet in a segment",
"type": "object"
}
SegmentDiscoveryProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between discovery profile and Segment. Using this entity, user can specify intent for applying discovery profile to particular segments.",
"extends": {
"$ref": "DiscoveryProfileBindingMap
},
"id": "SegmentDiscoveryProfileBindingMap",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_discovery_profile_path": {
"description": "PolicyPath of associated IP Discovery Profile",
"required": false,
"title": "IP Discovery Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SegmentDiscoveryProfileBindingMap"
],
"relationshipType": "SEGMENT_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
}
]
},
"mac_discovery_profile_path": {
"description": "PolicyPath of associated Mac Discovery Profile",
"required": false,
"title": "Mac Discovery Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SegmentDiscoveryProfileBindingMap"
],
"relationshipType": "SEGMENT_BINDINGMAP_MACDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"MacDiscoveryProfile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Segment Discovery Profile binding map",
"type": "object"
}
SegmentDiscoveryProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "SegmentDiscoveryProfileBindingMapListRequestParameters",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Segment Discovery Profile Binding Map list request parameters",
"type": "object"
}
SegmentDiscoveryProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SegmentDiscoveryProfileBindingMapListResult",
"module_id": "PolicyDiscoveryProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SegmentDiscoveryProfileBindingMap
},
"required": true,
"title": "Segment Discovery Profile Binding Map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Segment Discovery Profile Binding Maps",
"type": "object"
}
SegmentExtraConfig (type)
{
"additionalProperties": false,
"description": "Segment extra config is intended for supporting vendor specific configuration on the data path, it can be set as key value string pairs on either segment or segment port.",
"id": "SegmentExtraConfig",
"module_id": "PolicyConnectivity",
"properties": {
"config_pair": {
"$ref": "UnboundedKeyValuePair,
"description": "Key value pair in string for the configuration.",
"required": true,
"title": "Key value pair in string for the configuration"
}
},
"title": "Vendor specific configuration on segment or Segment port",
"type": "object"
}
SegmentL2ForwarderSiteSpanInfo (type)
{
"additionalProperties": false,
"experimental": true,
"id": "SegmentL2ForwarderSiteSpanInfo",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"inter_site_forwarder_status": {
"description": "Inter-site forwarder status per node.",
"items": {
"$ref": "L2ForwarderStatusPerNode
},
"readonly": true,
"title": "Inter-site forwarder status per node",
"type": "array"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the L2 forwarder remote mac addresses was last updated.",
"readonly": true,
"required": true,
"title": "Last updated timestamp"
},
"remote_macs_per_site": {
"description": "L2 forwarder remote mac addresses per site for logical switch.",
"items": {
"$ref": "L2ForwarderRemoteMacsPerSite
},
"readonly": true,
"title": "L2 forwarder remote mac addresses per site",
"type": "array"
},
"segment_path": {
"description": "Policy path of a segment.",
"readonly": true,
"required": true,
"title": "Segment path",
"type": "string"
}
},
"type": "object"
}
SegmentListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "SegmentListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"segment_type": {
"enum": [
"DVPortgroup",
"ALL"
],
"title": "Segment type",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Segment list request parameters",
"type": "object"
}
SegmentListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SegmentListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Segment
},
"required": true,
"title": "Segment list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Segments",
"type": "object"
}
SegmentMacAddressListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SegmentMacAddressListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "MacTableEntry
},
"required": false,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "Transport node identifier",
"type": "string"
}
},
"type": "object"
}
SegmentMonitoringProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between monitoring profile and Segment. Using this entity, you can specify intent for applying monitoring profile to particular segment.",
"extends": {
"$ref": "MonitoringProfileBindingMap
},
"id": "SegmentMonitoringProfileBindingMap",
"module_id": "PolicyMonitoringProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ipfix_l2_profile_path": {
"description": "PolicyPath of associated IPFIX L2 Profile",
"required": false,
"title": "IPFIX L2 Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SegmentMonitoringProfileBindingMap"
],
"relationshipType": "IPFIX_L2_PROFILE_SEGMENT_BINDING_MAP_RELATIONSHIP",
"rightType": [
"IPFIXL2Profile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"port_mirroring_profile_path": {
"description": "PolicyPath of associated Port Mirroring Profile",
"required": false,
"title": "Port Mirroring Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SegmentMonitoringProfileBindingMap"
],
"relationshipType": "PORT_MIRRORING_PROFILE_SEGMENT_BINDING_MAP_RELATIONSHIP",
"rightType": [
"PortMirroringProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Segment Monitoring Profile binding map",
"type": "object"
}
SegmentPort (type)
{
"additionalProperties": false,
"description": "Policy port will create LogicalPort on LogicalSwitch corresponding to the Segment. Address bindings cannot be removed after realization.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "SegmentPort",
"module_id": "PolicyConnectivity",
"policy_hierarchical_children": [
"ChildPortDiscoveryProfileBindingMap",
"ChildPortQoSProfileBindingMap",
"ChildPortSecurityProfileBindingMap"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"address_bindings": {
"description": "Static address binding used for the port.",
"items": {
"$ref": "PortAddressBindingEntry
},
"maxItems": 512,
"required": false,
"title": "Address bindings for the port",
"type": "array"
},
"admin_state": {
"default": "UP",
"enum": [
"UP",
"DOWN"
],
"required": false,
"title": "Represents desired state of the segment port",
"type": "string"
},
"attachment": {
"$ref": "PortAttachment,
"description": "Only VIF attachment is supported",
"required": false,
"title": "VIF attachment"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"extra_configs": {
"description": "This property could be used for vendor specific configuration in key value string pairs. Segment port setting will override segment setting if the same key was set on both segment and segment port.",
"items": {
"$ref": "SegmentExtraConfig
},
"required": false,
"title": "Extra configs on segment port",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ignored_address_bindings": {
"description": "IP Discovery module uses various mechanisms to discover address bindings being used on each segment port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported.",
"items": {
"$ref": "PortAddressBindingEntry
},
"maxItems": 16,
"minItems": 0,
"required": false,
"title": "Address bindings to be ignored by IP Discovery module",
"type": "array"
},
"init_state": {
"description": "Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation, and cannot be modified. 'RESTORE_VIF' fetches and restores VIF attachment from ESX host.",
"enum": [
"UNBLOCKED_VLAN",
"RESTORE_VIF"
],
"required": false,
"title": "Initial state of this logical ports",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_id": {
"description": "ID populated by NSX when NSX on DVPG is used to indicate the source Distributed Virtual Port and the corresponding Distributed Virtual Switch. This ID is populated only for ports attached to discovered segments.",
"readonly": true,
"title": "ID of the distributed virtual port and the distributed virtual switch in the source vCenter",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"source_site_id": {
"description": "This field will refer to the source site on which the segment port is discovered. This field is populated by GM, when it receives corresponding notification from LM.",
"readonly": true,
"title": "source site(LM) id.",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy port object for segment",
"type": "object"
}
SegmentPortAttachmentState (type)
{
"additionalProperties": false,
"id": "SegmentPortAttachmentState",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"attachers": {
"items": {
"$ref": "PortAttacher
},
"readonly": true,
"required": false,
"title": "VM or vmknic entities that are attached to the Segment Port",
"type": "array"
},
"id": {
"readonly": true,
"required": false,
"title": "VIF ID",
"type": "string"
},
"state": {
"description": "A segment port must be in one of following states. FREE - If there are no active attachers. The port may or may not have an attachment ID configured on it. This state is applicable only to port of static type. ATTACHED - Segment port has exactly one active attacher and no further configuration is pending. ATTACHED_PENDING_CONF - Segment port has exactly one attacher, however it may not have been configured completely. Additional configuration will be provided by other nsx components. ATTACHED_IN_MOTION - Segment port has multiple active attachers. This state represents a scenario where VM is moving from one location (host or storage) to another (e.g. vmotion, vSphere HA) DETACHED - A temporary state after all port attachers have been detached. This state is applicable only to a port of ephemeral type and the port will soon be deleted.",
"enum": [
"FREE",
"ATTACHED",
"ATTACHED_PENDING_CONF",
"ATTACHED_IN_MOTION",
"DETACHED"
],
"readonly": true,
"required": true,
"title": "State of the VIF attached to Segment Port",
"type": "string"
}
},
"title": "VIF attachment state of a segment port",
"type": "object"
}
SegmentPortListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "SegmentPortListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SegmentPort list request parameters",
"type": "object"
}
SegmentPortListResult (type)
{
"additionalProperties": false,
"description": "List SegmentPort objects",
"extends": {
"$ref": "ListResult
},
"id": "SegmentPortListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Place holder for the list result",
"items": {
"$ref": "SegmentPort
},
"required": true,
"title": "SegmentPort list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of SegmentPort",
"type": "object"
}
SegmentPortMacAddressCsvListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CsvListResult
},
"id": "SegmentPortMacAddressCsvListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"results": {
"items": {
"$ref": "SegmentPortMacTableCsvEntry
},
"required": false,
"type": "array"
}
},
"type": "object"
}
SegmentPortMacAddressListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SegmentPortMacAddressListResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SegmentPortMacTableEntry
},
"required": false,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "Transport node identifier",
"type": "string"
}
},
"type": "object"
}
SegmentPortMacTableCsvEntry (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CsvRecord
},
"id": "SegmentPortMacTableCsvEntry",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"mac_address": {
"required": true,
"title": "The MAC address",
"type": "string"
},
"mac_type": {
"$ref": "MacAddressType,
"required": true,
"title": "The type of the MAC address"
}
},
"type": "object"
}
SegmentPortMacTableEntry (type)
{
"additionalProperties": false,
"id": "SegmentPortMacTableEntry",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"mac_address": {
"required": true,
"title": "The MAC address",
"type": "string"
},
"mac_type": {
"$ref": "MacAddressType,
"required": true,
"title": "The type of the MAC address"
}
},
"type": "object"
}
SegmentPortState (type)
{
"additionalProperties": false,
"description": "Contains realized state of the segment port. For example: transport node on which the port is located, discovered and realized address bindings of the port.",
"id": "SegmentPortState",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"attachment": {
"$ref": "SegmentPortAttachmentState,
"readonly": true,
"required": false,
"title": "Segment port attachment state"
},
"discovered_bindings": {
"description": "Contains the list of address bindings for a segment port that were automatically dicovered using various snooping methods like ARP, DHCP etc.",
"items": {
"$ref": "AddressBindingEntry
},
"title": "Segment port bindings discovered automatically",
"type": "array"
},
"duplicate_bindings": {
"description": "If any address binding discovered on the port is also found on other port on the same segment, then it is included in the duplicate bindings list along with the ID of the port with which it conflicts.",
"items": {
"$ref": "DuplicateAddressBindingEntry
},
"title": "Duplicate segment port address bindings",
"type": "array"
},
"realized_bindings": {
"description": "List of segment port bindings that are realized. This list may be populated from the discovered bindings or manual user specified bindings. This binding configuration can be used by features such as firewall, spoof-guard, traceflow etc.",
"items": {
"$ref": "AddressBindingEntry
},
"title": "Realized segment port bindings",
"type": "array"
},
"transport_node_ids": {
"items": {
"type": "string"
},
"required": false,
"title": "Identifiers of the transport nodes where the port is located",
"type": "array"
}
},
"title": "Realized state of the segment port on enforcement point",
"type": "object"
}
SegmentPortStatistics (type)
{
"additionalProperties": false,
"description": "Segment port statistics on specific Enforcement Point.",
"extends": {
"$ref": "LogicalPortStatistics
},
"id": "SegmentPortStatistics",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"dropped_by_firewall_packets": {
"$ref": "DfwDropCounters,
"readonly": true,
"required": false
},
"dropped_by_security_packets": {
"$ref": "PacketsDroppedBySecurity,
"readonly": true,
"required": false
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"logical_port_id": {
"readonly": true,
"required": true,
"title": "The id of the logical port",
"type": "string"
},
"mac_learning": {
"$ref": "MacLearningCounters,
"readonly": true,
"required": false
},
"rx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"rx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
}
},
"title": "Segment port statistics on specific Enforcement Point",
"type": "object"
}
SegmentPortStatus (type)
{
"additionalProperties": false,
"description": "Segment port status on specific Enforcement Point.",
"extends": {
"$ref": "LogicalPortOperationalStatus
},
"id": "SegmentPortStatus",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"logical_port_id": {
"readonly": true,
"required": true,
"title": "The id of the logical port",
"type": "string"
},
"status": {
"enum": [
"UP",
"DOWN",
"UNKNOWN"
],
"required": true,
"title": "The Operational status of the logical port",
"type": "string"
}
},
"title": "Segment port status on specific Enforcement Point",
"type": "object"
}
SegmentQoSProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between qos profile and Segment. Using this entity, you can specify intent for applying qos profile to particular segment.",
"extends": {
"$ref": "QoSProfileBindingMap
},
"id": "SegmentQoSProfileBindingMap",
"module_id": "PolicyQoSProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"qos_profile_path": {
"description": "PolicyPath of associated QoS Profile",
"required": false,
"title": "QoS Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SegmentQoSProfileBindingMap"
],
"relationshipType": "QOS_PROFILE_SEGMENT_BINDING_MAP_RELATIONSHIP",
"rightType": [
"QoSProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_name": [
"segment qos profile binding map"
],
"title": "Segment QoS Profile binding map",
"type": "object"
}
SegmentQoSProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "SegmentQoSProfileBindingMapListRequestParameters",
"module_id": "PolicyQoSProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Segment QoS Profile Binding Map list request parameters",
"type": "object"
}
SegmentQoSProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SegmentQoSProfileBindingMapListResult",
"module_id": "PolicyQoSProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SegmentQoSProfileBindingMap
},
"required": true,
"title": "Segment QoS Profile Binding Map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Segment QoS Profile Binding Maps",
"type": "object"
}
SegmentRequestParameter (type)
{
"additionalProperties": false,
"description": "Segment request parameter, used in hierarchical API.",
"extends": {
"$ref": "PolicyRequestParameter
},
"id": "SegmentRequestParameter",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "SegmentRequestParameter"
},
"properties": {
"force": {
"required": true,
"title": "Force segment update.",
"type": "boolean"
},
"resource_type": {
"description": "The type of this request parameter.",
"readonly": false,
"required": true,
"type": "string"
}
},
"title": "Segment request rarameter for HAPI",
"type": "object"
}
SegmentSecurityProfile (type)
{
"additionalProperties": false,
"description": "Security features extended by policy operations for securing logical segments.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "SegmentSecurityProfile",
"module_id": "PolicySegmentSecurity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"bpdu_filter_allow": {
"description": "Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering. List of allowed MACs - 01:80:c2:00:00:00, 01:80:c2:00:00:01, 01:80:c2:00:00:02, 01:80:c2:00:00:03, 01:80:c2:00:00:04, 01:80:c2:00:00:05, 01:80:c2:00:00:06, 01:80:c2:00:00:07, 01:80:c2:00:00:08, 01:80:c2:00:00:09, 01:80:c2:00:00:0a, 01:80:c2:00:00:0b, 01:80:c2:00:00:0c, 01:80:c2:00:00:0d, 01:80:c2:00:00:0e, 01:80:c2:00:00:0f, 00:e0:2b:00:00:00, 00:e0:2b:00:00:04, 00:e0:2b:00:00:06, 01:00:0c:00:00:00, 01:00:0c:cc:cc:cc, 01:00:0c:cc:cc:cd, 01:00:0c:cd:cd:cd, 01:00:0c:cc:cc:c0, 01:00:0c:cc:cc:c1, 01:00:0c:cc:cc:c2, 01:00:0c:cc:cc:c3, 01:00:0c:cc:cc:c4, 01:00:0c:cc:cc:c5, 01:00:0c:cc:cc:c6, 01:00:0c:cc:cc:c7",
"items": {
"$ref": "MACAddress
},
"maxItems": 32,
"minItems": 0,
"required": false,
"title": "Deactivate BPDU filtering on this allowlist",
"type": "array"
},
"bpdu_filter_enable": {
"default": true,
"description": "Indicates whether BPDU filter is enabled. BPDU filtering is enabled by default.",
"required": false,
"title": "BPDU filtering status",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_client_block_enabled": {
"default": false,
"description": "Filters DHCP server and/or client traffic. DHCP server blocking is activated and client blocking is deactivated by default.",
"required": false,
"title": "Enable DHCP client block",
"type": "boolean"
},
"dhcp_client_block_v6_enabled": {
"default": false,
"description": "Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is deactivated by default.",
"required": false,
"title": "Enable DHCP client block v6",
"type": "boolean"
},
"dhcp_server_block_enabled": {
"default": true,
"description": "Filters DHCP server and/or client traffic. DHCP server blocking is activated and client blocking is deactivated by default.",
"required": false,
"title": "Enable DHCP server block",
"type": "boolean"
},
"dhcp_server_block_v6_enabled": {
"default": true,
"description": "Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is deactivated by default.",
"required": false,
"title": "Enable DHCP server block v6",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"non_ip_traffic_block_enabled": {
"default": false,
"description": "A flag to block all traffic except IP/(G)ARP/BPDU.",
"required": false,
"title": "Enable non IP traffic block",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"ra_guard_enabled": {
"default": false,
"description": "Activate or deactivate Router Advertisement Guard.",
"required": false,
"title": "Enable Router Advertisement Guard",
"type": "boolean"
},
"rate_limits": {
"$ref": "TrafficRateLimits,
"description": "Allows configuration of rate limits for broadcast and multicast traffic. Rate limiting is deactivated by default",
"required": false,
"title": "Rate limiting configuration"
},
"rate_limits_enabled": {
"default": false,
"description": "Activate or deactivate Rate Limits",
"required": false,
"title": "Enable Rate Limits",
"type": "boolean"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_name": [
"security segment profile"
],
"title": "Segment Security Profile",
"type": "object"
}
SegmentSecurityProfileBindingMap (type)
{
"additionalProperties": false,
"description": "Contains the binding relationship between segment and security profile.",
"extends": {
"$ref": "SecurityProfileBindingMap
},
"id": "SegmentSecurityProfileBindingMap",
"module_id": "PolicySecurityProfileBinding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"segment_security_profile_path": {
"description": "The policy path of the asscociated Segment Security profile",
"required": false,
"title": "Segment Security Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SegmentSecurityProfileBindingMap"
],
"relationshipType": "SEGMENT_SECURITY_BINDING_MAP_SEGMENT_SECURITY_RELATIONSHIP",
"rightType": [
"SegmentSecurityProfile"
]
}
]
},
"spoofguard_profile_path": {
"description": "The policy path of the asscociated SpoofGuard profile",
"required": false,
"title": "SpoofGuard Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"SegmentSecurityProfileBindingMap"
],
"relationshipType": "SEGMENT_SECURITY_BINDING_MAP_SPOOFGUARD_RELATIONSHIP",
"rightType": [
"SpoofGuardProfile"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Security profile binding map for segment",
"type": "object"
}
SegmentSecurityProfileBindingMapListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "SegmentSecurityProfileBindingMapListRequestParameters",
"module_id": "PolicySecurityProfileBinding",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Segment security profile binding map request parameters",
"type": "object"
}
SegmentSecurityProfileBindingMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SegmentSecurityProfileBindingMapListResult",
"module_id": "PolicySecurityProfileBinding",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SegmentSecurityProfileBindingMap
},
"required": true,
"title": "Segment security profile binding map list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of segment security profile binding maps",
"type": "object"
}
SegmentSecurityProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "SegmentSecurityProfileListRequestParameters",
"module_id": "PolicySegmentSecurity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Segment security profile request parameters",
"type": "object"
}
SegmentSecurityProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SegmentSecurityProfileListResult",
"module_id": "PolicySegmentSecurity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SegmentSecurityProfile
},
"required": true,
"title": "Segment Security profile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of segment security profiles",
"type": "object"
}
SegmentStateRequestParameters (type)
{
"additionalProperties": false,
"description": "Request parameters that represents a segment path and enforcement_point_path.",
"extends": {
"$ref": "PolicyRuntimeRequestParameters
},
"id": "SegmentStateRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"configuration_state": {
"enum": [
"pending",
"in_progress",
"success",
"failed",
"partial_success",
"orphaned",
"unknown"
],
"required": false,
"title": "Configuration state of the segment on enforcement point",
"type": "string"
},
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
}
},
"title": "Request Parameters for Metadata Proxy Runtime Information",
"type": "object"
}
SegmentStatistics (type)
{
"additionalProperties": false,
"description": "Segment statistics on specific Enforcement Point.",
"extends": {
"$ref": "LogicalSwitchStatistics
},
"id": "SegmentStatistics",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"dropped_by_firewall_packets": {
"$ref": "DfwDropCounters,
"readonly": true,
"required": false
},
"dropped_by_security_packets": {
"$ref": "PacketsDroppedBySecurity,
"readonly": true,
"required": false
},
"last_update_timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the data was last updated; unset if data source has never updated the data.",
"readonly": true
},
"logical_switch_id": {
"readonly": true,
"required": true,
"title": "The id of the logical Switch",
"type": "string"
},
"mac_learning": {
"$ref": "MacLearningCounters,
"readonly": true,
"required": false
},
"nsxt_fp": {
"$ref": "FpCounters,
"description": "ENS/FC module for DP packet processing",
"readonly": true,
"required": false
},
"nsxt_swsec": {
"$ref": "SwsecCounters,
"description": "Switch Security provides stateless L2 and L3 security by checking, traffic to the logical switch and dropping unauthorized packets sent, from VMs",
"readonly": true,
"required": false
},
"nsxt_vdl2": {
"$ref": "Vdl2Counters,
"description": "Overlay Layer-2 module responsible for workload connectivity",
"readonly": true,
"required": false
},
"nsxt_vdrb": {
"$ref": "VdrbCounters,
"description": "Virtual Distributed Routing (VDR) routes packets on every ESX",
"readonly": true,
"required": false
},
"nsxt_vsip": {
"$ref": "VsipCounters,
"description": "VSIP provides Distributed Firewall capability",
"readonly": true,
"required": false
},
"nsxt_vswitch": {
"$ref": "VswitchCounters,
"description": "Virtual Switch is responsible for providing switching functionality",
"readonly": true,
"required": false
},
"rx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"rx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_bytes": {
"$ref": "DataCounter,
"readonly": true,
"required": false
},
"tx_packets": {
"$ref": "DataCounter,
"readonly": true,
"required": false
}
},
"title": "Segment statistics on specific Enforcement Point",
"type": "object"
}
SegmentSubnet (type)
{
"additionalProperties": false,
"id": "SegmentSubnet",
"module_id": "PolicyConnectivity",
"properties": {
"dhcp_config": {
"$ref": "SegmentDhcpConfig,
"description": "Additional DHCP configuration for current subnet.",
"required": false,
"title": "Additional DHCP configuration"
},
"dhcp_ranges": {
"description": "DHCP address ranges are used for dynamic IP allocation. Supports address range and CIDR formats. First valid host address from the first value is assigned to DHCP server IP address. Existing values cannot be deleted or modified, but additional DHCP ranges can be added.",
"items": {
"$ref": "IPElement
},
"maxItems": 99,
"minItems": 1,
"required": false,
"title": "DHCP address ranges for dynamic IP allocation",
"type": "array"
},
"gateway_address": {
"description": "Gateway IP address in CIDR format for both IPv4 and IPv6.",
"format": "ip-cidr-block",
"title": "Gateway IP address.",
"type": "string"
},
"network": {
"description": "Network CIDR for this subnet calculated from gateway_addresses and prefix_len.",
"readonly": true,
"title": "Network CIDR for subnet",
"type": "string"
}
},
"title": "Subnet configuration for segment",
"type": "object"
}
SelectableResourceReference (type)
{
"extends": {
"$ref": "ResourceReference
},
"id": "SelectableResourceReference",
"module_id": "ClusterRestore",
"properties": {
"is_valid": {
"description": "Will be set to false if the referenced NSX resource has been deleted.",
"readonly": true,
"required": false,
"title": "Target validity",
"type": "boolean"
},
"selected": {
"required": true,
"title": "Set to true if this resource has been selected to be acted upon",
"type": "boolean"
},
"target_display_name": {
"description": "Display name of the NSX resource.",
"maxLength": 255,
"readonly": true,
"required": false,
"title": "Target display name",
"type": "string"
},
"target_id": {
"description": "Identifier of the NSX resource.",
"maxLength": 64,
"readonly": false,
"required": false,
"title": "Target ID",
"type": "string"
},
"target_type": {
"description": "Type of the NSX resource.",
"maxLength": 255,
"readonly": false,
"required": false,
"title": "Target type",
"type": "string"
}
},
"title": "Resources to take action on",
"type": "object"
}
SelectiveSyncSettings (type)
{
"extends": {
"$ref": "ListResult
},
"id": "SelectiveSyncSettings",
"module_id": "DirectoryService",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enabled": {
"required": true,
"title": "Enable or disable SelectiveSync",
"type": "boolean"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"selected_org_units": {
"description": "If SelectiveSync is enabled, this contains 1 or more OrgUnits, which NSX will synchronize with in LDAP server. The full distiguished name (DN) should be used for OrgUnit. If SelectiveSync is disabled, do not define this or specify an empty list.",
"items": {
"type": "string"
},
"required": false,
"title": "Selected OrgUnits for SelectiveSync",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Directory domain selective sync settings",
"type": "object"
}
SelfResourceLink (type)
{
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"extends": {
"$ref": "ResourceLink
},
"id": "SelfResourceLink",
"module_id": "Common",
"properties": {
"action": {
"readonly": true,
"title": "Optional action",
"type": "string"
},
"href": {
"readonly": true,
"required": true,
"title": "Link to resource",
"type": "string"
},
"rel": {
"description": "Custom relation type (follows RFC 5988 where appropriate definitions exist)",
"readonly": true,
"required": true,
"title": "Link relation type",
"type": "string"
}
},
"title": "Link to this resource",
"type": "object"
}
SelfSignedActionParameter (type)
{
"additionalProperties": false,
"id": "SelfSignedActionParameter",
"module_id": "CertificateManager",
"properties": {
"days_valid": {
"default": 825,
"required": true,
"title": "Number of days the certificate will be valid, default 825 days",
"type": "integer"
}
},
"type": "object"
}
Service (type)
{
"description": "Used while defining a CommunicationEntry. A service may have multiple service entries.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Service",
"module_id": "Policy",
"policy_hierarchical_children": [
"ChildServiceEntry"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_default": {
"default": false,
"description": "The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted.",
"readonly": true,
"title": "Flag for default services",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"service_entries": {
"description": "Service entries for this service",
"items": {
"$ref": "ServiceEntry
},
"title": "Service type",
"type": "array"
},
"service_type": {
"title": "Type of service, ETHER or NON_ETHER",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains the information related to a service",
"type": "object"
}
ServiceEntry (type)
{
"abstract": true,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ServiceEntry",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"IPProtocolServiceEntry",
"IGMPTypeServiceEntry",
"ICMPTypeServiceEntry",
"ALGTypeServiceEntry",
"L4PortSetServiceEntry",
"EtherTypeServiceEntry",
"NestedServiceServiceEntry"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A Service entry that describes traffic",
"type": "object"
}
ServiceEntryListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "ServiceEntryListRequestParameters",
"module_id": "Policy",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Service entry list request parameters",
"type": "object"
}
ServiceEntryListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ServiceEntryListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ServiceEntry
},
"required": true,
"title": "Service entry list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Service entries",
"type": "object"
}
ServiceGateway (type)
{
"description": "Service Gateway serves as the default gateway for VPC.",
"id": "ServiceGateway",
"module_id": "PolicyVpc",
"properties": {
"auto_snat": {
"default": true,
"description": "Auto plumb snat rule for private subnet, this will make sure private subnets are routable outside of VPC. There will be one snat rule per VPC, translated ip will be taken from external ip block. If enabled, user must also configure external ip block. This property is applicable only when service_gateway is enabled.",
"required": false,
"title": "Auto plumb snat rule",
"type": "boolean"
},
"disable": {
"default": false,
"description": "Flag to deactivate service gateway for connected subnets. If false then VPC will support the following services: NAT, gateway security policies, and gateway QoS profile. If true, VPC will support only distributed services i.e., EW security policy. Workload shall be protected using the same. All traffic from subnets will be routed through the distributed router to the connected gateway and eliminates the intermediate hop of the service gateway.",
"required": false,
"title": "Flag to indicate if Gateway Service support is required or not. By default, service gateway is enabled.",
"type": "boolean"
},
"qos_config": {
"$ref": "GatewayQosProfileConfig,
"description": "QoS Profile configuration for VPC connected to the gateway. The profiles must be pre-created at the project level.",
"required": false,
"title": "Gateway QoS Profile configuration"
}
},
"title": "Service Gateway configuration",
"type": "object"
}
ServiceInstanceEndpoint (type)
{
"additionalProperties": false,
"description": "A ServiceInstanceEndpoint belongs to one ByodPolicyServiceInstance and is attached to one ServiceInterface. A ServiceInstanceEndpoint represents a redirection target for a RedirectionPolicy.",
"extends": {
"$ref": "BaseEndpoint
},
"id": "ServiceInstanceEndpoint",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "ServiceInstanceEndpoint"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"VirtualEndpoint",
"ServiceInstanceEndpoint"
],
"required": true,
"type": "string"
},
"service_interface_path": {
"description": "Path of Service Interface to which this ServiceInstanceEndpoint is connected.",
"readonly": false,
"required": true,
"title": "Service Interface path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ServiceInstanceEndpoint"
],
"relationshipType": "SERVICE_INSTANCE_ENDPOINT_SERVICE_INTERFACE_RELATIONSHIP",
"rightType": [
"ServiceInterface"
]
}
]
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"target_ips": {
"description": "IPs where either inbound or outbound traffic is to be redirected.",
"items": {
"$ref": "IPInfo
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "IP addresses to redirect the traffic to",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Service EndPoint for Byod Policy Service Instance",
"type": "object"
}
ServiceInterface (type)
{
"additionalProperties": false,
"description": "Service interface configuration for internal connectivity.",
"extends": {
"$ref": "BaseTier0Interface
},
"id": "ServiceInterface",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_relay_path": {
"description": "Policy path of dhcp-relay-config to be attached to this Interface.",
"required": false,
"title": "policy path of referenced dhcp-relay-config",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0Interface",
"Tier1Interface"
],
"relationshipType": "DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"subnets": {
"description": "Specify IP address and network prefix for interface.",
"items": {
"$ref": "InterfaceSubnet
},
"minItems": 1,
"required": true,
"title": "IP address and subnet specification for interface",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Service interface configuration",
"type": "object"
}
ServiceInterfaceListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ServiceInterfaceListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "ServiceInterface
},
"required": true,
"title": "Service Interface list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Service Interfaces",
"type": "object"
}
ServiceListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "ServiceListRequestParameters",
"module_id": "Policy",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"default_service": {
"description": "If set to true, then it will display only default services. If set to false, then it will display all user defined services. If it is not provided, then complete (default as well as user defined) list of services will be displayed.",
"title": "Fetch all default services",
"type": "boolean"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Service list request parameters",
"type": "object"
}
ServiceListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "ServiceListResult",
"module_id": "Policy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Service
},
"required": true,
"title": "Service list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Services",
"type": "object"
}
ServiceReference (type)
{
"description": "An anchor object representing the intent to consume a given 3rd party service.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ServiceReference",
"module_id": "PolicyServiceInsertion",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "A Service's operational state can be enabled or disabled. Note that would work only for NetX type of services and would not work for Guest Introsp- ection type of Services. TRUE - The Service should be enabled FALSE - The Service should be disabled",
"readonly": false,
"required": false,
"title": "Operational state of the Service.",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"partner_service_name": {
"description": "Unique name of Partner Service to be consumed for redirection.",
"required": true,
"title": "Name of Partner Service",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "An anchor object representing the intent to consume a given 3rd party service.",
"type": "object"
}
ServiceSegment (type)
{
"additionalProperties": false,
"description": "Service Segment configuration to attach Service Insertion VM.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ServiceSegment",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"lr_paths": {
"description": "Policy paths of logical routers or ports | to which this Service Segment can be connected.",
"items": {
"type": "string"
},
"required": false,
"title": "Policy paths of logical routers",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ServiceSegment"
],
"relationshipType": "SERVICE_SEGMENT_TO_LR_RELATIONSHIP",
"rightType": [
"Tier1",
"Tier0"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transport_zone_path": {
"description": "Policy path to transport zone. Only overlay transport zone is supported.",
"required": true,
"title": "Policy path to the transport zone",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ServiceSegment"
],
"relationshipType": "SERVICE_SEGMENT_TO_TRANSPORT_ZONE_RELATIONSHIP",
"rightType": [
"PolicyTransportZone"
]
}
]
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Service Segment configuration",
"type": "object"
}
ServiceType (type)
{
"enum": [
"MGMT_CLUSTER",
"MGMT_PLANE",
"API",
"NOTIFICATION_COLLECTOR",
"SYSLOG_SERVER",
"RSYSLOG_CLIENT",
"APH",
"APH_TN",
"GLOBAL_MANAGER",
"LOCAL_MANAGER",
"CLIENT_AUTH",
"RMQ",
"K8S_MSG_CLIENT",
"WEB_PROXY",
"CBM_API",
"CBM_CCP",
"CBM_CSM",
"CBM_MP",
"CBM_GM",
"CBM_AR",
"CBM_MONITORING",
"CBM_IDPS_REPORTING",
"CBM_CM_INVENTORY",
"CBM_MESSAGING_MANAGER",
"CBM_UPGRADE_COORDINATOR",
"CBM_SITE_MANAGER",
"CBM_CLUSTER_MANAGER",
"CBM_CORFU",
"COMPUTE_MANAGER",
"CCP",
"ANALYTICS_AGENT",
"ANALYTICS_KAFKA",
"NAPP_COMMON_AGENT",
"NAPP_PACE_AGENT",
"NAPP_METRICS_AGENT"
],
"id": "ServiceType",
"module_id": "CertificateManager",
"title": "Supported service types, that are using certificates.",
"type": "string"
}
SessionAuthenticationCredentials (type)
{
"description": "Username and password used to obtain a session cookie.",
"id": "SessionAuthenticationCredentials",
"module_id": "AAA",
"properties": {
"j_password": {
"description": "Password to use when authenticating.",
"required": true,
"title": "Password",
"type": "string"
},
"j_username": {
"description": "User name to authenticate as.",
"required": true,
"title": "User name",
"type": "string"
}
},
"title": "Credentials used to authenticate to NSX",
"type": "object"
}
SessionLoginCredential (type)
{
"additionalProperties": false,
"description": "Details of session based login credential to login to server.",
"extends": {
"$ref": "LoginCredential
},
"id": "SessionLoginCredential",
"module_id": "Types",
"polymorphic-type-descriptor": {
"type-identifier": "SessionLoginCredential"
},
"properties": {
"credential_type": {
"description": "Possible values are 'UsernamePasswordLoginCredential', 'VerifiableAsymmetricLoginCredential', 'SessionLoginCredential'.",
"required": true,
"title": "Login credential, for example username-password-thumbprint, certificate or session based, etc",
"type": "string"
},
"session_id": {
"description": "The session_id to login to server.",
"readonly": false,
"required": false,
"sensitive": true,
"title": "The session_id to login to server",
"type": "secure_string"
},
"thumbprint": {
"description": "Thumbprint of the login server.",
"readonly": false,
"required": false,
"title": "Thumbprint of the login server",
"type": "string"
}
},
"title": "A login credential specifying session_id",
"type": "object"
}
SessionTimerProfileBindingListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SessionTimerProfileBindingListResult",
"module_id": "PolicyProfile",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SessionTimerProfileBindingMap
},
"required": true,
"title": "Session timer profile binding maps list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of session timer profile binding maps",
"type": "object"
}
SessionTimerProfileBindingMap (type)
{
"additionalProperties": false,
"description": "This entity will be used to establish association between Session Timer profile and Logical Routers.",
"extends": {
"$ref": "ProfileBindingMap
},
"id": "SessionTimerProfileBindingMap",
"module_id": "PolicyProfile",
"polymorphic-type-descriptor": {
"type-identifier": "SessionTimerProfileBindingMap"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profile_path": {
"description": "PolicyPath of associated Profile",
"required": true,
"title": "Profile Path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"GroupDiscoveryProfileBindingMap"
],
"relationshipType": "GROUP_BINDINGMAP_IPDISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
},
{
"leftType": [
"PolicyFirewallFloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"FloodProtectionProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FloodProtectionProfile"
]
},
{
"leftType": [
"PolicyFirewallCPUMemThresholdsProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"FirewallCPUMemoryThresholdsProfile"
]
},
{
"leftType": [
"SessionTimerProfileBindingMap"
],
"relationshipType": "PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyFirewallSessionTimerProfile"
]
},
{
"leftType": [
"DnsSecurityProfileBindingMap"
],
"relationshipType": "DNS_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"DnsSecurityProfile"
]
},
{
"leftType": [
"GeneralSecurityProfileBindingMap"
],
"relationshipType": "GATEWAY_GENERAL_SECURITY_PROFILE_BINDING_MAP_PROFILE_RELATIONSHIP",
"rightType": [
"GeneralSecurityProfile"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy Session Timer Profile binding map",
"type": "object"
}
SetFields (type)
{
"additionalProperties": false,
"description": "Set Fields is an action to set fields of the source event.",
"extends": {
"$ref": "Action
},
"id": "SetFields",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"type-identifier": "SetFields"
},
"properties": {
"field_settings": {
"description": "Field Settings.",
"items": {
"$ref": "FieldSetting
},
"minItems": 1,
"title": "Field Settings",
"type": "array"
},
"resource_type": {
"description": "Reaction Action resource type.",
"enum": [
"PatchResources",
"SetFields"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Set Fields",
"type": "object"
}
SetInterSiteAphCertificateRequest (type)
{
"additionalProperties": false,
"id": "SetInterSiteAphCertificateRequest",
"module_id": "CertificateManager",
"properties": {
"cert_id": {
"description": "ID of the certificate that is already imported.",
"readonly": true,
"required": true,
"title": "Certificate ID",
"type": "string"
},
"used_by_id": {
"description": "ID of the node that this certificate is used on.",
"readonly": true,
"required": true,
"title": "Node ID",
"type": "string"
}
},
"title": "Data for setting Appliance Proxy certificate for inter-site communication",
"type": "object"
}
SetPrincipalIdentityCertificateForFederationRequest (type)
{
"additionalProperties": false,
"id": "SetPrincipalIdentityCertificateForFederationRequest",
"module_id": "CertificateManager",
"properties": {
"cert_id": {
"description": "Id of the certificate",
"readonly": true,
"required": true,
"type": "string"
},
"service_type": {
"$ref": "PIServiceType,
"description": "Service type for which the certificate should be used.",
"readonly": true,
"required": true
}
},
"title": "Data for setting a principal identity certificate",
"type": "object"
}
SftpProtocol (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Protocol
},
"id": "SftpProtocol",
"polymorphic-type-descriptor": {
"type-identifier": "sftp"
},
"properties": {
"authentication_scheme": {
"$ref": "PasswordAuthenticationScheme,
"required": true,
"title": "Scheme to authenticate if required"
},
"host_key_algorithms": {
"default": [
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521"
],
"description": "Supported host key algorithms for SSH/SFTP connection.<br /> <i>Algorithms are preferred in the order they are specified in list.</i>",
"items": {
"$ref": "HostKeyAlgorithms
},
"minItems": 1,
"required": false,
"title": "Host key algorithms",
"type": "array"
},
"name": {
"enum": [
"http",
"https",
"scp",
"sftp"
],
"required": true,
"title": "Protocol name",
"type": "string"
},
"ssh_fingerprint": {
"required": true,
"title": "SSH fingerprint of server",
"type": "string"
}
},
"type": "object"
}
ShaDynamicPlugin (type)
{
"additionalProperties": false,
"description": "Define a kind of Dynamic Sha plugin.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ShaDynamicPlugin",
"module_id": "PolicySha",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_to_group_path": {
"description": "The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"title": "Binding Policy group path",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_plugin_uploaded": {
"description": "Flag to show the dynamic plugin zip file is uploaded.",
"readonly": true,
"title": "Flag to show the dynamic plugin status",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Sha dynamic Plugin",
"type": "object"
}
ShaDynamicPluginProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ShaPluginProfile
},
"id": "ShaDynamicPluginProfile",
"module_id": "PolicySha",
"polymorphic-type-descriptor": {
"type-identifier": "DynamicPlugin"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_to_group_path": {
"description": "The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"required": false,
"title": "Binding Policy group path",
"type": "string"
},
"applied_to_ua": {
"description": "The on-off switch of System Health Plugin on UA cluster nodes.",
"required": false,
"title": "Plugin Enablement Flag on UA cluster nodes",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"config": {
"description": "Define the plugin configuration.",
"required": true,
"title": "Plugin configuration",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"description": "The on-off switch of System Health Plugin",
"required": true,
"title": "Plugin Enablement Flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"plugin_path": {
"description": "The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"required": true,
"title": "Plugin path",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "ShaPluginType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Dynamic created plugin profile",
"type": "object"
}
ShaPluginProfile (type)
{
"abstract": true,
"additionalProperties": false,
"description": "The ShaPluginProfile is the base class for System Health plugin profile",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ShaPluginProfile",
"module_id": "PolicySha",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_to_group_path": {
"description": "The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"required": false,
"title": "Binding Policy group path",
"type": "string"
},
"applied_to_ua": {
"description": "The on-off switch of System Health Plugin on UA cluster nodes.",
"required": false,
"title": "Plugin Enablement Flag on UA cluster nodes",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"description": "The on-off switch of System Health Plugin",
"required": true,
"title": "Plugin Enablement Flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"plugin_path": {
"description": "The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"required": true,
"title": "Plugin path",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "ShaPluginType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Abstract base type for System Health plugin profile of different types",
"type": "object"
}
ShaPluginType (type)
{
"enum": [
"PredefinedPlugin",
"DynamicPlugin",
"SystemPlugin"
],
"id": "ShaPluginType",
"module_id": "PolicySha",
"title": "Valid System Health plugin types",
"type": "string"
}
ShaPredefinedPlugin (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "ShaPredefinedPlugin",
"module_id": "PolicySha",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"config": {
"$ref": "ShaPredefinedPluginProfileData,
"description": "Define the plugin configurtion detail.",
"readonly": true,
"title": "Plugin configuration"
},
"delay_on_reboot": {
"description": "The corresponding plugin will wait for config seconds after reboot.",
"readonly": true,
"title": "The delay after reboot",
"type": "integer"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"description": "The on-off switch of Sha plugin",
"readonly": true,
"title": "Profile Enablement Flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pre_req_conditions": {
"description": "Display the pre-req conditions to run the predefined plugin.",
"items": {
"$ref": "PreReqCondition
},
"readonly": true,
"title": "The pre-req conditions",
"type": "array"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"supported_node_types": {
"description": "Display the running node types of predefined plugin.",
"items": {
"$ref": "NsxtNodeType
},
"readonly": true,
"title": "The supported node types",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "System pre-defined plugin config",
"type": "object"
}
ShaPredefinedPluginProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ShaPluginProfile
},
"id": "ShaPredefinedPluginProfile",
"module_id": "PolicySha",
"polymorphic-type-descriptor": {
"type-identifier": "PredefinedPlugin"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_to_group_path": {
"description": "The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"required": false,
"title": "Binding Policy group path",
"type": "string"
},
"applied_to_ua": {
"description": "The on-off switch of System Health Plugin on UA cluster nodes.",
"required": false,
"title": "Plugin Enablement Flag on UA cluster nodes",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"config": {
"$ref": "ShaPredefinedPluginProfileData,
"description": "Define the plugin configuration.",
"required": true,
"title": "Plugin configuration"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"description": "The on-off switch of System Health Plugin",
"required": true,
"title": "Plugin Enablement Flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"plugin_path": {
"description": "The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"required": true,
"title": "Plugin path",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "ShaPluginType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "System predefined plugin profile",
"type": "object"
}
ShaPredefinedPluginProfileData (type)
{
"additionalProperties": false,
"description": "Describes a config item for System Health profile.",
"id": "ShaPredefinedPluginProfileData",
"module_id": "PolicySha",
"properties": {
"check_interval": {
"description": "The interval of plugin to check the status.",
"title": "The check interval",
"type": "integer"
},
"desired_crash": {
"description": "Whether crash the component which spew too much log",
"required": false,
"title": "The desired crash",
"type": "boolean"
},
"desired_duration": {
"description": "The expected rotation of logging",
"required": false,
"title": "The desired duration",
"type": "integer"
},
"granular_desired_duration": {
"description": "The expected rotation for each log",
"required": false,
"title": "The granular desired duration",
"type": "string"
},
"report_interval": {
"description": "The interval of plugin to report the status.",
"title": "The report interval",
"type": "integer"
},
"smallest_report_interval_if_change": {
"description": "The smallest report interval if the status is changed. The value of smallest_report_interval_if_change should be less than the value of report_interval",
"title": "The smallest report interval",
"type": "integer"
},
"threshold": {
"description": "The threshold to alarm logging report",
"required": false,
"title": "The threshold",
"type": "integer"
}
},
"title": "System Health Plugin Config Item",
"type": "object"
}
ShaSystemPluginProfile (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ShaPluginProfile
},
"id": "ShaSystemPluginProfile",
"module_id": "PolicySha",
"polymorphic-type-descriptor": {
"type-identifier": "SystemPlugin"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"applied_to_group_path": {
"description": "The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"required": false,
"title": "Binding Policy group path",
"type": "string"
},
"applied_to_ua": {
"description": "The on-off switch of System Health Plugin on UA cluster nodes.",
"required": false,
"title": "Plugin Enablement Flag on UA cluster nodes",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"config": {
"description": "Define the plugin configuration.",
"required": true,
"title": "Plugin configuration",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"description": "The on-off switch of System Health Plugin",
"required": true,
"title": "Plugin Enablement Flag",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"plugin_path": {
"description": "The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.",
"required": true,
"title": "Plugin path",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"$ref": "ShaPluginType,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "System plugin profile",
"type": "object"
}
Share (type)
{
"additionalProperties": false,
"description": "A Share is a container that shares all its contents represented by associated SharedResource entities with Orgs or Projects represented using the 'sharedWith' property. Default share object is created by the system which is shared with all the orgs and projects by default. Id of default share object is default. Also, default share object per org/project will also be created as part of org/project creation workflow. Id of org share object will be \"<org-id>\", but for default org it is \"default-org-share\". Id of project share object will be \"<org-id>-<project-id>\" (ex: org1-project1).",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Share",
"module_id": "PolicyShare",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sharedWith": {
"description": "Represents and array of the paths of the contexts (Org or Project) to which the contents of this share should be shared.",
"items": {
"type": "string"
},
"minItems": 1,
"required": true,
"title": "Path of the context",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Share"
],
"relationshipType": "SHARE_RELATIONSHIP",
"rightType": [
"Org",
"Project",
"Vpc"
]
}
]
},
"sharing_strategy": {
"default": "NONE_DESCENDANTS",
"description": "Strategy used to decide to which shareWith the contents of the share should be shared. Project is descendant of Org. Vpc is descendant of Project. ALL_DESCENDANTS - Share with the shareWith path and all it's descendants. NONE_DESCENDANTS - Share with the shareWith path only and not its descendants. (Default)",
"enum": [
"NONE_DESCENDANTS",
"ALL_DESCENDANTS"
],
"required": false,
"title": "Sharing Strategy",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Share",
"type": "object"
}
SharedResource (type)
{
"additionalProperties": false,
"description": "A SharedResource is a child of the resource that needs to be shared. Where the resoruce is shared is determined by the Share instance to which this shared resource refers. Default shared resource under default share object is created by the system. All the resources under default shared resources will be available for consumption to all the orgs/projects by default. Shared Resource for specific org will be available for consumption for that particular org only.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "SharedResource",
"module_id": "PolicyShare",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_objects": {
"description": "Represents the path and other properties of the resource to be shared. The entity represented by this shared resource is shared with all the Orgs or Projects contexts that the Share container references.",
"items": {
"$ref": "ResourceObject
},
"minItems": 1,
"required": true,
"title": "Path of the resource to be shared",
"type": "array"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"share_shared_with": {
"description": "Read only field. Shows subset (shared-with-me API context) of sharedWith used in Share.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Share's Shared With",
"type": "array"
},
"share_sharing_strategy": {
"description": "Read only field. Shows sharing strategy used in Share.",
"readonly": true,
"required": false,
"title": "Share's Sharing Strategy",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy Shared resource",
"type": "object"
}
Site (type)
{
"additionalProperties": false,
"description": "Site represents an NSX deployment having its own set of NSX clusters and transport nodes. It may correspond to a Data Center, VMC deployment, or NSX-Cloud deployment managed via CSM.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Site",
"module_id": "PolicyEnforcementPointManagement",
"policy_hierarchical_children": [
"ChildEnforcementPoint"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"fail_if_rtep_misconfigured": {
"default": true,
"description": "Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail.",
"title": "Fail onboarding if RTEPs misconfigured",
"type": "boolean"
},
"fail_if_rtt_exceeded": {
"default": true,
"description": "Fail onboarding if maximum RTT exceeded.",
"title": "Fail onboarding if maximum RTT exceeded",
"type": "boolean"
},
"federation_config": {
"$ref": "GmFederationSiteConfig,
"description": "System managed federation config.",
"readonly": true,
"title": "Federation releated config"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"maximum_rtt": {
"default": 250,
"description": "If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.",
"maximum": 1000,
"minimum": 0,
"title": "Maximum acceptable packet round trip time (RTT)",
"type": "integer"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"site_connection_info": {
"description": "To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate.",
"items": {
"$ref": "SiteNodeConnectionInfo
},
"maxItems": 3,
"title": "Connection information",
"type": "array"
},
"site_number": {
"readonly": true,
"title": "12-bit system generated site number",
"type": "integer"
},
"site_type": {
"description": "The site_type property identifies type of current site.",
"enum": [
"ONPREM_LM",
"SDDC_LM"
],
"required": false,
"title": "Persistent Site Type",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Site",
"type": "object"
}
SiteActionParameters (type)
{
"additionalProperties": false,
"description": "If force=true then site will be deleted even if not reachable. NOTE - Use this with caution as Global Manager will go ahead and offboard the site forcefully.",
"id": "SiteActionParameters",
"module_id": "PolicySiteGM",
"properties": {
"force": {
"required": false,
"type": "boolean"
}
},
"title": "Paramters for Site delete operation",
"type": "object"
}
SiteAllocationIndexForEdge (type)
{
"additionalProperties": false,
"description": "Index for cross site allocation for edge cluster and its members referred by gateway.",
"id": "SiteAllocationIndexForEdge",
"module_id": "PolicyConnectivity",
"properties": {
"index": {
"description": "Unqiue edge cluster node index across sites based on stretch of the Gateway. For example, if a Gateway is streched to sites S1 with one edge cluster of 3 nodes and site S2 with one edge cluster of 2 nodes, the in the Global Manager will allocate the index for 5 edge nodes and 2 cluster in the rage 0 to 7.",
"readonly": true,
"title": "Unique index across sites for gateway span",
"type": "integer"
},
"target_resource_path": {
"readonly": true,
"title": "Edge cluster or edge node path",
"type": "string"
}
},
"title": "Allocation index for edge\n",
"type": "object"
}
SiteCleanupPending (type)
{
"additionalProperties": false,
"description": "SiteCleanupPending contains information about the resource cleanup from sites.",
"id": "SiteCleanupPending",
"module_id": "GmSiteCleanupPending",
"properties": {
"marked_for_delete": {
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted.",
"readonly": true,
"title": "Indicates whether the resource is marked for deletion",
"type": "boolean"
},
"pending_sites": {
"description": "List of SpanSiteInfos representing the strech of the entity.",
"items": {
"$ref": "SpanSiteInfo
},
"readonly": true,
"title": "List of SpanSiteInfos",
"type": "array"
},
"resource_path": {
"description": "Policy resource which is either marked for delete or in process of deletion from site.",
"readonly": true,
"title": "Policy path of an resource.",
"type": "string"
}
},
"title": "Details for cleanup of resource.",
"type": "object"
}
SiteCleanupPendingListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "SiteCleanupPendingListRequestParameters",
"module_id": "GmSiteCleanupPending",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"intent_path": {
"description": "String Path of a resource. Can pass multiple values.",
"required": false,
"title": "String Path of a resource.",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SiteCleanupPending list request parameters",
"type": "object"
}
SiteCleanupPendingListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SiteCleanupPendingListResult",
"module_id": "GmSiteCleanupPending",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SiteCleanupPending
},
"readonly": true,
"title": "SiteCleanupPending list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of SiteCleanupPending",
"type": "object"
}
SiteCompatibilityInfo (type)
{
"id": "SiteCompatibilityInfo",
"module_id": "SiteManagerModule",
"properties": {
"compatibility_list": {
"items": {
"type": "string"
},
"title": "Compatibility list",
"type": "array"
},
"site_version": {
"title": "Site version",
"type": "string"
}
},
"type": "object"
}
SiteFederationConfig (type)
{
"additionalProperties": false,
"description": "Site fedeation configuration.",
"id": "SiteFederationConfig",
"module_id": "PolicySiteGM",
"properties": {
"rtep_ips": {
"items": {
"$ref": "IPAddress
},
"readonly": true,
"title": "Remote tunnel endpoint IP addresses",
"type": "array"
},
"site_id": {
"readonly": true,
"title": "Site UUID",
"type": "string"
},
"site_index": {
"readonly": true,
"title": "Unique site index allocated (from range 0-4095)",
"type": "integer"
},
"site_path": {
"readonly": true,
"title": "Site path",
"type": "string"
}
},
"title": "Site fedeation configuration",
"type": "object"
}
SiteInfo (type)
{
"additionalProperties": false,
"description": "Information related to Sites applicable for given Org.",
"id": "SiteInfo",
"module_id": "PolicyOrg",
"properties": {
"edge_cluster_paths": {
"description": "The edge cluster on which the networking elements for the Org will be created. In case of Label, it should have reference of Edge cluster path.",
"items": {
"type": "string"
},
"title": "PolicyPath of the edge cluster or label",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_EDGE_CLUSTER_RELATIONSHIP",
"rightType": [
"PolicyEdgeCluster"
]
},
{
"leftType": [
"Project"
],
"relationshipType": "PROJECT_EDGE_CLUSTER_RELATIONSHIP",
"rightType": [
"PolicyEdgeCluster"
]
},
{
"leftType": [
"Project"
],
"relationshipType": "PROJECT_EDGE_CLUSTER_LABEL_RELATIONSHIP",
"rightType": [
"Label"
]
},
{
"leftType": [
"Project"
],
"relationshipType": "VPC_EDGE_CLUSTER_LABEL_RELATIONSHIP",
"rightType": [
"Label"
]
}
]
},
"site_path": {
"description": "This represents the path of the site which is managed by Global Manager. For the local manager, if set, this needs to point to 'default'.",
"required": false,
"title": "PolicyPath of the site",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Org"
],
"relationshipType": "TENANT_SITE_RELATIONSHIP",
"rightType": [
"Site"
]
},
{
"leftType": [
"Project"
],
"relationshipType": "PROJECT_SITE_RELATIONSHIP",
"rightType": [
"Site"
]
},
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_SITE_RELATIONSHIP",
"rightType": [
"Site"
]
}
]
},
"transport_zone_paths": {
"description": "This represents the path of the transport zone on which elements of the project will be created. If not provided, this field is set to the path of the default transport zone for the associated site. Transport zone cannot be modified.",
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "PolicyPath of the transport zone",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Org"
],
"relationshipType": "PROJECT_TRANSPORT_ZONE_RELATIONSHIP",
"rightType": [
"Site"
]
}
]
}
},
"title": "Site information",
"type": "object"
}
SiteListRequestParameters (type)
{
"additionalProperties": false,
"description": "Site list request parameters.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "SiteListRequestParameters",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Site List Request Parameters",
"type": "object"
}
SiteListResult (type)
{
"additionalProperties": false,
"description": "Paged Collection of Sites.",
"extends": {
"$ref": "ListResult
},
"id": "SiteListResult",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Site list result.",
"items": {
"$ref": "Site
},
"required": true,
"title": "Site List Result",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Sites",
"type": "object"
}
SiteNodeConnectionInfo (type)
{
"additionalProperties": false,
"description": "Credential info to connect to a node in the federated remote site.",
"id": "SiteNodeConnectionInfo",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"fqdn": {
"description": "Please specify the fqdn of the Management Node of your site.",
"title": "Fully Qualified Domain Name of the Management Node",
"type": "string"
},
"password": {
"description": "Password to connect to Site's Local Manager.",
"sensitive": true,
"title": "Password",
"type": "secure_string"
},
"site_uuid": {
"description": "Site UUID supplied for connection info",
"title": "id of Site",
"type": "string"
},
"thumbprint": {
"description": "Thumbprint of Site's Local Manager in the form of a SHA-256 hash represented in lower case HEX.",
"title": "Thumbprint of Enforcement Point",
"type": "string"
},
"username": {
"description": "Username to connect to Site's Local Manager.",
"title": "Username",
"type": "string"
}
},
"title": "Site Node Connection Info",
"type": "object"
}
SiteOnboardingPreference (type)
{
"additionalProperties": false,
"description": "User onboarding preference for site.",
"extends": {
"$ref": "ManagedResource
},
"id": "SiteOnboardingPreference",
"module_id": "GmConfigOnboarding",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ignore_import": {
"description": "Represents user's decision to ignore onboarding option for a site. User will not be shown onboarding message or will failing onboarding when ignore status is set to 'true'.",
"readonly": true,
"required": true,
"title": "Ignore Import Preference",
"type": "boolean"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"site_id": {
"description": "Unique site identifier.",
"readonly": true,
"required": false,
"title": "Site Identifier",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "User Onboarding Preference",
"type": "object"
}
SiteOverride (type)
{
"additionalProperties": false,
"description": "IPSecVPN site specific attributes specified only on GM. This allows user to specify site specific parameters which overrides the correspondig attributes in the IPSecVpnSession Object.",
"id": "SiteOverride",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"local_endpoint_path": {
"description": "Policy path referencing Local endpoint.",
"required": true,
"title": "Local endpoint path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"IpSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_LOCAL_ENDPOINT_RELATIONSHIP",
"rightType": [
"IPSecVpnLocalEndpoint"
]
}
]
},
"locale_service_path": {
"description": "Policy path referencing LocateService where SiteOverride attributes will be applied",
"required": true,
"title": "Locale service policy path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"IpSecVpnSession"
],
"relationshipType": "IPSEC_VPN_SESSION_LOCALE_SERVICE_RELATIONSHIP",
"rightType": [
"LocaleServices"
]
}
]
},
"peer_address": {
"$ref": "IPAddress,
"description": "Public IPV4 or IPV6 address of the remote device terminating the VPN connection. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.",
"required": true,
"title": "IPV4 or IPV6 address of peer endpoint on remote site"
},
"peer_id": {
"description": "Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.",
"required": true,
"title": "Peer id",
"type": "string"
},
"tunnel_interfaces": {
"description": "IP Tunnel interfaces. This property is mandatory for RouteBasedIpSecVpn session.",
"items": {
"$ref": "IPSecVpnTunnelInterface
},
"maxItems": 1,
"minItems": 1,
"required": false,
"title": "IP Tunnel interfaces",
"type": "array"
}
},
"title": "IPSecVpn Site Override Parameters",
"type": "object"
}
SiteRequestParameter (type)
{
"description": "User can get flow details from the Site where API invoked to a given Site by specifying the Site policy path.",
"id": "SiteRequestParameter",
"module_id": "FederationObservability",
"properties": {
"site_path": {
"required": false,
"title": "Policy path of the Site object",
"type": "string"
}
},
"title": "Request parameter to get flow to a given Site",
"type": "object"
}
SiteStatus (type)
{
"id": "SiteStatus",
"module_id": "SiteManagerModule",
"properties": {
"site_name": {
"required": true,
"title": "Site name",
"type": "string"
},
"stubs": {
"items": {
"$ref": "StubStatus
},
"title": "Connection status",
"type": "array"
}
},
"type": "object"
}
SnmpServiceProperties (type)
{
"additionalProperties": false,
"id": "SnmpServiceProperties",
"module_id": "CentralNodeConfig",
"properties": {
"communities": {
"items": {
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "SNMP v1, v2c community strings",
"type": "array"
},
"start_on_boot": {
"required": true,
"title": "Start when system boots",
"type": "boolean"
},
"v2_configured": {
"readonly": true,
"title": "SNMP v2 is configured or not",
"type": "boolean"
},
"v3_auth_protocol": {
"default": "SHA1",
"enum": [
"SHA1"
],
"required": true,
"title": "SNMP v3 auth protocol",
"type": "string"
},
"v3_configured": {
"readonly": true,
"title": "SNMP v3 is configured or not",
"type": "boolean"
},
"v3_priv_protocol": {
"default": "AES128",
"enum": [
"AES128"
],
"required": true,
"title": "SNMP v3 private protocol",
"type": "string"
},
"v3_users": {
"description": "SNMP v3 users information",
"items": {
"$ref": "SnmpV3User
},
"maxItems": 1,
"title": "V3 users",
"type": "array"
}
},
"title": "SNMP Service properties",
"type": "object"
}
SnmpV3User (type)
{
"description": "SNMP v3 user properties",
"id": "SnmpV3User",
"module_id": "CentralNodeConfig",
"properties": {
"auth_password": {
"description": "SNMP v3 user auth password",
"required": false,
"sensitive": true,
"title": "Auth password",
"type": "secure_string"
},
"priv_password": {
"description": "SNMP v3 user private password",
"required": false,
"sensitive": true,
"title": "Private password",
"type": "secure_string"
},
"user_id": {
"description": "SNMP v3 user ID",
"required": true,
"title": "User ID",
"type": "string"
}
},
"title": "SNMP v3 user",
"type": "object"
}
Source (type)
{
"abstract": true,
"additionalProperties": false,
"description": "Source that is logically deemed to be the \"object\" upon which the Event in question initially occurred upon. The Source is responsible for providing information of the occurred event. Some example sources include: - Resource. - API.",
"id": "Source",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"resource_type": {
"description": "Event Source resource type.",
"enum": [
"ResourceOperation",
"ApiRequestBody"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Event Source",
"type": "object"
}
SourceFieldEvaluation (type)
{
"additionalProperties": false,
"description": "Source Field Evaluation represents an evaluation on resource fields. A source field evaluation will be evaluated against an Event Source which is of type Resource Operation. For instance, the attribute constraint could be related to the necessity that one of the source fields equals one of the specified values.",
"extends": {
"$ref": "Evaluation
},
"id": "SourceFieldEvaluation",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"type-identifier": "SourceFieldEvaluation"
},
"properties": {
"expected": {
"description": "Expected values necessary to apply the specified operation on the source field value.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "Operator Arguments",
"type": "array"
},
"field_pointer": {
"description": "Field in the form of a pointer, describing the location of the attribute within the source of the event.",
"required": true,
"title": "Field Pointer",
"type": "string"
},
"operator": {
"description": "Logical operator.",
"enum": [
"EQ",
"NOT_EQ"
],
"required": true,
"title": "Logical Operator",
"type": "string"
},
"resource_type": {
"description": "Criterion Evaluation resource type.",
"enum": [
"SourceFieldEvaluation"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Source Field Evaluation",
"type": "object"
}
SourceIpPersistencePurge (type)
{
"additionalProperties": false,
"description": "If the persistence table is full and a new connection without a matching persistence entry is received, then by default(FULL) oldest persistence entries are purged from the table to make space for new entries. Each time purging gets triggered, a small percentage of the entries are purged. If purging is disabled(NO_PURGE) and a new incoming connection requires a persistence entry to be created, then that connection is rejected even though backend servers are available.",
"enum": [
"NO_PURGE",
"FULL"
],
"id": "SourceIpPersistencePurge",
"module_id": "LoadBalancer",
"title": "source ip persistence purge setting",
"type": "string"
}
SpacerWidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration for spacer widget. For this widget the data source is not applicable. This widget can be use to add the space inside the dashboard container.",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "SpacerWidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "SpacerWidgetConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Spacer widget Configuration",
"type": "object"
}
Span (type)
{
"additionalProperties": false,
"description": "Represents the strech information for a federated entity available only on local manager.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Span",
"module_id": "PolicySitesSpan",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"sites": {
"description": "List of SpanSiteInfos representing the strech of the entity.",
"items": {
"$ref": "SpanSiteInfo
},
"readonly": true,
"title": "List of SpanSiteInfos",
"type": "array"
},
"span_leader": {
"description": "Represents Policy resource type streached entity's span leader.",
"readonly": true,
"title": "Policy resource type of span leader",
"type": "string"
},
"span_resource": {
"description": "Represents Policy resource path of streached entity.",
"readonly": true,
"title": "Policy resource path",
"type": "string"
},
"span_resource_type": {
"description": "Policy resource type of the streached entity.",
"readonly": true,
"title": "Policy resource type",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Represents strech information for federated entity.",
"type": "object"
}
SpanSiteInfo (type)
{
"additionalProperties": false,
"description": "Represents the Site resource information for a Span entity including both the internal id as well as the site path.",
"id": "SpanSiteInfo",
"module_id": "PolicySitesSpan",
"properties": {
"site_id": {
"description": "Site UUID representing the Site resource",
"readonly": true,
"title": "Internal ID of the Site resource",
"type": "string"
},
"site_path": {
"description": "Path of the Site resource",
"readonly": true,
"title": "Path of the Site resource",
"type": "string"
}
},
"title": "Represents Site resource for Span entity.",
"type": "object"
}
SpoofGuardProfile (type)
{
"additionalProperties": false,
"description": "SpoofGuard is a tool that is designed to prevent virtual machines in your environment from sending traffic with IP addresses which are not authorized to send traffic from. A SpoofGuard policy profile once enabled blocks the traffic determined to be spoofed.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "SpoofGuardProfile",
"module_id": "PolicySpoofGuard",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"address_binding_allowlist": {
"default": false,
"description": "If true, enable the SpoofGuard, which only allows VM sending traffic with the IPs in the allowlist. This value cannot conflict with whitelist.",
"required": true,
"title": "Enable SpoofGuard",
"type": "boolean"
},
"address_binding_whitelist": {
"default": false,
"deprecated": true,
"description": "If true, enable the SpoofGuard, which only allows VM sending traffic with the IPs in the allowlist. This field is deprecated because it has offensive terminology. Please use address_binding_allowlist. This value cannot conflict with allow list.",
"required": true,
"title": "Enable SpoofGuard",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"search_dsl_name": [
"spoof guard segment profile"
],
"title": "SpoofGuard Profile",
"type": "object"
}
SpoofGuardProfileListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "SpoofGuardProfileListRequestParameters",
"module_id": "PolicySpoofGuard",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SpoofGuard profile request parameters",
"type": "object"
}
SpoofGuardProfileListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "SpoofGuardProfileListResult",
"module_id": "PolicySpoofGuard",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SpoofGuardProfile
},
"required": true,
"title": "SpoofGuard profile list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of SpoofGuard profiles",
"type": "object"
}
SshFingerprintProperties (type)
{
"additionalProperties": false,
"description": "Server properties - hostname/ip_address, port and ssh fingerprint",
"id": "SshFingerprintProperties",
"properties": {
"host_key_algorithms": {
"default": [
"ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp521"
],
"description": "Supported host key algorithms for SSH/SFTP connection.<br /> <i>Algorithms are preferred in the order they are specified in list.</i>",
"items": {
"$ref": "HostKeyAlgorithms
},
"minItems": 1,
"required": false,
"title": "Host key algorithms",
"type": "array"
},
"port": {
"description": "Remote server port on which ssh connection is made.",
"maximum": 65535,
"minimum": 1,
"required": true,
"title": "Server port",
"type": "integer"
},
"server": {
"description": "Server hostname/ip_address for which fingerprint has been retrieved.",
"pattern": "^.+$",
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
},
"ssh_fingerprint": {
"description": "Remote server's ssh fingerprint.",
"title": "SSH fingerprint of server",
"type": "string"
}
},
"title": "Server ssh fingerprint properties",
"type": "object"
}
SshKeyBaseProperties (type)
{
"additionalProperties": {},
"id": "SshKeyBaseProperties",
"properties": {
"label": {
"required": true,
"title": "SSH key label (used to identify the key)",
"type": "string"
},
"password": {
"required": false,
"sensitive": true,
"title": "Current password for user (required for users root and admin)",
"type": "string"
}
},
"type": "object"
}
SshKeyProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "SshKeyBaseProperties
},
"id": "SshKeyProperties",
"properties": {
"label": {
"required": true,
"title": "SSH key label (used to identify the key)",
"type": "string"
},
"password": {
"required": false,
"sensitive": true,
"title": "Current password for user (required for users root and admin)",
"type": "string"
},
"type": {
"pattern": "^(ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-dss|ssh-ed25519|ssh-rsa)$",
"required": true,
"title": "SSH key type",
"type": "string"
},
"value": {
"required": true,
"title": "SSH key value",
"type": "string"
}
},
"type": "object"
}
SshKeyPropertiesListResult (type)
{
"extends": {
"$ref": "ListResult
},
"id": "SshKeyPropertiesListResult",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "SshKeyProperties
},
"required": true,
"title": "SSH key properties query results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "SSH key properties query results",
"type": "object"
}
SshServiceProperties (type)
{
"additionalProperties": false,
"id": "SshServiceProperties",
"properties": {
"root_login": {
"title": "Permit SSH Root login",
"type": "boolean"
},
"start_on_boot": {
"required": true,
"title": "Start service when system boots",
"type": "boolean"
}
},
"title": "SSH Service properties",
"type": "object"
}
SslCipher (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "ECDH ciphers and 3DES ciphers are not supported because they are not supported by OpenSSL 3.0. Deprecated ciphers which do not comply with OpenSSL 3.0: - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
"enum": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"
],
"id": "SslCipher",
"module_id": "LoadBalancer",
"title": "SSL cipher",
"type": "string"
}
SslCipherGroup (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "SslCipherGroup can be configured in LB SSL profiles. The BALANCED SSL profile supports a mix of SSL protocols and ciphers to offer a perfect mix of performance and security to clients/servers. The HIGH_SECURITY SSL profile supports the highest-secured SSL protocols and ciphers to offer the most secured access to clients/servers. The HIGH_COMPATIBILITY SSL profile supports a large range of SSL protocols and ciphers to offer access to the widest range of clients/servers.",
"enum": [
"BALANCED",
"HIGH_SECURITY",
"HIGH_COMPATIBILITY",
"CUSTOM"
],
"id": "SslCipherGroup",
"module_id": "LoadBalancer",
"title": "SSL cipher group",
"type": "string"
}
SslProtocol (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"description": "Only TLS_V1_2 is supported. Deprecated protocols which do not comply with OpenSSL 3.0: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1",
"enum": [
"SSL_V2",
"SSL_V3",
"TLS_V1",
"TLS_V1_1",
"TLS_V1_2"
],
"id": "SslProtocol",
"module_id": "LoadBalancer",
"title": "SSL protocol",
"type": "string"
}
StageUpgradeRequestParameters (type)
{
"additionalProperties": false,
"description": "Parameters specified during upgrade staging request",
"id": "StageUpgradeRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"description": "Type of the component",
"readonly": false,
"required": false,
"title": "Component type",
"type": "string"
}
},
"title": "Stage upgrade request parameters",
"type": "object"
}
StaleCertificate (type)
{
"additionalProperties": false,
"extends": {
"$ref": "CertificateBinding
},
"id": "StaleCertificate",
"module_id": "CertificateManager",
"nsx_feature": "CertificateBatchOperations",
"properties": {
"certificate_id": {
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Certificate Id",
"type": "string"
},
"display_name": {
"description": "Display name of the stale certificate",
"readonly": true,
"required": false,
"title": "Display name",
"type": "string"
},
"node_id": {
"description": "Node Id to which this certificate is applied to.",
"readonly": false,
"required": false,
"title": "Node Id",
"type": "string"
},
"service_type": {
"$ref": "ServiceType,
"description": "Service Type of the CertificateProfile to which the certificate is applied to.",
"readonly": false,
"required": true,
"title": "Service Type"
}
},
"title": "Stale Certificate",
"type": "object"
}
StaleCertificatesListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "StaleCertificatesListResult",
"module_id": "CertificateManager",
"nsx_feature": "CertificateBatchOperations",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result": {
"description": "List of stale certificates.",
"items": {
"$ref": "StaleCertificate
},
"readonly": true,
"required": true,
"type": "array"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "List of stale certificates",
"type": "object"
}
StandaloneHostIdfwConfiguration (type)
{
"additionalProperties": false,
"description": "Idfw configuration for activate/deactivate idfw on standalone hosts.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "StandaloneHostIdfwConfiguration",
"module_id": "PolicyFirewallConfiguration",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idfw_enabled": {
"description": "If set to true, Idfw is enabled for standalone hosts",
"readonly": false,
"required": true,
"title": "Idfw enabled flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Standalone host idfw configuration",
"type": "object"
}
StatItem (type)
{
"additionalProperties": false,
"description": "Displayed as a single number. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states.",
"id": "StatItem",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget.",
"title": "Id of drilldown widget",
"type": "string"
},
"tooltip": {
"description": "Multi-line text to be shown on tooltip while hovering over the stat.",
"items": {
"$ref": "Tooltip
},
"minItems": 0,
"title": "Multi-line tooltip",
"type": "array"
},
"total": {
"description": "If expression for total is specified, it evaluates it. Total can be omitted if not needed to be shown.",
"title": "Total",
"type": "string"
},
"value": {
"description": "Expression for stat to be displayed.",
"maxLength": 1024,
"required": true,
"title": "Stat",
"type": "string"
}
},
"title": "Statistic of an entity",
"type": "object"
}
StaticARPConfig (type)
{
"additionalProperties": false,
"description": "Contains Static ARP configuration for Segment.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "StaticARPConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_address": {
"$ref": "IPAddress,
"required": true,
"title": "IP Address"
},
"mac_address": {
"$ref": "MACAddress,
"required": true,
"title": "MAC Address"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Static ARP Config",
"type": "object"
}
StaticFilter (type)
{
"additionalProperties": false,
"id": "StaticFilter",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"additional_value": {
"description": "An additional key-value pair for static filter.",
"required": false,
"title": "An additional value for static filter",
"type": "object"
},
"display_name": {
"description": "display name to be shown in the drop down for static filter.",
"maxLength": 1024,
"title": "Display name for static filter",
"type": "string"
},
"info_text": {
"description": "Additional information to be shown along with the static filter. It will shown on the tooltip of an info icon,",
"required": false,
"title": "Info text for the static filter.",
"type": "string"
},
"short_display_name": {
"description": "Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used.",
"maxLength": 1024,
"title": "A property value to be shown once value is selected for a filter.",
"type": "string"
},
"value": {
"description": "Value of static filter inside dropdown filter.",
"title": "Value of static filter",
"type": "string"
}
},
"title": "Static filters",
"type": "object"
}
StaticIpAllocation (type)
{
"description": "Static IP allocation for VPC Subnet ports with VIF attachement",
"id": "StaticIpAllocation",
"module_id": "PolicyVpcSubnet",
"properties": {
"enabled": {
"default": false,
"description": "Enable ip and mac addresse allocation for VPC Subnet ports from static ip pool. To enable this, dhcp pool shall be empty and static ip pool shall own all available ip addresses.",
"required": false,
"title": "Activate or Deactivate static ip allocation for VPC Subnet ports with VIF attachement",
"type": "boolean"
}
},
"title": "Static IP allocation for VPC Subnet ports with VIF attachement",
"type": "object"
}
StaticMimeContent (type)
{
"additionalProperties": false,
"description": "MIME content with text message and image path in it.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "StaticMimeContent",
"module_id": "PolicyStaticMimeContent",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"text_message": {
"description": "text message.",
"required": true,
"title": "text message",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Static MIME content",
"type": "object"
}
StaticPoolConfig (type)
{
"description": "Static IP pool configuration",
"id": "StaticPoolConfig",
"module_id": "PolicyVpcSubnet",
"properties": {
"ipv4_pool_size": {
"default": 0,
"description": "Number of IPs to be reserved in static ip pool. Maximum allowed value is 'subnet size - 4'. If dhcp is enabled then by default static ipv4 pool size will be zero and all available IPs will be reserved in local dhcp pool. If dhcp is deactivated then by default all IPs will be reserved in static ip pool.",
"minimum": 0,
"required": false,
"title": "Static IPv4 Pool size",
"type": "int"
}
},
"title": "Static IP pool configuration",
"type": "object"
}
StaticRouteBfdPeer (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "StaticRouteBfdPeer",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"bfd_profile_path": {
"description": "Bfd Profile is not supported for IPv6 networks.",
"title": "Policy path to Bfd Profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"StaticRouteBfdPeer"
],
"relationshipType": "BFD_CONFIG_BFD_PEER_RELATIONSHIP",
"rightType": [
"BfdProfile"
]
}
]
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "Flag to enable BFD peer.",
"title": "Enable BFD Peer",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"peer_address": {
"description": "Both IPv4 and IPv6 addresses are supported. Only a single BFD config per peer address is allowed.",
"required": true,
"title": "IP Address of static route next hop peer",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"scope": {
"description": "Represents the array of policy paths of locale services where this BFD peer should get relalized on. The locale service service and this BFD peer must belong to the same router. Default scope is empty.",
"items": {
"type": "string"
},
"required": false,
"title": "Array of policy paths of locale services",
"type": "array"
},
"source_addresses": {
"description": "Array of Tier0 external interface IP addresses. BFD peering is established from all these source addresses to the neighbor specified in peer_address. Both IPv4 and IPv6 addresses are supported.",
"items": {
"type": "string"
},
"maxItems": 8,
"minItems": 0,
"title": "List of source IP addresses",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Static Route Bidirectional Forwarding Detection Peer",
"type": "object"
}
StaticRouteBfdPeerListResult (type)
{
"additionalProperties": false,
"description": "Paged collection of StaticRouteBfdPeer.",
"extends": {
"$ref": "ListResult
},
"id": "StaticRouteBfdPeerListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "StaticRouteBfdPeer list results.",
"items": {
"$ref": "StaticRouteBfdPeer
},
"required": true,
"title": "StaticRouteBfdPeer list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Colleciton of StaticRouteBfdPeer",
"type": "object"
}
StaticRoutes (type)
{
"additionalProperties": false,
"description": "Static routes configuration on Tier-0, Tier-1 or VPC.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "StaticRoutes",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled_on_secondary": {
"default": false,
"description": "When false or by default northbound routes are configured only on the primary location and not on secondary location. When true, the static route will also be configured on a secondary location. Secondary location prefers route learned from the primary location and enabling this flag secondary location can override this. This flag is not applicable if all sites are primary. Not applicable for static routes created under VPC.",
"title": "Flag to plumb route on secondary site",
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"network": {
"$ref": "IPElement,
"description": "Specify network address in CIDR format. In case of VPC, user can optionally use allocated IP from one of the external blocks associated with VPC. Only /32 CIDR is allowed in case IP overlaps with external blocks.",
"required": true,
"title": "Network address in CIDR format"
},
"next_hops": {
"description": "Specify next hop routes for network.",
"items": {
"$ref": "RouterNexthop
},
"minItems": 1,
"required": true,
"title": "Next hop routes for network",
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Static routes configuration on Tier-0, Tier-1 or VPC",
"type": "object"
}
StaticRoutesListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "StaticRoutesListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Static Routes list request parameters",
"type": "object"
}
StaticRoutesListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "StaticRoutesListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "StaticRoutes
},
"required": true,
"title": "Static Routes list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Static Routes",
"type": "object"
}
StatisticsRequestParameters (type)
{
"description": "Request parameters that represents an enforcement point path. A request on statistics can be parameterized with this path and will be evaluated as follows: - no enforcement point path specified: the request is evaluated on all enforcement points. - {enforcement_point_path}: the request is evaluated only on the given enforcement point. - {container_cluster_path}: The request is evaluated only on the given container cluster.",
"id": "StatisticsRequestParameters",
"module_id": "PolicyBaseStatistics",
"properties": {
"container_cluster_path": {
"description": "Path to the container cluster entity where the request will be executed.",
"required": false,
"title": "String Path of the Container Cluster entity",
"type": "string"
},
"enforcement_point_path": {
"description": "enforcement point path, forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
}
},
"title": "Statistics Request Parameters",
"type": "object"
}
StatsConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration of a statistic for an entity. Example, number of logical switches and their admin states.",
"extends": {
"$ref": "WidgetConfiguration
},
"id": "StatsConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "StatsConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"label": {
"$ref": "Label,
"description": "Displayed at the sections, by default. It labels the entities of sections. If label is not provided, the sections are not labelled.",
"title": "Label of the Stats Configuration"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"navigation": {
"description": "Hyperlink of the specified UI page that provides details.",
"maxLength": 1024,
"title": "Navigation to a specified UI page",
"type": "string"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"sections": {
"decription": "High level logical grouping of portions or segments.",
"items": {
"$ref": "DonutSection
},
"minItems": 0,
"title": "Sections",
"type": "array"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"stat": {
"$ref": "StatItem,
"description": "Expression that fetches statistic. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states. If stat is not provided, then it will not be displayed.",
"title": "Expression for feching statistic of an entity"
},
"sub_type": {
"description": "A sub-type of StatsConfiguration. If sub-type is not specified the parent type is rendered. The COMPACT sub_type, conserves the space for the widget. The statistic is placed on the right side on top of the status bar and the title of the widget is placed on the left side on the top of the status bar. The COMPACT style aligns itself horizontally as per the width of the container. If multiple widgets are placed insided the container then the widgets are placed one below the other to conserve the space.",
"enum": [
"COMPACT"
],
"title": "Sub-type of the StatsConfiguration",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Stats Configuration",
"type": "object"
}
StatusSummaryRequestParameters (type)
{
"additionalProperties": false,
"id": "StatusSummaryRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": false,
"title": "Component type based on which upgrade units to be filtered",
"type": "string"
},
"selection_status": {
"default": "ALL",
"enum": [
"SELECTED",
"DESELECTED",
"ALL"
],
"required": false,
"title": "Flag to indicate whether to return status for only selected, only deselected or both type of upgrade units",
"type": "string"
},
"show_history": {
"description": "Get details of the last 16 operations performed during the upgrade of a given component.",
"readonly": false,
"required": false,
"title": "Get upgrade activity for a given component",
"type": "boolean"
}
},
"type": "object"
}
StringArrayConstraintValue (type)
{
"additionalProperties": false,
"description": "List of String values",
"extends": {
"$ref": "ConstraintValue
},
"id": "StringArrayConstraintValue",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"type-identifier": "StringArrayConstraintValue"
},
"properties": {
"resource_type": {
"enum": [
"StringArrayConstraintValue",
"CidrArrayConstraintValue",
"IntegerArrayConstraintValue"
],
"required": true,
"type": "string"
},
"values": {
"description": "Array of string values",
"items": {
"type": "string"
},
"maxItems": 100,
"minItems": 1,
"required": true,
"title": "Array of String",
"type": "array"
}
},
"title": "Array of String Values to perform operation",
"type": "object"
}
StubStatus (type)
{
"id": "StubStatus",
"module_id": "SiteManagerModule",
"properties": {
"address": {
"title": "IP/FQDN of the node",
"type": "string"
},
"connection_up": {
"required": true,
"title": "Is stub up",
"type": "boolean"
}
},
"type": "object"
}
SubjectAltNames (type)
{
"additionalProperties": false,
"id": "SubjectAltNames",
"module_id": "CertificateManager",
"properties": {
"dns_names": {
"description": "A list of DNS names in subject alternative names",
"items": {
"$ref": "DnsNameString
},
"maxItems": 128,
"minItems": 1,
"readonly": true,
"required": false,
"title": "DNS names",
"type": "array"
},
"ip_addresses": {
"description": "A list of IP addresses in subject alternative names",
"items": {
"oneOf": [
{
"format": "ipv4"
},
{
"format": "ipv6"
}
],
"type": "string"
},
"maxItems": 64,
"minItems": 1,
"readonly": true,
"required": false,
"title": "IP Addresses",
"type": "array"
}
},
"title": "A collection of subject alternative names",
"type": "object"
}
SubjectPublicKeyHash (type)
{
"additionalProperties": false,
"id": "SubjectPublicKeyHash",
"module_id": "CertificateManager",
"properties": {
"public_key_sha256_hashes": {
"description": "List of SHA256 hashes of the Public Key of the revoked certificates with the specified subject.",
"items": {
"type": "string"
},
"title": "SHA256 hashes of Public Keys",
"type": "array"
},
"subject": {
"description": "Subject Distinguished Name of the revoked certificates.",
"title": "Subject Distinguished Name (DN)",
"type": "string"
}
},
"type": "object"
}
SubnetAdvancedConfig (type)
{
"description": "VPC Subnet Advanced Configuration",
"id": "SubnetAdvancedConfig",
"module_id": "PolicyVpcSubnet",
"properties": {
"static_ip_allocation": {
"$ref": "StaticIpAllocation,
"description": "Static IP allocation configuration for VPC Subnet ports with VIF attachement. Not supported when DUAL ip_address_type is used in parent VPC.",
"required": false,
"title": "Static IP allocation for VPC Subnet ports with VIF attachement"
}
},
"title": "VPC Subnet Advanced Configuration",
"type": "object"
}
SubnetProfiles (type)
{
"description": "Profile references will be applied to subnets. If not specified by the user, default profiles will be used.",
"id": "SubnetProfiles",
"module_id": "PolicyVpc",
"properties": {
"ip_discovery": {
"description": "Using this profile to configure different options of IP Discovery",
"required": false,
"title": "IP Discovery Profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_IP_DISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"IPDiscoveryProfile"
]
}
]
},
"mac_discovery": {
"description": "Mac Discovery Profile",
"required": false,
"title": "Mac Discovery Profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_MAC_DISCOVERY_PROFILE_RELATIONSHIP",
"rightType": [
"MacDiscoveryProfile"
]
}
]
},
"qos": {
"description": "Segment Qos Profile",
"required": false,
"title": "Segment Qos Profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_SUBNET_QOS_PROFILE_RELATIONSHIP",
"rightType": [
"QoSProfile"
]
}
]
},
"segment_security": {
"description": "Security features are extended by policy operations for securing logical segments.",
"required": false,
"title": "Segment Security Profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_SUBNET_SECURITY_PROFILE_RELATIONSHIP",
"rightType": [
"SegmentSecurityProfile"
]
}
]
},
"spoof_guard": {
"description": "SpoofGuard is a tool that is designed to prevent virtual machines in your environment from sending traffic with IP addresses which are not authorized to send traffic from. A SpoofGuard policy profile once enabled blocks the traffic determined to be spoofed.",
"required": false,
"title": "SpoofGuard Profile",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_SPOOF_GUAURD_PROFILE_RELATIONSHIP",
"rightType": [
"SpoofGuardProfile"
]
}
]
}
},
"title": "Subnet Profiles",
"type": "object"
}
SuccessNodeSupportBundleResult (type)
{
"additionalProperties": false,
"id": "SuccessNodeSupportBundleResult",
"properties": {
"bundle_name": {
"readonly": true,
"required": true,
"title": "Name of support bundle, e.g. nsx_NODETYPE_UUID_YYYYMMDD_HHMMSS.tgz",
"type": "string"
},
"bundle_size": {
"readonly": true,
"required": true,
"title": "Size of support bundle in bytes",
"type": "integer"
},
"node_display_name": {
"readonly": true,
"required": true,
"title": "Display name of node",
"type": "string"
},
"node_id": {
"readonly": true,
"required": true,
"title": "UUID of node",
"type": "string"
},
"node_ip": {
"readonly": true,
"required": true,
"title": "IPv4 address of node",
"type": "string"
},
"node_ipv6": {
"readonly": true,
"required": true,
"title": "IPv6 address of node",
"type": "string"
},
"sha256_thumbprint": {
"readonly": true,
"required": true,
"title": "File's SHA256 thumbprint",
"type": "string"
}
},
"type": "object"
}
SummaryRequest (type)
{
"additionalProperties": false,
"id": "SummaryRequest",
"module_id": "Upgrade",
"properties": {
"summary": {
"default": false,
"readonly": false,
"required": false,
"title": "Flag indicating whether to return the summary",
"type": "boolean"
}
},
"type": "object"
}
SupportBundleConfig (type)
{
"additionalProperties": false,
"description": "Config to enable/disable concurrent tasks execution on support bundle collection.",
"id": "SupportBundleConfig",
"module_id": "PlatformManagement",
"properties": {
"enable_concurrent_tasks": {
"default": true,
"description": "When collecting data for support bundles, allow concurrent data collection. If set to false, data is collected one at a time, for example, APIs are invoked one at a time then system commands are invoked one at a time, etc. By default, the value of this property is true.",
"required": true,
"title": "Enable concurrent data collection",
"type": "boolean"
}
},
"title": "Supportbundle configuration",
"type": "object"
}
SupportBundleContainerNode (type)
{
"abstract": true,
"additionalProperties": {},
"id": "SupportBundleContainerNode",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "container_type"
},
"properties": {
"container_type": {
"enum": [
"ANTREA"
],
"required": true,
"title": "Support bundle container type",
"type": "string"
}
},
"type": "object"
}
SupportBundleFileTransferAuthenticationScheme (type)
{
"additionalProperties": false,
"id": "SupportBundleFileTransferAuthenticationScheme",
"properties": {
"password": {
"required": true,
"sensitive": true,
"title": "Password to authenticate with",
"type": "string"
},
"scheme_name": {
"enum": [
"PASSWORD"
],
"required": true,
"title": "Authentication scheme name",
"type": "string"
},
"username": {
"required": true,
"title": "User name to authenticate with",
"type": "string"
}
},
"type": "object"
}
SupportBundleFileTransferProtocol (type)
{
"additionalProperties": false,
"id": "SupportBundleFileTransferProtocol",
"properties": {
"authentication_scheme": {
"$ref": "SupportBundleFileTransferAuthenticationScheme,
"required": true,
"title": "Scheme to authenticate if required"
},
"name": {
"enum": [
"SCP",
"SFTP"
],
"required": true,
"title": "Protocol name",
"type": "string"
},
"ssh_fingerprint": {
"required": true,
"title": "SSH fingerprint of server",
"type": "string"
}
},
"type": "object"
}
SupportBundleQueryParameter (type)
{
"additionalProperties": false,
"id": "SupportBundleQueryParameter",
"properties": {
"override_async_response": {
"default": false,
"description": "Override an existing support bundle async response if it exists. If not set to true and an existing async response is available, the support bundle request results in 409 CONFLICT.",
"title": "Override any existing support bundle async response",
"type": "boolean"
},
"require_delete_or_override_async_response": {
"default": false,
"description": "If the remote_file_server option has not been specified, save generated support bundle until a subsequent request either deletes or overrides the support bundle generated by the current request using the action=delete_async_response or override_async_response=true query parameters. Setting this property to true allows the NSX API client to re-download a support bundle if for example a previous download attempt fails.",
"title": "Suppress auto-deletion of generated support bundle",
"type": "boolean"
}
},
"type": "object"
}
SupportBundleQueryParameters (type)
{
"additionalProperties": false,
"id": "SupportBundleQueryParameters",
"properties": {
"all": {
"default": false,
"description": "Include all files including files that may have sensitive information like core files.",
"title": "Include all files",
"type": "boolean"
}
},
"type": "object"
}
SupportBundleRemoteFileServer (type)
{
"additionalProperties": false,
"id": "SupportBundleRemoteFileServer",
"properties": {
"directory_path": {
"required": true,
"title": "Remote server directory to copy bundle files to",
"type": "string"
},
"manager_upload_only": {
"default": false,
"title": "Uploads to the remote file server performed by the manager",
"type": "boolean"
},
"port": {
"default": 22,
"maximum": 65535,
"minimum": 1,
"title": "Server port",
"type": "integer"
},
"protocol": {
"$ref": "SupportBundleFileTransferProtocol,
"required": true,
"title": "Protocol to use to copy file"
},
"server": {
"required": true,
"title": "Remote server hostname or IP address",
"type": "string"
}
},
"title": "Remote file server",
"type": "object"
}
SupportBundleRequest (type)
{
"additionalProperties": false,
"id": "SupportBundleRequest",
"properties": {
"container_nodes": {
"items": {
"$ref": "SupportBundleContainerNode
},
"minItems": 1,
"required": false,
"title": "List of container clusters and their nodes requiring support bundle collection",
"type": "array"
},
"content_filters": {
"default": [
"DEFAULT"
],
"description": "<p>List of content filters that specify additional content or action when collecting support bundle. </p> <ul><li>Filter <code>ALL</code> includes core dumps and audit logs in support bundle</li> <li>Filter <code>REMOVE_CORE_FILES</code> can optionally be in list with <code>ALL</code>, to remove core dump files after collected in support bundle</li> <li>Filter <code>EAL4_AUDIT</code> can optionally be in list to collect pre-defined selective log files. The selected log files are deleted from the support bundle if the files have not been modified in the last 4 hours.</li></ul> <p>By default no core dumps and audit logs are included in support bundle with filter <code>DEFAULT</code>.</p> <p>No other content-filters can be added along with <code>EAL4_AUDIT</code> content-filter<p> <p>When content-filter <code>EAL4_AUDIT</code> is added, the log_age_limit field is disabled.</p> <p>Note, <code>REMOVE_CORE_FILES</code> is limited to NSX appliance and ESXi nodes only.</p>",
"items": {
"$ref": "ContentFilterValue
},
"minItems": 1,
"title": "Bundle should include content of specified type",
"type": "array"
},
"dynamic_content_filters": {
"default": [
"ALL"
],
"description": "List of dynamic content filters that specify additional content to include in the support bundle. The list of available filters available depends on your NSX-T deployment and can be determined by invoking the GET /api/v1/adminstration/support-bundles/dynamic-content-filters NSX API. For example, if NSX Intelligence is deployed, filters for collecting specific information about services are available.",
"items": {
"$ref": "DynamicContentFilterValue
},
"required": false,
"title": "List of content filters that decide the additional content that go into the support bundle",
"type": "array"
},
"log_age_limit": {
"maximum": 365,
"minimum": 1,
"title": "Include log files with modified times not past the age limit in days",
"type": "integer"
},
"nodes": {
"items": {
"type": "string"
},
"minItems": 1,
"required": false,
"title": "List of cluster/fabric node UUIDs processed in specified order",
"type": "array"
},
"remote_file_server": {
"$ref": "SupportBundleRemoteFileServer,
"title": "Remote file server to copy bundles to, bundle in response body if not specified"
}
},
"type": "object"
}
SupportBundleResult (type)
{
"additionalProperties": false,
"id": "SupportBundleResult",
"properties": {
"failed_nodes": {
"items": {
"$ref": "FailedNodeSupportBundleResult
},
"readonly": true,
"required": true,
"title": "Nodes where bundles were not generated or not copied to remote server",
"type": "array"
},
"remaining_nodes": {
"items": {
"$ref": "RemainingSupportBundleNode
},
"title": "Nodes where bundle generation is pending or in progress",
"type": "array"
},
"request_properties": {
"$ref": "SupportBundleRequest,
"readonly": true,
"required": true,
"title": "Request properties"
},
"success_nodes": {
"items": {
"$ref": "SuccessNodeSupportBundleResult
},
"readonly": true,
"required": true,
"title": "Nodes whose bundles were successfully copied to remote file server",
"type": "array"
}
},
"type": "object"
}
SwitchingProfileType (type) (Deprecated)
{
"deprecated": true,
"description": "Supported switching profiles. 'PortMirroringSwitchingProfile' is deprecated, please turn to \"Troubleshooting And Monitoring: Portmirroring\" and use PortMirroringSession API for port mirror function.",
"enum": [
"QosSwitchingProfile",
"PortMirroringSwitchingProfile",
"IpDiscoverySwitchingProfile",
"SpoofGuardSwitchingProfile",
"SwitchSecuritySwitchingProfile",
"MacManagementSwitchingProfile",
"RealTimeEthernetSwitchingProfile"
],
"id": "SwitchingProfileType",
"module_id": "BaseSwitchingProfile",
"title": "Supported switching profiles.",
"type": "string"
}
SwitchingProfileTypeIdEntry (type) (Deprecated)
{
"deprecated": true,
"id": "SwitchingProfileTypeIdEntry",
"module_id": "BaseSwitchingProfile",
"properties": {
"key": {
"$ref": "SwitchingProfileType
},
"value": {
"description": "key value",
"readonly": false,
"required": true,
"type": "string"
}
},
"type": "object"
}
SwitchoverStatus (type)
{
"id": "SwitchoverStatus",
"module_id": "SiteManagerModule",
"properties": {
"current_step": {
"$ref": "ProgressItem,
"title": "Progress of each items"
},
"current_step_number": {
"required": true,
"title": "Current number",
"type": "integer"
},
"note": {
"required": true,
"title": "Special messages, most of the time this will be empty, i.e. If SM performing the operation went down, another SM will restart the progress.",
"type": "string"
},
"number_of_steps": {
"required": true,
"title": "Total number of steps",
"type": "integer"
},
"overall_status": {
"enum": [
"NOT_STARTED",
"RUNNING",
"ERROR",
"COMPLETE"
],
"required": true,
"title": "Status of the operation",
"type": "string"
}
},
"type": "object"
}
SwsecCounters (type)
{
"id": "SwsecCounters",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"bpdu_filter_drops": {
"description": "Number of packets dropped by BPDU Filtering. When the BPDU Filter is enabled, traffic to the configured BPDU destination MAC addresses",
"readonly": true,
"required": false,
"type": "integer"
},
"dhcp_client_block_ipv4_drops": {
"description": "Number of IPv4 DHCP packets dropped by DHCP Client Block. DHCP Client Block prevents a VM from acquiring DHCP IP address by blocking DHCP requests",
"readonly": true,
"required": false,
"type": "integer"
},
"dhcp_client_block_ipv6_drops": {
"description": "Number of DHCPv6 packets dropped by DHCP Client Block. DHCP Client Block prevents a VM from acquiring DHCP IP address by blocking DHCP requests",
"readonly": true,
"required": false,
"type": "integer"
},
"dhcp_client_validate_ipv4_drops": {
"description": "Number of IPv4 DHCP packets dropped because addresses in the payload were not valid",
"readonly": true,
"required": false,
"type": "integer"
},
"dhcp_server_block_ipv4_drops": {
"description": "Number of IPv4 DHCP packets dropped by DHCP Server Block. DHCP Server Block blocks traffic from a DHCP Server to a DHCP Client",
"readonly": true,
"required": false,
"type": "integer"
},
"dhcp_server_block_ipv6_drops": {
"description": "Number of DHCPv6 packets dropped by DHCP Server Block. DHCP Server Block blocks traffic from a DHCP Server to a DHCP Client",
"readonly": true,
"required": false,
"type": "integer"
},
"nd_parse_errors": {
"description": "Number of IPv 6 Router Advertisement packets dropped by RA Guard.",
"readonly": true,
"required": false,
"type": "integer"
},
"ra_guard_drops": {
"description": "Number of IPv6 Neighbor Discovery (ND) packets which were not correctly parsed",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_arp_pkts": {
"description": "Number of transmitted IPv6 packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_garp_pkts": {
"description": "Number of transmitted ARP packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv4_pkts": {
"description": "Number of received IPv4 packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv6_pkts": {
"description": "Number of received IPv6 packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_na_pkts": {
"description": "Number of IPv6 ND (Neighbor Discovery) NA (Neighbor Advertisement) packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_non_ip_pkts": {
"description": "Number of transmitted Gratuitous ARP (GARP) packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ns_pkts": {
"description": "Number of IPv6 ND (Neighbor Discovery) NS (Neighbor Solicitation) packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_rate_limit_bcast_drops": {
"description": "Number of ingress packets dropped by broadcast Rate Limiting",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_rate_limit_mcast_drops": {
"description": "Number of ingress packets dropped by multicast Rate Limiting",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_unsolicited_na_pkts": {
"description": "Number of IPv6 ND (Neighbor Discovery) NA (Neighbor Advertisement) packets which, were unsolicited",
"readonly": true,
"required": false,
"type": "integer"
},
"spoof_guard_arp_drops": {
"description": "Number of IPv6 packets dropped by Spoof Guard. SpoofGuard protects against IP spoofing by maintaining a reference table of , VM names and IP addresses",
"readonly": true,
"required": false,
"type": "integer"
},
"spoof_guard_ipv4_drops": {
"description": "Number of IPv4 packets dropped by Spoof Guard. SpoofGuard protects against IP spoofing by maintaining a reference table of , VM names and IP addresses",
"readonly": true,
"required": false,
"type": "integer"
},
"spoof_guard_ipv6_drops": {
"description": "Number of IPv6 Neighbor Discovery (ND) packets dropped by Spoof Guard. SpoofGuard protects against ND Spoofing by filtering out ND packets whose addresses, do not match the VM's address",
"readonly": true,
"required": false,
"type": "integer"
},
"spoof_guard_nd_drops": {
"description": "Number of ARP packets dropped by Spoof Guard. Spoof Guard protects against malicious ARP spoofing attacks by keeping track of , MAC and IP addresses",
"readonly": true,
"required": false,
"type": "integer"
},
"spoof_guard_non_ip_drops": {
"description": "Number of Non-IP packets dropped by Spoof Guard",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_arp_pkts": {
"description": "Number of received ARP packets",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv4_pkts": {
"description": "Number of transmitted IPv4 packets",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv6_pkts": {
"description": "Number of received non-IP packets",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_non_ip_pkts": {
"description": "Number of transmitted non-IP packets",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_rate_limit_bcast_drops": {
"description": "Number of egress packets dropped by broadcast Rate Limiting",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_rate_limit_mcast_drops": {
"description": "Number of egress packets dropped by multicast Rate Limiting",
"readonly": true,
"required": false,
"type": "integer"
}
},
"type": "object"
}
SyslogFacility (type)
{
"enum": [
"KERN",
"USER",
"MAIL",
"DAEMON",
"AUTH",
"SYSLOG",
"LPR",
"NEWS",
"UUCP",
"AUTHPRIV",
"FTP",
"LOGALERT",
"CRON",
"LOCAL0",
"LOCAL1",
"LOCAL2",
"LOCAL3",
"LOCAL4",
"LOCAL5",
"LOCAL6",
"LOCAL7"
],
"id": "SyslogFacility",
"title": "Syslog facility",
"type": "string"
}
SystemHostname (type)
{
"id": "SystemHostname",
"maxLength": 255,
"pattern": "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\\.?$",
"title": "System host name",
"type": "string"
}
Tag (type)
{
"id": "Tag",
"module_id": "Common",
"properties": {
"scope": {
"default": "",
"description": "Tag searches may optionally be restricted by scope",
"display": {
"order": 1
},
"maxLength": 128,
"readonly": false,
"title": "Tag scope",
"type": "string"
},
"tag": {
"default": "",
"description": "Identifier meaningful to user with maximum length of 256 characters",
"display": {
"order": 2
},
"readonly": false,
"title": "Tag value",
"type": "string"
}
},
"title": "Arbitrary key-value pairs that may be attached to an entity",
"type": "object"
}
TagBulkOperation (type)
{
"additionalProperties": false,
"description": "Tag and resource information on which tag to be applied or removed.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "TagBulkOperation",
"module_id": "PolicyTag",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"apply_to": {
"description": "List of resources on which tag needs to be applied.",
"items": {
"$ref": "ResourceInfo
},
"title": "List of resources on which tag needs to be applied",
"type": "array"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"remove_from": {
"description": "List of resources from which tag needs to be removed.",
"items": {
"$ref": "ResourceInfo
},
"title": "List of resources from which tag needs to be removed",
"type": "array"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tag": {
"$ref": "Tag,
"required": true,
"title": "Tag"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Payload to update the tag on specified objects",
"type": "object"
}
TagBulkOperationStatus (type)
{
"additionalProperties": false,
"description": "Status of tag bulk operation.",
"id": "TagBulkOperationStatus",
"module_id": "PolicyTag",
"properties": {
"apply_to": {
"description": "Tag apply operation status per resource type.",
"items": {
"$ref": "ResourceTypeTagStatus
},
"title": "Tag apply operation status per resource type",
"type": "array"
},
"path": {
"required": true,
"title": "Intent path corresponding to tag operation",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"remove_from": {
"description": "Tag remove operation status per resource type.",
"items": {
"$ref": "ResourceTypeTagStatus
},
"title": "Tag remove operation status per resource type",
"type": "array"
},
"status": {
"enum": [
"Success",
"Running",
"Error",
"Pending"
],
"required": true,
"title": "Overall status",
"type": "string"
},
"tag": {
"$ref": "Tag,
"required": true,
"title": "Tag"
}
},
"title": "Status of tag bulk operation",
"type": "object"
}
TagInfo (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Tag
},
"id": "TagInfo",
"module_id": "PolicyTag",
"properties": {
"scope": {
"default": "",
"description": "Tag searches may optionally be restricted by scope",
"display": {
"order": 1
},
"maxLength": 128,
"readonly": false,
"title": "Tag scope",
"type": "string"
},
"tag": {
"default": "",
"description": "Identifier meaningful to user with maximum length of 256 characters",
"display": {
"order": 2
},
"readonly": false,
"title": "Tag value",
"type": "string"
},
"tagged_objects_count": {
"readonly": true,
"required": false,
"title": "Number of objects with assigned with matching scope and tag values",
"type": "int"
}
},
"title": "Information about arbitrary key-value pairs that may be attached to an entity",
"type": "object"
}
TagInfoListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "TagInfoListRequestParameters",
"module_id": "PolicyTag",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"scope": {
"required": false,
"title": "Tag scope",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"source": {
"enum": [
"Amazon",
"Azure",
"NSX",
"ANY"
],
"required": false,
"title": "Source from which tags are synced.",
"type": "string"
},
"tag": {
"required": false,
"title": "Tag value",
"type": "string"
}
},
"title": "TagInfo list request parameters",
"type": "object"
}
TagInfoListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "TagInfoListResult",
"module_id": "PolicyTag",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "TagInfo
},
"required": true,
"title": "Tag info list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Tags",
"type": "object"
}
TaggedObjectsListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "TaggedObjectsListRequestParameters",
"module_id": "PolicyTag",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"filter_by": {
"description": "Comma-separated list of field names used to filter tagged objects. Supported field names are resource_type, display_name and external_id.",
"required": false,
"title": "Comma-separated list of field names to filter tagged objects.",
"type": "string"
},
"filter_text": {
"required": false,
"title": "Filter text to restrict tagged objects list with matching filter text.",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"scope": {
"required": false,
"title": "Tag scope",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"tag": {
"required": false,
"title": "Tag value",
"type": "string"
}
},
"title": "TagInfo list request parameters",
"type": "object"
}
TaskProperties (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "TaskProperties",
"module_id": "Common",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"async_response_available": {
"display": {
"order": 13
},
"readonly": true,
"title": "True if response for asynchronous request is available",
"type": "boolean"
},
"cancelable": {
"display": {
"order": 8
},
"readonly": true,
"title": "True if this task can be canceled",
"type": "boolean"
},
"description": {
"display": {
"order": 2
},
"readonly": true,
"title": "Description of the task",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"display": {
"order": 6
},
"readonly": true,
"title": "The end time of the task in epoch milliseconds"
},
"id": {
"display": {
"order": 1
},
"readonly": true,
"title": "Identifier for this task",
"type": "string"
},
"message": {
"display": {
"order": 4
},
"readonly": true,
"title": "A message describing the disposition of the task",
"type": "string"
},
"progress": {
"display": {
"order": 7
},
"maximum": 100,
"minimum": 0,
"readonly": true,
"title": "Task progress if known, from 0 to 100",
"type": "integer"
},
"request_method": {
"display": {
"order": 12
},
"readonly": true,
"title": "HTTP request method",
"type": "string"
},
"request_uri": {
"display": {
"order": 11
},
"readonly": true,
"title": "URI of the method invocation that spawned this task",
"type": "string"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"display": {
"order": 5
},
"readonly": true,
"title": "The start time of the task in epoch milliseconds"
},
"status": {
"$ref": "TaskStatus,
"display": {
"order": 3
},
"readonly": true,
"title": "Current status of the task"
},
"user": {
"display": {
"order": 10
},
"readonly": true,
"title": "Name of the user who created this task",
"type": "string"
}
},
"title": "Task properties",
"type": "object"
}
TaskStatus (type)
{
"enum": [
"running",
"error",
"success",
"canceling",
"canceled",
"killed"
],
"id": "TaskStatus",
"module_id": "Common",
"title": "Current status of the task",
"type": "string"
}
TcpHeader (type)
{
"additionalProperties": false,
"id": "TcpHeader",
"module_id": "Traceflow",
"properties": {
"dst_port": {
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Destination port of tcp header",
"type": "integer"
},
"src_port": {
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Source port of tcp header",
"type": "integer"
},
"tcp_flags": {
"maximum": 511,
"minimum": 0,
"required": false,
"title": "TCP flags (9bits)",
"type": "integer"
}
},
"type": "object"
}
TcpMaximumSegmentSizeClamping (type)
{
"additionalProperties": false,
"description": "TCP MSS Clamping Direction and Value.",
"id": "TcpMaximumSegmentSizeClamping",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"direction": {
"default": "NONE",
"description": "Specifies the traffic direction for which to apply MSS Clamping.",
"enum": [
"NONE",
"INBOUND_CONNECTION",
"OUTBOUND_CONNECTION",
"BOTH"
],
"required": false,
"title": "Maximum Segment Size Clamping Direction",
"type": "string"
},
"max_segment_size": {
"description": "MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 216 to 8960.",
"maximum": 8902,
"minimum": 108,
"required": false,
"title": "Maximum Segment Size Value",
"type": "integer"
}
},
"title": "TCP MSS Clamping",
"type": "object"
}
TepGroupConfig (type)
{
"additionalProperties": false,
"id": "TepGroupConfig",
"module_id": "Policy",
"properties": {
"enable_tep_grouping_on_edge": {
"default": false,
"description": "Indicates if the TEP Grouping is enabled on an Edge TransportNode. Set enable_tep_grouping_on_edge to true to enable flow-based load balancing for overlay traffic in a multi TEP Edge deployment. This feature does not support EVPN, Multicast Routing, Federation and IPv6 TEP functionalities. Do not enable this feature if these functionalities are already configured in your environment. If this feature is enabled and is planned to use the above mentioned unsupported functionalities, please disable the feature first.",
"required": false,
"title": "Enable or disable TEP Grouping on Edge TransportNode.",
"type": "boolean"
}
},
"title": "VTEP Group Configurations",
"type": "object"
}
Tier0 (type)
{
"additionalProperties": false,
"description": "Tier-0 configuration for external connectivity.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Tier0",
"module_id": "PolicyConnectivity",
"policy_hierarchical_children": [
"ChildCommunityList",
"ChildLocaleServices",
"ChildPolicyDnsForwarder",
"ChildPrefixList",
"ChildStaticRoutes",
"ChildTier0RouteMap"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"advanced_config": {
"$ref": "Tier0AdvancedConfig,
"description": "NSX specific configuration for tier-0",
"required": false,
"title": "Advanced configuration for tier-0"
},
"arp_limit": {
"description": "Maximum number of ARP entries per transport node.",
"maximum": 50000,
"minimum": 5000,
"required": false,
"title": "ARP limit per transport node",
"type": "int"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"default_rule_logging": {
"default": false,
"deprecated": true,
"description": "Indicates if logging should be enabled for the default whitelisting rule. This field is deprecated and recommended to change Rule logging field. Note that this field is not synchronized with default logging field.",
"required": false,
"title": "Enable logging for whitelisted rule",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_config_paths": {
"description": "DHCP configuration for Segments connected to Tier-0. DHCP service is configured in relay mode.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 0,
"required": false,
"title": "DHCP configuration for Segments connected to Tier-0",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0"
],
"relationshipType": "DHCP_SERVER_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpServerConfig"
]
},
{
"leftType": [
"Tier0"
],
"relationshipType": "DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"disable_firewall": {
"default": false,
"description": "Disable or enable gateway fiewall.",
"required": false,
"title": "Disable gateway firewall",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_rd_per_edge": {
"description": "This field is enable that each edge node has a distinct route distinguisher per edge node.",
"nsx_feature": "RdPerSr",
"required": false,
"title": "Flag to enable route distinguisher per edge node",
"type": "boolean"
},
"failover_mode": {
"default": "NON_PREEMPTIVE",
"description": "Determines the behavior when a Tier-0 instance in ACTIVE-STANDBY high-availability mode restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. This property is not used when the ha_mode property is set to ACTIVE_ACTIVE. Only applicable when edge cluster is configured in Tier0 locale-service.",
"enum": [
"PREEMPTIVE",
"NON_PREEMPTIVE"
],
"required": false,
"title": "Failover mode",
"type": "string"
},
"federation_config": {
"$ref": "FederationGatewayConfig,
"description": "Additional config for federation.",
"readonly": true,
"title": "Federation releated config"
},
"force_whitelisting": {
"default": false,
"deprecated": true,
"description": "This field is deprecated and recommended to change Rule action field. Note that this field is not synchronized with default rule field.",
"required": false,
"title": "Flag to add whitelisting FW rule during realization",
"type": "boolean"
},
"ha_mode": {
"default": "ACTIVE_ACTIVE",
"description": "Specify high-availability mode for Tier-0. Default is ACTIVE_ACTIVE. When ha_mode is changed from ACTIVE_ACTIVE to ACTIVE_STANDBY, inter SR iBGP (in BGP) is disabled. Changing ha_mode from ACTIVE_STANDBY to ACTIVE_ACTIVE will enable inter SR iBGP (in BGP) and previously configured preferred edge nodes (in Tier0 locale-service) are removed.",
"enum": [
"ACTIVE_ACTIVE",
"ACTIVE_STANDBY"
],
"required": false,
"title": "High-availability Mode for Tier-0",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_transit_subnets": {
"description": "Specify subnets that are used to assign addresses to logical links connecting service routers and distributed routers. Only IPv4 addresses are supported. When not specified, subnet 169.254.0.0/24 is assigned by default in ACTIVE_ACTIVE HA mode or 169.254.0.0/28 in ACTIVE_STANDBY mode.",
"items": {
"format": "ip-cidr-block",
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "Internal transit subnets in CIDR format",
"type": "array"
},
"intersite_config": {
"$ref": "IntersiteGatewayConfig,
"description": "Inter site routing configuration when the gateway is streched.",
"required": false,
"title": "Inter site routing configuration"
},
"ipv6_profile_paths": {
"description": "IPv6 NDRA and DAD profiles configuration on Tier0. Either or both NDRA and/or DAD profiles can be configured.",
"items": {
"type": "string"
},
"maxItems": 2,
"minItems": 0,
"required": false,
"title": "IPv6 NDRA and DAD profiles configuration",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0"
],
"relationshipType": "IPV6_NDRA_PROFILE_RELATIONSHIP",
"rightType": [
"Ipv6NdraProfile"
]
},
{
"leftType": [
"Tier0"
],
"relationshipType": "IPV6_DAD_PROFILE_RELATIONSHIP",
"rightType": [
"Ipv6DadProfile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"multi_vrf_inter_sr_routing": {
"description": "Flag to enable/disable multi_vrf_inter_sr_routing. Warning: This is one time toggle flag and can't be disabled once enabled.",
"nsx_feature": "FedVrf",
"required": false,
"title": "multi vrf inter sr routing",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"rd_admin_field": {
"$ref": "IPAddress,
"description": "If you are using EVPN service, then route distinguisher administrator address should be defined if you need auto generation of route distinguisher on your VRF configuration.",
"required": false,
"title": "Route distinguisher administrator address"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"stateful_services": {
"$ref": "Tier0StatefulServicesConfig,
"description": "For ACTIVE-ACTIVE, this is used to enable/disable stateful services.",
"required": false,
"title": "Enable/disable stateful services"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"transit_subnets": {
"description": "Specify transit subnets that are used to assign addresses to logical links connecting tier-0 and tier-1s. Both IPv4 and IPv6 addresses are supported. When not specified, subnet 100.64.0.0/16 is configured by default. When modifying, for stateful active-active Tier-0 number of IPs should be at least attached Tier-1s count * 16 and for other type of Tier-0 number of IPs should be at least attached Tier-1s count * 2. Modification not allowed if there are child tier-0 VRFs and there are any Tier-1s connected to those VRFs. The value in VRF tier-0 is always inherited from the parent.",
"items": {
"format": "ip-cidr-block",
"type": "string"
},
"required": false,
"title": "Transit subnets in CIDR format",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"vrf_config": {
"$ref": "Tier0VrfConfig,
"description": "VRF config, required for VRF Tier0.",
"required": false,
"title": "VRF config"
},
"vrf_transit_subnets": {
"description": "Specify subnets that are used to assign addresses to logical links connecting default T0 and child VRFs. When not specified, subnet 169.254.2.0/23 is assigned by default.",
"items": {
"format": "ip-cidr-block",
"type": "string"
},
"maxItems": 1,
"required": false,
"title": "VRF transit subnets in CIDR format",
"type": "array"
}
},
"title": "Tier-0 configuration",
"type": "object"
}
Tier0AdvancedConfig (type)
{
"additionalProperties": false,
"description": "NSX specific configuration for tier-0",
"extends": {
"$ref": "ConnectivityAdvancedConfig
},
"id": "Tier0AdvancedConfig",
"module_id": "PolicyConnectivity",
"properties": {
"connectivity": {
"default": "ON",
"description": "Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity.",
"enum": [
"ON",
"OFF"
],
"required": false,
"title": "Connectivity configuration",
"type": "string"
},
"forwarding_up_timer": {
"default": 5,
"description": "Extra time in seconds the router must wait before sending the UP notification after the peer routing session is established. Default means forward immediately. VRF logical router will set it same as parent logical router.The functionality of this timer is to ensure that a given node when coming up does not claim as active until it has learned the northbound routes. This minimizes any impact on traffic. 5 seconds is a smarter default as it allows to learn a few thousand routes (which should cover a lot of customers). Customers that have larger scale of course today would have to set it to higher value. Exception for the this default setting is single node case, i.e; no redundancy (which is anyway not recommended,not sure if anyone deploys like that). For single node case, it should be set to 0.",
"maximum": 300,
"minimum": 0,
"required": false,
"title": "Forwarding up timer",
"type": "integer"
}
},
"title": "Advanced configuration for tier-0",
"type": "object"
}
Tier0DeploymentMap (type)
{
"additionalProperties": false,
"description": "Binding of Tier-0 to the enforcement point.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Tier0DeploymentMap",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enforcement_point": {
"description": "Path of enforcement point on which Tier-0 shall be deployed.",
"required": true,
"title": "Absolute Path of Enforcement Point",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Tier-0 Deployment Map",
"type": "object"
}
Tier0DeploymentMapListRequestParameters (type)
{
"additionalProperties": false,
"description": "Tier Deployment Map list request parameters.",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "Tier0DeploymentMapListRequestParameters",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Tier0 Deployment Map List Request Parameters",
"type": "object"
}
Tier0DeploymentMapListResult (type)
{
"additionalProperties": false,
"description": "Paged collection of Tier-0 Deployment Map.",
"extends": {
"$ref": "ListResult
},
"id": "Tier0DeploymentMapListResult",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "Tier-0 Deployment Maps.",
"items": {
"$ref": "Tier0DeploymentMap
},
"required": true,
"title": "Tier-0 Deployment Maps",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of Tier-0 Deployment Map",
"type": "object"
}
Tier0GatewayState (type)
{
"additionalProperties": false,
"id": "Tier0GatewayState",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"auto_rds": {
"$ref": "AutoRds,
"description": "Object that holds auto assigned route distingushers for this gateway.",
"title": "Auto assigned Route Distingushers"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned.",
"title": "Enforcement point path",
"type": "string"
},
"evpn_rd_per_edge_mappings": {
"$ref": "RdPerEdgeMapping,
"description": "Object that holds route distingushers for this gateway.",
"title": "Route Distingusher per edge node"
},
"ipv6_status": {
"description": "IPv6 DAD status for interfaces configured on Tier0",
"items": {
"$ref": "IPv6Status
},
"title": "IPv6 DAD status for Tier0 interfaces",
"type": "array"
},
"tier0_state": {
"$ref": "LogicalRouterState,
"description": "Detailed realized state information for Tier0",
"title": "Tier0 state"
},
"tier0_status": {
"$ref": "LogicalRouterStatus,
"description": "Detailed realized status information for Tier0",
"title": "Tier0 status"
},
"transport_zone": {
"$ref": "PolicyTransportZone,
"description": "Transport Zone information which got configured on Gateway.",
"title": "Transport Zone Information"
}
},
"title": "Tier0 gateway state",
"type": "object"
}
Tier0HaVipConfig (type)
{
"additionalProperties": false,
"id": "Tier0HaVipConfig",
"module_id": "PolicyConnectivity",
"properties": {
"enabled": {
"default": true,
"required": false,
"title": "Flag to enable this HA VIP config.",
"type": "boolean"
},
"external_interface_paths": {
"description": "Policy paths to Tier0 external interfaces which are to be paired to provide redundancy. Floating IP will be owned by one of these interfaces depending upon which edge node is Active.",
"items": {
"type": "string"
},
"minItems": 2,
"required": true,
"title": "Policy paths to Tier0 external interfaces for providing redundancy",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"LocaleServices"
],
"relationshipType": "PROVIDER_HA_VIP_INTERFACE_RELATIONSHIP",
"rightType": [
"Tier0Interface"
]
}
]
},
"vip_subnets": {
"description": "Array of IP address subnets which will be used as floating IP addresses.",
"items": {
"$ref": "InterfaceSubnet
},
"maxItems": 2,
"minItems": 1,
"required": true,
"title": "VIP floating IP address subnets",
"type": "array"
}
},
"title": "Tier0 HA VIP Config",
"type": "object"
}
Tier0Interface (type)
{
"additionalProperties": false,
"description": "Tier-0 interface configuration for external connectivity.",
"extends": {
"$ref": "BaseTier0Interface
},
"id": "Tier0Interface",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"access_vlan_id": {
"$ref": "VlanID,
"description": "Vlan id.",
"required": false,
"title": "Vlan id"
},
"admin_state": {
"description": "This flag is used to enable/disable admin state on tier-0 service port. If admin_state flag value is not specified then default is UP. When set to UP then traffic on service port will be enabled and service port is enabled from routing perspective. When set to DOWN then traffic on service port will be disabled and service port is down from routing perspective. This flag is experimental because it will be used in V2T BYOT migration. This flag should not be set to UP or DOWN if EVPN is configured, and tier-0 LR is in A/S mode. Also this flag can not be set to UP or DOWN for service interfaces which are configured on vrf-lite.",
"enum": [
"UP",
"DOWN"
],
"experimental": true,
"required": false,
"title": "Flag to enable/disable admin_state of tier-0 service port",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_relay_path": {
"description": "Policy path of dhcp-relay-config to be attached to this Interface.",
"required": false,
"title": "policy path of referenced dhcp-relay-config",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0Interface",
"Tier1Interface"
],
"relationshipType": "DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"edge_cluster_member_index": {
"deprecated": true,
"description": "Specify association of interface with edge cluster member. This property is deprecated, use edge_path instead. When both properties are specifed, only edge_path property is used.",
"minimum": 0,
"required": false,
"title": "Association of interface with edge cluster member",
"type": "int"
},
"edge_path": {
"description": "Policy path to edge node to handle external connectivity. Required when interface type is EXTERNAL. Edge path is required for service interface when tier0 is in ACTIVE_ACTIVE ha_mode. Edge path is required for VRF service interface when parent tier0 is in ACTIVE_ACTIVE ha_mode.",
"required": false,
"title": "Policy path to edge node",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"igmp_local_join_groups": {
"description": "IGMP local join groups configuration.",
"items": {
"$ref": "IPv4Address
},
"required": false,
"title": "IGMP local join groups configuration",
"type": "array"
},
"ipv6_profile_paths": {
"description": "Configuration IPv6 NDRA profile. Only one NDRA profile can be configured.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 0,
"required": false,
"title": "IPv6 NDRA profile configuration",
"type": "array"
},
"ls_id": {
"deprecated": true,
"description": "Specify logical switch to which tier-0 interface is connected for external access. This property is deprecated, use segment_path instead. Both properties cannot be used together.",
"required": false,
"title": "Logical switch id to attach tier-0 interface",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mtu": {
"description": "Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit.",
"minimum": 64,
"required": false,
"title": "MTU size",
"type": "int"
},
"multicast": {
"$ref": "Tier0InterfacePimConfig,
"description": "Multicast PIM configuration.",
"required": false,
"title": "Multicast PIM configuration"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"ospf": {
"$ref": "PolicyInterfaceOspfConfig,
"description": "OSPF configuration.",
"required": false,
"title": "OSPF configuration"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"proxy_arp_filters": {
"description": "Array of prefix lists used to specify filtering for ARP proxy. Prefixes in this array are used to configure ARP proxy entries on Tier-0 gateway (for uplinks).",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 0,
"required": false,
"title": "List of proxy Address Resolution Protocol Filters",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0Interface"
],
"relationshipType": "PROVIDER_INTERFACE_PREFIX_LIST_RELATIONSHIP",
"rightType": [
"PrefixList"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"segment_path": {
"description": "Specify Segment to which this interface is connected to. Either segment_path or ls_id property is required.",
"required": false,
"title": "Segment to attach tier-0 interface",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0Interface"
],
"relationshipType": "INTERFACE_SEGMENT_RELATIONSHIP",
"rightType": [
"Segment"
]
}
]
},
"subnets": {
"description": "Specify IP address and network prefix for interface.",
"items": {
"$ref": "InterfaceSubnet
},
"minItems": 1,
"required": true,
"title": "IP address and subnet specification for interface",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"type": {
"default": "EXTERNAL",
"description": "Interface type",
"enum": [
"EXTERNAL",
"SERVICE",
"LOOPBACK",
"INTERVRF"
],
"required": false,
"title": "Interface type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"urpf_mode": {
"default": "STRICT",
"enum": [
"NONE",
"STRICT"
],
"required": false,
"title": "Unicast Reverse Path Forwarding mode",
"type": "string"
}
},
"title": "Tier-0 interface configuration",
"type": "object"
}
Tier0InterfaceGroup (type)
{
"additionalProperties": false,
"description": "Tier0 Interface group for interface grouping.",
"extends": {
"$ref": "BaseInterfaceGroup
},
"id": "Tier0InterfaceGroup",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"members": {
"description": "List of interface reference. Interface must belong to same location.",
"items": {
"$ref": "GatewayInterfaceReference
},
"required": false,
"title": "Tier0/Tier1 interface memeber list",
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Tier0 Interface group",
"type": "object"
}
Tier0InterfaceGroupListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "Tier0InterfaceGroupListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Tier-0 Interface group list request parameters",
"type": "object"
}
Tier0InterfaceGroupListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Tier0InterfaceGroupListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Tier0InterfaceGroup
},
"required": true,
"title": "Tier-0 Interface group list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Tier-0 Interface groups",
"type": "object"
}
Tier0InterfaceListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "Tier0InterfaceListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Tier-0 Interface list request parameters",
"type": "object"
}
Tier0InterfaceListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Tier0InterfaceListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Tier0Interface
},
"required": true,
"title": "Tier-0 Interface list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Tier-0 Interfaces",
"type": "object"
}
Tier0InterfacePimConfig (type)
{
"additionalProperties": false,
"description": "Multicast PIM configuration.",
"id": "Tier0InterfacePimConfig",
"module_id": "PolicyConnectivity",
"properties": {
"enabled": {
"default": false,
"description": "enable/disable PIM configuration.",
"title": "enable/disable PIM configuration",
"type": "boolean"
},
"hello_interval": {
"default": 30,
"description": "PIM hello interval(seconds) at interface level.",
"maximum": 180,
"minimum": 1,
"required": false,
"title": "PIM hello interval at interface level",
"type": "int"
},
"hold_interval": {
"description": "PIM hold interval(seconds) at interface level.",
"maximum": 630,
"minimum": 1,
"required": false,
"title": "PIM hold interval at interface level",
"type": "int"
}
},
"title": "Multicast PIM configuration",
"type": "object"
}
Tier0ListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "Tier0ListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Tier-0 list request parameters",
"type": "object"
}
Tier0ListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Tier0ListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Tier0
},
"required": true,
"title": "Tier-0 list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Tier-0s",
"type": "object"
}
Tier0NumberOfRoutesRequestParameters (type)
{
"additionalProperties": false,
"id": "Tier0NumberOfRoutesRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"edge_path": {
"description": "Policy path of edge node. Edge node must be member of enforcement point.",
"required": true,
"title": "Policy path of edge node",
"type": "string"
},
"enforcement_point_path": {
"description": "Enforcement point path.",
"title": "String Path of the enforcement point",
"type": "string"
},
"include_child_vrf": {
"desciption": "Count all the child VRF routes along with the Tier0 routes.\n",
"required": false,
"title": "Count all the child VRF routes or not.",
"type": "boolean"
}
},
"title": "Tier0 Number Of Routes Request Parameters",
"type": "object"
}
Tier0NumberOfRoutesResult (type)
{
"id": "Tier0NumberOfRoutesResult",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"number_of_ipv4": {
"description": "Number of IPV4 Routes",
"title": "Number of IPV4 Routes",
"type": "integer"
},
"number_of_ipv6": {
"description": "Number of IPV6 Routes",
"title": "Number of IPV6 Routes",
"type": "integer"
}
},
"title": "Tier 0 Number Of Routes Request Result",
"type": "object"
}
Tier0RouteMap (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Tier0RouteMap",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"entries": {
"description": "Ordered list of route map entries.",
"items": {
"$ref": "RouteMapEntry
},
"maxItems": 1000,
"minItems": 1,
"required": true,
"title": "Ordered list of route map entries",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "RouteMap for redistributing routes to BGP and other routing protocols",
"type": "object"
}
Tier0RouteMapListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Tier0RouteMapListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Tier0RouteMap
},
"required": true,
"title": "Tier0RouteMap results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of RouteMaps",
"type": "object"
}
Tier0RouteRedistributionConfig (type)
{
"additionalProperties": false,
"id": "Tier0RouteRedistributionConfig",
"module_id": "PolicyConnectivity",
"properties": {
"bgp_enabled": {
"default": true,
"required": false,
"title": "Flag to enable route redistribution for BGP.",
"type": "boolean"
},
"ospf_enabled": {
"default": false,
"required": false,
"title": "Flag to enable route redistribution for OSPF.",
"type": "boolean"
},
"redistribution_rules": {
"default": [],
"description": "List of redistribution rules.",
"items": {
"$ref": "Tier0RouteRedistributionRule
},
"maxItems": 5,
"minItems": 0,
"required": false,
"type": "array"
}
},
"title": "Route Redistribution config",
"type": "object"
}
Tier0RouteRedistributionRule (type)
{
"additionalProperties": false,
"id": "Tier0RouteRedistributionRule",
"module_id": "PolicyConnectivity",
"properties": {
"destinations": {
"description": "Each rule can have more than one destinations. If destinations not specified for a given rule, default destionation will be BGP",
"items": {
"default": "BGP",
"enum": [
"BGP",
"OSPF"
],
"type": "string"
},
"required": false,
"title": "List of destination for a given redistribution rule",
"type": "array"
},
"name": {
"required": false,
"title": "Rule name",
"type": "string"
},
"route_map_path": {
"description": "Route map to be associated with the redistribution rule",
"required": false,
"type": "string"
},
"route_redistribution_types": {
"items": {
"$ref": "Tier0RouteRedistributionTypes
},
"required": true,
"title": "List of redistribution types",
"type": "array"
}
},
"title": "Single route redistribution rule",
"type": "object"
}
Tier0RouteRedistributionTypes (type)
{
"additionalProperties": false,
"description": "Tier-0 route redistribution types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and routes related to TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types. TIER1_STATIC: Redistribute all subnets and static routes advertised by Tier-1s. TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets on Tier-0. TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets on Tier-0. TIER0_SEGMENT: Redistribute subnets configured on Segments connected to Tier-0. TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0 TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets. TIER0_NAT: Redistribute NAT IPs owned by Tier-0. TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_CONNECTED: Redistribute all subnets configured on Segments and Service Interfaces. TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets. TIER1_SEGMENT: Redistribute subnets configured on Segments connected to Tier1. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. INTER_VRF_STATIC: Redistribute IPs advertised by TIER0/VRF instances Route redistribution destination is BGP.",
"enum": [
"TIER0_STATIC",
"TIER0_CONNECTED",
"TIER0_EXTERNAL_INTERFACE",
"TIER0_SEGMENT",
"TIER0_ROUTER_LINK",
"TIER0_SERVICE_INTERFACE",
"TIER0_LOOPBACK_INTERFACE",
"TIER0_DNS_FORWARDER_IP",
"TIER0_IPSEC_LOCAL_IP",
"TIER0_NAT",
"TIER0_EVPN_TEP_IP",
"TIER1_NAT",
"TIER1_STATIC",
"TIER1_LB_VIP",
"TIER1_LB_SNAT",
"TIER1_DNS_FORWARDER_IP",
"TIER1_CONNECTED",
"TIER1_SERVICE_INTERFACE",
"TIER1_SEGMENT",
"TIER1_IPSEC_LOCAL_ENDPOINT",
"INTER_VRF_STATIC"
],
"id": "Tier0RouteRedistributionTypes",
"module_id": "PolicyConnectivity",
"title": "Tier-0 route redistribution types",
"type": "string"
}
Tier0SecurityFeature (type)
{
"additionalProperties": false,
"extends": {
"$ref": "SecurityFeatureBase
},
"id": "Tier0SecurityFeature",
"module_id": "PolicyGatewaySecurityFeature",
"properties": {
"enable": {
"default": false,
"description": "true - activate the feature, false - deactivate the feture",
"required": true,
"title": "Flag to activate/deactivate",
"type": "boolean"
},
"feature": {
"$ref": "Tier0SecurityFeaturesSupported,
"required": true
}
},
"title": "T0 Security feature entity with feature details",
"type": "object"
}
Tier0SecurityFeatures (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Tier0SecurityFeatures",
"module_id": "PolicyGatewaySecurityFeature",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"features": {
"items": {
"$ref": "Tier0SecurityFeature
},
"required": true,
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "T0 Security features entity with feature details",
"type": "object"
}
Tier0SecurityFeaturesSupported (type)
{
"description": "Feature to be activated/deactivated. IDFW - Identity Firewall IDPS - Intrusion Detection System GFW_MULTICAST - Multicast on GFW Use any one of this to enable/disabe it.",
"enum": [
"IDFW",
"IDPS"
],
"id": "Tier0SecurityFeaturesSupported",
"module_id": "PolicyGatewaySecurityFeature",
"readonly": true,
"required": false,
"title": "Collection of T0 supported security features",
"type": "string"
}
Tier0StateRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "Tier0StateRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned.",
"title": "Enforcement point path",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"interface_path": {
"description": "String Path of interface on current Tier0 gateway for interface specified state such as IPv6 DAD state. When not specified, IPv6 NDRA state from from all interfaces is returned.",
"title": "Interface path for interface specific state such as IPv6 DAD state",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"description": "The data source can be either realtime or cached. If not provided, cached data is returned.",
"required": false,
"title": "Source of statistics data"
},
"type": {
"description": "Returns specific information based on the value specified. When not specified response include gateway state, status and DAD status from interfaces.",
"enum": [
"GATEWAY_STATE",
"GATEWAY_STATUS",
"IPV6_STATUS",
"RD_PER_EDGE_MAPPING"
],
"title": "Returns specific information based on the value specified.",
"type": "string"
}
},
"title": "State request parameters for Tier0 gateway",
"type": "object"
}
Tier0StatefulServicesConfig (type)
{
"additionalProperties": false,
"description": "Tier0 stateful services config to define stateful",
"id": "Tier0StatefulServicesConfig",
"module_id": "PolicyConnectivity",
"properties": {
"enabled": {
"default": false,
"description": "This is used to enable or disable ACTIVE-ACTIVE stateful services.",
"required": false,
"title": "Flag to enable ACTIVE-ACTIVE stateful services",
"type": "boolean"
},
"redirection_policy": {
"default": "IP_HASH",
"description": "Redirection policy to load balance traffic among nodes IP_HASH: Hash Source IP or destination ip to redirect packet for load sharing and stateful services. NONE: Disable redirection. It requires user to define static traffic group per edge node and expects external router to forward return packet back to the same edge node. SRC_DST_IP_HASH: Hash both source and desitnation ip to redirect packet for load sharing. This mode doesn't support NAT and presumes source and destination IP remains same in either direction.",
"enum": [
"IP_HASH",
"NONE",
"SRC_DST_IP_HASH"
],
"required": false,
"title": "Redirection policy configuration",
"type": "string"
}
},
"title": "Tier0 stateful services config",
"type": "object"
}
Tier0VrfConfig (type)
{
"additionalProperties": false,
"description": "Tier-0 vrf configuration.",
"id": "Tier0VrfConfig",
"module_id": "PolicyConnectivity",
"properties": {
"evpn_l2_vni_config": {
"$ref": "VrfEvpnL2VniConfig,
"description": "It is required for VRF to participate in the EVPN service in ROUTE_SERVER mode.",
"required": false,
"title": "VRF configurations required for EVPN service in ROUTE_SERVER mode."
},
"evpn_transit_vni": {
"description": "L3 VNI associated with the VRF for overlay traffic of ethernet virtual private network (EVPN). It must be unique and available from the VNI pool defined for EVPN service. It is required for VRF to participate in the EVPN service in INLINE mode.",
"required": false,
"title": "L3 VNI associated with the VRF for overlay traffic",
"type": "int"
},
"rd_per_edge_pool": {
"customValidation": {
"RD_PER_EDGE_POOL_FOUR_BYTE_NUMBER": {
"code": 3,
"maximum": "4294967295L",
"minimum": 0,
"validator": "range"
},
"RD_PER_EDGE_POOL_SIZE": {
"code": 1,
"maxItems": 64,
"maximum": 64,
"minimum": 8,
"validator": "range"
},
"RD_PER_EDGE_POOL_TWO_BYTE_NUMBER": {
"code": 2,
"maximum": 65535,
"minimum": 0,
"validator": "range"
},
"key": "code",
"keyType": "int",
"namespace": "RdPerEdgePoolValidation"
},
"description": "route distinguisher pool for edge nodes.",
"items": {
"type": "string"
},
"nsx_feature": "RdPerSr",
"required": false,
"title": "route distinguisher pool for edge nodes",
"type": "array"
},
"route_distinguisher": {
"description": "Route distinguisher with format in IPAddress:<number> or ASN:<number>.",
"required": false,
"title": "Route distinguisher",
"type": "string"
},
"route_targets": {
"description": "Route targets.",
"items": {
"$ref": "VrfRouteTargets
},
"maxItems": 1,
"minItems": 1,
"required": false,
"title": "Route targets",
"type": "array"
},
"tier0_path": {
"description": "Default tier0 path. Cannot be modified after realization.",
"required": true,
"title": "Tier0 path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0"
],
"relationshipType": "VRF_CONFIG_TIER0_PATH_RELATIONSHIP",
"rightType": []
}
]
}
},
"title": "Tier-0 vrf configuration",
"type": "object"
}
Tier1 (type)
{
"additionalProperties": false,
"description": "Tier-1 instance configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Tier1",
"module_id": "PolicyConnectivity",
"policy_hierarchical_children": [
"ChildLocaleServices",
"ChildPolicyDnsForwarder",
"ChildSegment",
"ChildStaticRoutes"
],
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"arp_limit": {
"description": "Maximum number of ARP entries per transport node.",
"maximum": 50000,
"minimum": 5000,
"required": false,
"title": "ARP limit per transport node",
"type": "int"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"default_rule_logging": {
"default": false,
"deprecated": true,
"description": "Indicates if logging should be enabled for the default whitelisting rule. This field is deprecated and recommended to change Rule logging field. Note that this field is not synchronized with default logging field.",
"required": false,
"title": "Enable logging for whitelisted rule",
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_config_paths": {
"description": "DHCP configuration for Segments connected to Tier-1. DHCP service is enabled in relay mode.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 0,
"required": false,
"title": "DHCP configuration for Segments connected to Tier-1",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier1"
],
"relationshipType": "DHCP_SERVER_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpServerConfig"
]
},
{
"leftType": [
"Tier1"
],
"relationshipType": "DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"disable_firewall": {
"default": false,
"description": "Disable or enable gateway fiewall.",
"required": false,
"title": "Disable gateway firewall",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enable_standby_relocation": {
"default": false,
"description": "Flag to enable standby service router relocation. Standby relocation is not enabled until edge cluster is configured for Tier1.",
"required": false,
"title": "Flag to enable standby service router relocation.",
"type": "boolean"
},
"failover_mode": {
"default": "NON_PREEMPTIVE",
"description": "Determines the behavior when a Tier-1 instance restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. Only applicable when edge cluster is configured in Tier1 locale-service.",
"enum": [
"PREEMPTIVE",
"NON_PREEMPTIVE"
],
"required": false,
"title": "Failover mode",
"type": "string"
},
"federation_config": {
"$ref": "FederationGatewayConfig,
"description": "Additional config for federation.",
"readonly": true,
"title": "Federation releated config"
},
"force_whitelisting": {
"default": false,
"deprecated": true,
"description": "This field is deprecated and recommended to change Rule action field. Note that this field is not synchornied with default rule field.",
"required": false,
"title": "Flag to add whitelisting FW rule during realization",
"type": "boolean"
},
"ha_mode": {
"description": "Specify high-availability mode for Tier-1.If Tier-1 is service router, HaMode will be set as ACTIVE_STANDBY. If Tier-1 is distributed router, HaMode will be set as null.",
"enum": [
"ACTIVE_STANDBY",
"ACTIVE_ACTIVE"
],
"required": false,
"title": "High-availability Mode for Tier-1",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"intersite_config": {
"$ref": "IntersiteGatewayConfig,
"description": "Inter site routing configuration when the gateway is streched.",
"required": false,
"title": "Inter site routing configuration"
},
"ipv6_profile_paths": {
"description": "Configuration IPv6 NDRA and DAD profiles. Either or both NDRA and/or DAD profiles can be configured.",
"items": {
"type": "string"
},
"maxItems": 2,
"minItems": 0,
"required": false,
"title": "IPv6 NDRA and DAD profiles configuration",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier1"
],
"relationshipType": "IPV6_NDRA_PROFILE_RELATIONSHIP",
"rightType": [
"Ipv6NdraProfile"
]
},
{
"leftType": [
"Tier1"
],
"relationshipType": "IPV6_DAD_PROFILE_RELATIONSHIP",
"rightType": [
"Ipv6DadProfile"
]
}
]
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pool_allocation": {
"default": "ROUTING",
"description": "Supports edge node allocation at different sizes for routing and load balancer service to meet performance and scalability requirements. ROUTING: Allocate edge node to provide routing services. LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE: Specify size of load balancer service that will be configured on TIER1 gateway.",
"enum": [
"ROUTING",
"LB_SMALL",
"LB_MEDIUM",
"LB_LARGE",
"LB_XLARGE"
],
"required": false,
"title": "Edge node allocation size",
"type": "string"
},
"qos_profile": {
"$ref": "GatewayQosProfileConfig,
"description": "QoS Profile configuration for Tier1 router link connected to Tier0 gateway.",
"required": false,
"title": "Gateway QoS Profile configuration"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"route_advertisement_rules": {
"items": {
"$ref": "RouteAdvertisementRule
},
"required": false,
"title": "Route advertisement rules and filtering",
"type": "array"
},
"route_advertisement_types": {
"description": "Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised.",
"items": {
"$ref": "Tier1RouteAdvertisentTypes
},
"required": false,
"title": "Enable different types of route advertisements",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tier0_path": {
"description": "The reference to the Tier-0 instance using the policy path of the Tier-0 or label of type Provider. Specify the Tier-1 connectivity to Tier-0 instance. .",
"required": false,
"title": "Tier-1 connectivity to Tier-0",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier1"
],
"relationshipType": "PROVIDER_NETWORK_RELATIONSHIP",
"rightType": [
"Tier0"
]
},
{
"leftType": [
"Tier1"
],
"relationshipType": "NETWORK_PROVIDER_LABEL_RELATIONSHIP",
"rightType": [
"Label"
]
}
]
},
"type": {
"description": "Tier1 connectivity type for reference. Property value is not validated with Tier1 configuration. ROUTED: Tier1 is connected to Tier0 gateway and routing is enabled. ISOLATED: Tier1 is not connected to any Tier0 gateway. NATTED: Tier1 is in ROUTED type with NAT configured locally.",
"enum": [
"ROUTED",
"ISOLATED",
"NATTED"
],
"required": false,
"title": "Tier1 type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Tier-1",
"type": "object"
}
Tier1DeploymentMap (type)
{
"additionalProperties": false,
"description": "Binding of Tier-1 to the enforcement point.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Tier1DeploymentMap",
"module_id": "PolicyEnforcementPointManagement",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enforcement_point": {
"description": "Path of enforcement point on which Tier-1 shall be deployed.",
"required": true,
"title": "Absolute path of Enforcement Point",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Tier-1 Deployment Map",
"type": "object"
}
Tier1GatewayState (type)
{
"additionalProperties": false,
"id": "Tier1GatewayState",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned.",
"title": "Enforcement point path",
"type": "string"
},
"ipv6_status": {
"description": "IPv6 DAD status for interfaces configured on Tier1",
"items": {
"$ref": "IPv6Status
},
"title": "IPv6 DAD status for Tier1 interfaces",
"type": "array"
},
"tier1_state": {
"$ref": "LogicalRouterState,
"description": "Detailed realized state information for Tier1",
"title": "Tier1 state"
},
"tier1_status": {
"$ref": "LogicalRouterStatus,
"description": "Detailed realized status information for Tier1",
"title": "Tier1 status"
},
"transport_zone": {
"$ref": "PolicyTransportZone,
"description": "Transport Zone information which got configured on Gateway.",
"title": "Transport Zone Information"
}
},
"title": "Tier1 gateway state",
"type": "object"
}
Tier1Interface (type)
{
"additionalProperties": false,
"description": "Tier-1 interface configuration for attaching services.",
"extends": {
"$ref": "BaseTier0Interface
},
"id": "Tier1Interface",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"admin_state": {
"description": "This flag is used to enable/disable admin state on tier-1 service port. If admin_state flag value is not specified then default is UP. When set to UP then traffic on service port will be enabled and service port is enabled from routing perspective. When set to DOWN then traffic on service port will be disabled and service port is down from routing perspective. This flag is experimental because it will be used in V2T BYOT migration.",
"enum": [
"UP",
"DOWN"
],
"experimental": true,
"required": false,
"title": "Flag to enable/disable admin_state of tier-1 service port",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_relay_path": {
"description": "Policy path of dhcp-relay-config to be attached to this Interface.",
"required": false,
"title": "policy path of referenced dhcp-relay-config",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier0Interface",
"Tier1Interface"
],
"relationshipType": "DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ipv6_profile_paths": {
"description": "Configrue IPv6 NDRA profile. Only one NDRA profile can be configured.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 0,
"required": false,
"title": "IPv6 NDRA profile configuration",
"type": "array"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mtu": {
"description": "Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit.",
"minimum": 64,
"required": false,
"title": "MTU size",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"segment_path": {
"description": "Policy path of Segment to which interface is connected to.",
"required": true,
"title": "Policy path of Segment to attach interface",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Tier1Interface"
],
"relationshipType": "INTERFACE_SEGMENT_RELATIONSHIP",
"rightType": [
"Segment"
]
}
]
},
"subnets": {
"description": "Specify IP address and network prefix for interface.",
"items": {
"$ref": "InterfaceSubnet
},
"minItems": 1,
"required": true,
"title": "IP address and subnet specification for interface",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"urpf_mode": {
"default": "STRICT",
"enum": [
"NONE",
"STRICT"
],
"required": false,
"title": "Unicast Reverse Path Forwarding mode",
"type": "string"
}
},
"title": "Tier-1 interface configuration",
"type": "object"
}
Tier1InterfaceGroup (type)
{
"additionalProperties": false,
"description": "Tier1 Interface group for interface grouping.",
"extends": {
"$ref": "BaseInterfaceGroup
},
"id": "Tier1InterfaceGroup",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"members": {
"description": "List of interface reference. Interface must belong to same location.",
"items": {
"$ref": "GatewayInterfaceReference
},
"required": false,
"title": "Tier0/Tier1 interface memeber list",
"type": "array"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"type": {
"default": "SERVICE",
"description": "Interface group type. It is readonly. Always type SERVICE.",
"enum": [
"SERVICE"
],
"readonly": true,
"required": false,
"title": "Interface group type",
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Tier1 Interface group",
"type": "object"
}
Tier1InterfaceGroupListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "Tier1InterfaceGroupListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Tier-1 Interface group list request parameters",
"type": "object"
}
Tier1InterfaceGroupListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Tier1InterfaceGroupListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Tier1InterfaceGroup
},
"required": true,
"title": "Tier-1 Interface group list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Tier-1 Interface groups",
"type": "object"
}
Tier1InterfaceListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Tier1InterfaceListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Tier1Interface
},
"required": true,
"title": "Tier-1 Interface list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Tier-1 Interfaces",
"type": "object"
}
Tier1ListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "Tier1ListRequestParameters",
"module_id": "PolicyConnectivity",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Tier-1 list request parameters",
"type": "object"
}
Tier1ListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "Tier1ListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "Tier1
},
"required": true,
"title": "Tier-1 list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged collection of Tier-1 instances",
"type": "object"
}
Tier1RouteAdvertisentTypes (type)
{
"additionalProperties": false,
"description": "Control routes advertised by Tier-1 instance. TIER1_STATIC_ROUTES: Advertise all STATIC routes. TIER1_CONNECTED: Advertise all subnets configured on connected Interfaces and Segments. TIER1_NAT: Advertise all NAT IP addresses. TIER1_LB_VIP: Advertise all Load-balancer VIPs. TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses. TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets.",
"enum": [
"TIER1_STATIC_ROUTES",
"TIER1_CONNECTED",
"TIER1_NAT",
"TIER1_LB_VIP",
"TIER1_LB_SNAT",
"TIER1_DNS_FORWARDER_IP",
"TIER1_IPSEC_LOCAL_ENDPOINT"
],
"id": "Tier1RouteAdvertisentTypes",
"module_id": "PolicyConnectivity",
"type": "string"
}
Tier1StateRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "Tier1StateRequestParameters",
"module_id": "PolicyConnectivityStatistics",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "String Path of the enforcement point. When not specified, routes from all enforcement-points are returned.",
"title": "Enforcement point path",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"interface_path": {
"description": "String Path of interface on current Tier1 gateway for interface specified state such as IPv6 DAD state. When not specified, IPv6 NDRA state from from all interfaces is returned.",
"title": "Interface path for interface specific state such as IPv6 DAD state",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"source": {
"$ref": "DataSourceType,
"description": "The data source can be either realtime or cached. If not provided, cached data is returned.",
"required": false,
"title": "Source of statistics data"
},
"type": {
"description": "Returns specific information based on the value specified. When not specified response include gateway state, status and DAD status from interfaces.",
"enum": [
"GATEWAY_STATE",
"GATEWAY_STATUS",
"IPV6_STATUS"
],
"title": "Returns specific information based on the value specified.",
"type": "string"
}
},
"title": "State request parameters for Tier1 gateway",
"type": "object"
}
TimeRangeDropdownFilterWidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Represents configuration for dropdown filter widget for Time Range.",
"extends": {
"$ref": "DropdownFilterWidgetConfiguration
},
"id": "TimeRangeDropdownFilterWidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"type-identifier": "TimeRangeDropdownFilterWidgetConfiguration"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"alias": {
"description": "Alias to be used when emitting filter value.",
"title": "Alias to be used when emitting filter value",
"type": "string"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"default_value": {
"description": "Expression to specify default value of filter.",
"title": "Expression to specify default value",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"dropdown_filter_plot_config": {
"$ref": "DropdownFilterPlotConfiguration,
"description": "Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only.",
"required": false,
"title": "Dropdown filter plotting configuration"
},
"dropdown_item": {
"$ref": "DropdownItem,
"description": "Defines the item of a dropdown.",
"required": false,
"title": "Definition for item of a dropdown"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"placeholder_msg": {
"description": "Placeholder message to be displayed in dropdown filter.",
"title": "Placeholder message to be shown in filter",
"type": "string"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"static_filter_condition": {
"description": "If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally.",
"title": "Expression for evaluating condition",
"type": "string"
},
"static_filters": {
"description": "Additional static items to be added in dropdown filter. Example can be 'ALL'.",
"items": {
"$ref": "StaticFilter
},
"title": "Additional static items to be added in dropdown filter",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"time_range_filter_info": {
"$ref": "TimeRangeFilterInfo,
"description": "Defines the time range filter configuration.",
"required": false,
"title": "Definition for time range filter."
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Time Range Dropdown Filter widget Configuration",
"type": "object"
}
TimeRangeFilterInfo (type)
{
"additionalProperties": false,
"id": "TimeRangeFilterInfo",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"from_param_name": {
"default": "fromDate",
"description": "from parameter name used for time range filter from date value.",
"maxLength": 1024,
"required": false,
"title": "from parameter name for time range filter.",
"type": "string"
},
"to_param_name": {
"default": "toDate",
"description": "to parameter name used for time range filter to date value.",
"maxLength": 1024,
"required": false,
"title": "to parameter name for time range filter",
"type": "string"
},
"value_type": {
"default": "EPOCH",
"description": "type of time range filter value can be epoch, ISO date Format.",
"enum": [
"EPOCH"
],
"required": false,
"title": "type of time range filter value",
"type": "string"
}
},
"title": "time range filter information",
"type": "object"
}
TlsCertificate (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "TlsCertificate",
"module_id": "PolicyCertificate",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "Category of certificate. This certificate is used to connect to services only.",
"enum": [
"SERVICE_CERTIFICATE"
],
"readonly": true,
"required": false,
"title": "Category",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"details": {
"description": "list of X509Certificates.",
"items": {
"$ref": "X509Certificate
},
"readonly": true,
"required": false,
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"has_private_key": {
"default": false,
"description": "whether we have the private key for this certificate.",
"readonly": true,
"required": true,
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pem_encoded": {
"description": "pem encoded certificate data.",
"readonly": false,
"required": true,
"type": "string"
},
"purpose": {
"description": "Purpose of this certificate. Can be empty or set to \"signing-ca\".",
"enum": [
"signing-ca"
],
"readonly": true,
"required": false,
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tls_certificate_type": {
"description": "Classification of the TlsCertificate helps differentiate how a TlsCertificate could be used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.",
"enum": [
"CERTIFICATE_CA",
"CERTIFICATE_SIGNED",
"CERTIFICATE_SELF_SIGNED"
],
"readonly": true,
"type": "string"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
TlsCertificateList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "TlsCertificateList",
"module_id": "PolicyCertificate",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "TlsCertificate list.",
"items": {
"$ref": "TlsCertificate
},
"readonly": true,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Certificate queries result",
"type": "object"
}
TlsCiphers (type)
{
"additionalProperties": false,
"enum": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA"
],
"id": "TlsCiphers",
"module_id": "PolicyTlsActionProfile",
"title": "TLS balanced cipher",
"type": "string"
}
TlsConfigSettings (type)
{
"additionalProperties": false,
"description": "Pre-defined config settings. Settings could be one of Balanced, High Fidelity, High Security, Custom",
"enum": [
"BALANCED",
"HIGH_FIDELITY",
"HIGH_SECURITY",
"CUSTOM"
],
"help_summary": "- High Fidelity setting reduces the likelihood of TLS Proxy breaking an otherwise successful connection.\n Specifically, TLS Proxy preserves original client and server preferences (TLS version, ciphers, etc.) in the\n TLS handshake as much as possible.\n - Client side - support TLS versions and Ciphers\n - Server side - no restrictions\n- High Security setting enforces a stricter security posture such as enabling only the most secure\n TLS versions and ciphers.\n - Support TLS Versions and Ciphers\n- Balanced setting strikes a balance between security, performance and compatibility.\n - Support TLS Versions and Ciphers\n- Custom allows user to pick the settings to meet their requirements.\nThese pre-settings per release will be preserved for existing profiles even if changed in future releases.\n",
"id": "TlsConfigSettings",
"module_id": "PolicyTlsActionProfile",
"required": true,
"title": "TLS config settings",
"type": "string"
}
TlsCrl (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "TlsCrl",
"module_id": "PolicyCertificate",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"crl_type": {
"default": "X509",
"description": "The type of the CRL. It can be \"OneCRL\" or \"X509\" (default).",
"enum": [
"OneCRL",
"X509"
],
"required": false,
"title": "Type of CRL",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"details": {
"$ref": "X509Crl,
"description": "Details of the X509Crl object.",
"readonly": true,
"required": false,
"title": "Details of the X509Crl object"
},
"details_revoked_by_issuer_and_serial_number": {
"items": {
"$ref": "IssuerSerialNumber
},
"readonly": true,
"required": false,
"title": "Certificates revoked by issuer and serial number",
"type": "array"
},
"details_revoked_by_subject_and_public_key_hash": {
"items": {
"$ref": "SubjectPublicKeyHash
},
"readonly": true,
"required": false,
"title": "Certificates revoked by subject and public key hash",
"type": "array"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"one_crl": {
"readonly": false,
"required": false,
"title": "JSON-encoded OneCRL-like object",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pem_encoded": {
"description": "Pem encoded crl data.",
"required": false,
"title": "Pem encoded crl data",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
TlsCrlListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "TlsCrlListResult",
"module_id": "PolicyCertificate",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "TlsCrl
},
"required": true,
"title": "TlsCrl list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of TlsCrl",
"type": "object"
}
TlsCsr (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "TlsCsr",
"module_id": "PolicyCertificate",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"algorithm": {
"default": "RSA",
"description": "Cryptographic algorithm (asymmetric) used by the public key for data encryption.",
"enum": [
"RSA",
"EC"
],
"readonly": false,
"required": false,
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"extensions": {
"$ref": "CsrExtensions,
"description": "X509 v3 extensions to be added to a CSR.",
"readonly": true,
"required": false,
"title": "X509 extensions to add"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_ca": {
"default": false,
"description": "Whether the CSR is for a CA certificate.",
"required": false,
"type": "boolean"
},
"key_size": {
"default": 4096,
"description": "Size measured in bits of the public key used in a cryptographic algorithm.",
"readonly": false,
"required": false,
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pem_encoded": {
"description": "PEM encoded certificate data.",
"readonly": true,
"required": false,
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"subject": {
"$ref": "Principal,
"description": "The certificate owner's information. (CN, O, OU, C, ST, L)",
"readonly": false,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
TlsCsrListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "TlsCsrListResult",
"module_id": "PolicyCertificate",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "TlsCsr
},
"required": true,
"title": "TlsCsr list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of TlsCsr",
"type": "object"
}
TlsCsrWithDaysValid (type)
{
"additionalProperties": false,
"extends": {
"$ref": "TlsCsr
},
"id": "TlsCsrWithDaysValid",
"module_id": "PolicyCertificate",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"algorithm": {
"default": "RSA",
"description": "Cryptographic algorithm (asymmetric) used by the public key for data encryption.",
"enum": [
"RSA",
"EC"
],
"readonly": false,
"required": false,
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"days_valid": {
"default": 825,
"title": "Number of days the certificate will be valid, default 825 days",
"type": "integer"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"extensions": {
"$ref": "CsrExtensions,
"description": "X509 v3 extensions to be added to a CSR.",
"readonly": true,
"required": false,
"title": "X509 extensions to add"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_ca": {
"default": false,
"description": "Whether the CSR is for a CA certificate.",
"required": false,
"type": "boolean"
},
"key_size": {
"default": 4096,
"description": "Size measured in bits of the public key used in a cryptographic algorithm.",
"readonly": false,
"required": false,
"type": "integer"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pem_encoded": {
"description": "PEM encoded certificate data.",
"readonly": true,
"required": false,
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"subject": {
"$ref": "Principal,
"description": "The certificate owner's information. (CN, O, OU, C, ST, L)",
"readonly": false,
"required": true
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "CSR data with days valid",
"type": "object"
}
TlsInspectionExternalProfile (type)
{
"additionalProperties": false,
"description": "External inspection profile is used when the TLS connection is destined to a service not owned by the enterprise.",
"extends": {
"$ref": "TlsProfile
},
"id": "TlsInspectionExternalProfile",
"module_id": "PolicyTlsActionProfile",
"polymorphic-type-descriptor": {
"type-identifier": "TlsInspectionExternalProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"attention": {
"description": "Used to indicate an TLS version or Cipher version pre-defined settings mis-match.",
"readonly": true,
"required": false,
"title": "TLS Pre-defined settings mis-match",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"client_cipher_suite": {
"default": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"description": "Client's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.",
"items": {
"$ref": "TlsCiphers
},
"maxItems": 128,
"required": false,
"title": "List of cipher suites client supports",
"type": "array"
},
"client_max_tls_version": {
"$ref": "TlsProtocol,
"default": "TLS_V1_2",
"description": "Client's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported TLS versions are TLS1.1 and TLS1.2.",
"required": false,
"title": "Maximum TLS version client supports"
},
"client_min_tls_version": {
"$ref": "TlsProtocol,
"default": "TLS_V1_1",
"description": "Client's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported TLS versions are TLS1.1 and TLS1.2.",
"required": false,
"title": "Minimum TLS version client supports"
},
"crls": {
"default": [
"/infra/crls/default_public_crl"
],
"description": "Bypass profile - CRL is required if the \"invalid_certificate\" action is allow. External profile - CRL is always required. Internal profile - CRL is required if \"certificate_validation\" is turned on.",
"items": {
"type": "string"
},
"maxItems": 100,
"required": false,
"title": "Certificate Revocation List Ids",
"type": "array"
},
"crypto_enforcement": {
"$ref": "CryptoEnforcement,
"default": "ENFORCE",
"required": false
},
"decryption_fail_action": {
"$ref": "DecryptionFailAction,
"default": "BYPASS",
"required": false
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idle_connection_timeout": {
"default": 5400,
"description": "Timeout the connection when kept idle. Default is 90 minutes.",
"maximum": 4320000,
"minimum": 1,
"required": false,
"title": "Idle connection timeout in seconds",
"type": "int"
},
"invalid_cert_action": {
"$ref": "InvalidCertificateAction,
"default": "ALLOW",
"required": false
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"ocsp_must_staple": {
"default": false,
"description": "true - activate the ocsp must staple, false - deactivate it.",
"required": false,
"title": "Flag to activate/deactivate ocsp must staple",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"proxy_trusted_ca_cert": {
"description": "Proxy trusted ca cert and key used to issue valid ca certificate. This is the subordinate CA cert (referred to as Proxy CA) by the Enterprise Issuing CA.",
"required": true,
"title": "Proxy trusted ca cert and key",
"type": "string"
},
"proxy_untrusted_ca_cert": {
"description": "Proxy untrusted ca cert and key used to issue invalid ca certificate",
"required": true,
"title": "Proxy untrusted ca cert and key",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Resource type to use as profile type",
"enum": [
"TlsInspectionBypassProfile",
"TlsInspectionExternalProfile",
"TlsInspectionInternalProfile"
],
"help_summary": "Possible values are\n'TlsInspectionExternalProfile',\n'TlsInspectionInternalProfile'\n",
"required": true,
"title": "Resource type to use as profile type.",
"type": "string"
},
"server_cipher_suite": {
"default": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"description": "Server's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.",
"items": {
"$ref": "TlsCiphers
},
"maxItems": 128,
"required": false,
"title": "List of cipher suites server support",
"type": "array"
},
"server_max_tls_version": {
"$ref": "TlsProtocol,
"default": "TLS_V1_2",
"description": "Server's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.",
"required": false,
"title": "Maximum TLS version server supports"
},
"server_min_tls_version": {
"$ref": "TlsProtocol,
"default": "TLS_V1_1",
"description": "Server's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.",
"required": false,
"title": "Minimum TLS version server supports"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tls_config_setting": {
"$ref": "TlsConfigSettings,
"default": "BALANCED",
"required": false
},
"trusted_ca_bundles": {
"default": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"description": "Bypass profile - CA bundle is required if the \"invalid_certificate\" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if \"certificate_validation\" is turned on.",
"items": {
"type": "string"
},
"maxItems": 100,
"required": false,
"title": "List of CA bundle Ids",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "TLS inspection external profile",
"type": "object"
}
TlsInspectionInternalProfile (type)
{
"additionalProperties": false,
"description": "Internal inspection Profile is used when the TLS connection is destined to a service not owned by the enterprise.",
"extends": {
"$ref": "TlsProfile
},
"id": "TlsInspectionInternalProfile",
"module_id": "PolicyTlsActionProfile",
"polymorphic-type-descriptor": {
"type-identifier": "TlsInspectionInternalProfile"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"attention": {
"description": "Used to indicate an TLS version or Cipher version pre-defined settings mis-match.",
"readonly": true,
"required": false,
"title": "TLS Pre-defined settings mis-match",
"type": "string"
},
"certificate_validation": {
"default": false,
"description": "true - activate the certificate validation; false - deactivate it.",
"required": false,
"title": "Flag to activate/deactivate certificate validation",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"client_cipher_suite": {
"default": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"description": "Client's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.",
"items": {
"$ref": "TlsCiphers
},
"maxItems": 128,
"required": false,
"title": "List of cipher suites client supports",
"type": "array"
},
"client_max_tls_version": {
"$ref": "TlsProtocol,
"default": "TLS_V1_2",
"description": "Client's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.",
"required": false,
"title": "Maximum TLS version client supports"
},
"client_min_tls_version": {
"$ref": "TlsProtocol,
"default": "TLS_V1_1",
"description": "Client's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.",
"required": false,
"title": "Minimum TLS version client supports"
},
"crls": {
"default": [
"/infra/crls/default_public_crl"
],
"description": "Bypass profile - CRL is required if the \"invalid_certificate\" action is allow. External profile - CRL is always required. Internal profile - CRL is required if \"certificate_validation\" is turned on.",
"items": {
"type": "string"
},
"maxItems": 100,
"required": false,
"title": "Certificate Revocation List Ids",
"type": "array"
},
"crypto_enforcement": {
"$ref": "CryptoEnforcement,
"default": "ENFORCE",
"required": false
},
"decryption_fail_action": {
"$ref": "DecryptionFailAction,
"default": "BYPASS",
"required": false
},
"default_cert_key": {
"description": "Default server certificate presented to the user.",
"required": false,
"title": "One of the actual server certificate presented to the client",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idle_connection_timeout": {
"default": 5400,
"description": "Timeout the connection when kept idle. Default is 90 minutes.",
"maximum": 4320000,
"minimum": 1,
"required": false,
"title": "Idle connection timeout in seconds",
"type": "int"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"ocsp_must_staple": {
"default": false,
"description": "true - activate the ocsp must staple, false - deactivate it.",
"required": false,
"title": "Flag to activate/deactivate ocsp must staple",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Resource type to use as profile type",
"enum": [
"TlsInspectionBypassProfile",
"TlsInspectionExternalProfile",
"TlsInspectionInternalProfile"
],
"help_summary": "Possible values are\n'TlsInspectionExternalProfile',\n'TlsInspectionInternalProfile'\n",
"required": true,
"title": "Resource type to use as profile type.",
"type": "string"
},
"server_certs_key": {
"description": "Server certificate presented to the client.",
"items": {
"type": "string"
},
"maxItems": 100,
"required": true,
"title": "Actual server certificate key",
"type": "array"
},
"server_cipher_suite": {
"default": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"description": "Server's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.",
"items": {
"$ref": "TlsCiphers
},
"maxItems": 128,
"required": false,
"title": "List of cipher suites server support",
"type": "array"
},
"server_max_tls_version": {
"$ref": "TlsProtocol,
"default": "TLS_V1_2",
"description": "Server's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.0, TLS1.1 and TLS1.2",
"required": false,
"title": "Maximum TLS version server supports"
},
"server_min_tls_version": {
"$ref": "TlsProtocol,
"default": "TLS_V1_1",
"description": "Server's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. supported versions are TLS1.1 and TLS1.2.",
"required": false,
"title": "Minimum TLS version server supports"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tls_config_setting": {
"$ref": "TlsConfigSettings,
"default": "BALANCED",
"required": false
},
"trusted_ca_bundles": {
"default": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"description": "Bypass profile - CA bundle is required if the \"invalid_certificate\" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if \"certificate_validation\" is turned on.",
"items": {
"type": "string"
},
"maxItems": 100,
"required": false,
"title": "List of CA bundle Ids",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "TLS inspection internal profile",
"type": "object"
}
TlsListenerCertificate (type)
{
"additionalProperties": false,
"description": "Returns the certificate and thumbprint of a remote TLS listener, if the listener is running and accepting requests. If the certificate cannot be retrieved, the result property describes the problem.",
"id": "TlsListenerCertificate",
"module_id": "PolicySiteGM",
"properties": {
"certificate": {
"$ref": "X509Certificate,
"description": "The certificate of the TLS listener.",
"readonly": true,
"title": "The certificate of the TLS listener"
},
"result": {
"description": "Result of get certificate operation.",
"enum": [
"SUCCESS",
"CONNECTION_TIMEOUT",
"NO_ROUTE_TO_HOST",
"CONNECTION_REFUSED"
],
"title": "Result of get certificate operation",
"type": "string"
},
"thumbprint": {
"description": "The SHA-256 thumbprint of the TLS listener.",
"readonly": true,
"title": "The SHA-256 thumbprint of the TLS listener",
"type": "string"
}
},
"title": "Remote TLS Listener Certificate",
"type": "object"
}
TlsListenerEndpointAddressRequestParameters (type)
{
"additionalProperties": false,
"description": "The hostname or IP, and TCP port number of the listener to connect to.",
"id": "TlsListenerEndpointAddressRequestParameters",
"module_id": "PolicySiteGM",
"properties": {
"address": {
"description": "Host name or IP address of TLS listener.",
"format": "hostname-or-ip",
"required": true,
"title": "Host name or IP address of TLS listener",
"type": "string"
},
"port": {
"description": "TCP port number of the TLS listener",
"maximum": 65535,
"minimum": 0,
"required": true,
"title": "TCP port number of the TLS listener",
"type": "int"
}
},
"title": "TLS Listener Endpoint Address Request Parameters",
"type": "object"
}
TlsPolicy (type)
{
"extends": {
"$ref": "Policy
},
"id": "TlsPolicy",
"module_id": "PolicyTls",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"category": {
"description": "- Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are \"Ethernet\",\"Emergency\", \"Infrastructure\" \"Environment\" and \"Application\". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories \"Emergency\", \"SystemRules\", \"SharedPreRules\", \"LocalGatewayRules\", \"AutoServiceRules\" and \"Default\", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to \"SharedPreRules\" or \"LocalGatewayRules\" only. Also, the users can add/modify/delete rules from only the \"SharedPreRules\" and \"LocalGatewayRules\" categories. If user doesn't specify the category then defaulted to \"Rules\". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, \"Default\" category is the placeholder default rules with lowest in the order of priority.",
"required": false,
"title": "A way to classify a security policy, if needed.",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"comments": {
"description": "Comments for security policy lock/unlock.",
"readonly": false,
"required": false,
"title": "SecurityPolicy lock/unlock comments",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"internal_sequence_number": {
"description": "This field is to indicate the internal sequence number of a policy with respect to the policies across categories.",
"readonly": true,
"title": "Internal sequence number",
"type": "int"
},
"is_default": {
"description": "A flag to indicate whether policy is a default policy.",
"readonly": true,
"required": false,
"title": "Default policy flag",
"type": "boolean"
},
"lock_modified_by": {
"description": "ID of the user who last modified the lock for the secruity policy.",
"readonly": true,
"required": false,
"title": "User who locked the security policy",
"type": "string"
},
"lock_modified_time": {
"$ref": "EpochMsTimestamp,
"description": "SecurityPolicy locked/unlocked time in epoch milliseconds.",
"readonly": true,
"required": false,
"title": "SecuirtyPolicy locked/unlocked time"
},
"locked": {
"default": false,
"description": "Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.",
"required": false,
"title": "Lock a security policy",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_count": {
"description": "The count of rules in the policy.",
"readonly": true,
"title": "Rule count",
"type": "int"
},
"rules": {
"items": {
"$ref": "TlsRule
},
"required": false,
"title": "Rules that are a part of this TLSPolicy",
"type": "array"
},
"scheduler_path": {
"description": "Provides a mechanism to apply the rules in this policy for a specified time duration.",
"readonly": false,
"required": false,
"title": "Path to the scheduler for time based scheduling",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SECURITY_POLICY_SCHEDULER_RELATIONSHIP",
"rightType": [
"PolicyFirewallScheduler"
]
}
]
},
"scope": {
"description": "The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"ForwardingPolicy",
"SecurityPolicy"
],
"relationshipType": "COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"PolicyLabel"
]
},
{
"leftType": [
"RedirectionPolicy"
],
"relationshipType": "REDIRECTION_COMMUNICATION_MAP_SCOPE_RELATIONSHIP",
"rightType": [
"Group",
"Tier1",
"Tier0"
]
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.",
"minimum": 0,
"title": "Sequence number to resolve conflicts across Domains",
"type": "int"
},
"stateful": {
"description": "Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.",
"readonly": false,
"required": false,
"title": "Stateful nature of the entries within this security policy.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tcp_strict": {
"description": "Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.",
"readonly": false,
"required": false,
"title": "Enforce strict tcp handshake before allowing data packets",
"type": "boolean"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Contains ordered list of Rules for TLSPolicy",
"type": "object"
}
TlsProfile (type)
{
"abstract": true,
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "TlsProfile",
"module_id": "PolicyTlsActionProfile",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"attention": {
"description": "Used to indicate an TLS version or Cipher version pre-defined settings mis-match.",
"readonly": true,
"required": false,
"title": "TLS Pre-defined settings mis-match",
"type": "string"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"crls": {
"default": [
"/infra/crls/default_public_crl"
],
"description": "Bypass profile - CRL is required if the \"invalid_certificate\" action is allow. External profile - CRL is always required. Internal profile - CRL is required if \"certificate_validation\" is turned on.",
"items": {
"type": "string"
},
"maxItems": 100,
"required": false,
"title": "Certificate Revocation List Ids",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"idle_connection_timeout": {
"default": 5400,
"description": "Timeout the connection when kept idle. Default is 90 minutes.",
"maximum": 4320000,
"minimum": 1,
"required": false,
"title": "Idle connection timeout in seconds",
"type": "int"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Resource type to use as profile type",
"enum": [
"TlsInspectionBypassProfile",
"TlsInspectionExternalProfile",
"TlsInspectionInternalProfile"
],
"help_summary": "Possible values are\n'TlsInspectionExternalProfile',\n'TlsInspectionInternalProfile'\n",
"required": true,
"title": "Resource type to use as profile type.",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"trusted_ca_bundles": {
"default": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"description": "Bypass profile - CA bundle is required if the \"invalid_certificate\" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if \"certificate_validation\" is turned on.",
"items": {
"type": "string"
},
"maxItems": 100,
"required": false,
"title": "List of CA bundle Ids",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
TlsProtocol (type)
{
"additionalProperties": false,
"enum": [
"TLS_V1_2",
"TLS_V1_1",
"TLS_V1_0"
],
"id": "TlsProtocol",
"module_id": "PolicyTlsActionProfile",
"title": "TLS protocol",
"type": "string"
}
TlsRule (type)
{
"additionalProperties": false,
"description": "A rule indicates the decryption actions to be performed for various types of traffic flowing between workload groups.",
"extends": {
"$ref": "BaseRule
},
"id": "TlsRule",
"module_id": "PolicyTls",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"destination_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Destination group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_DEST_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"destinations_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups",
"readonly": false,
"required": false,
"title": "Negation of destination groups",
"type": "boolean"
},
"direction": {
"default": "IN_OUT",
"description": "Define direction of traffic.",
"enum": [
"IN",
"OUT",
"IN_OUT"
],
"required": false,
"title": "Direction",
"type": "string"
},
"disabled": {
"default": false,
"description": "Flag to deactivate the rule. Default is activated.",
"readonly": false,
"required": false,
"title": "Flag to deactivate the rule",
"type": "boolean"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_protocol": {
"description": "Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.",
"enum": [
"IPV4",
"IPV6",
"IPV4_IPV6"
],
"readonly": false,
"required": false,
"title": "IPv4 vs IPv6 packet type",
"type": "string"
},
"is_default": {
"description": "A flag to indicate whether rule is a default rule.",
"readonly": true,
"required": false,
"title": "Default rule flag",
"type": "boolean"
},
"logged": {
"default": false,
"description": "Flag to enable packet logging. Default is deactivated.",
"readonly": false,
"required": false,
"title": "Enable logging flag",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"notes": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.",
"maxLength": 2048,
"readonly": false,
"required": false,
"title": "Text for additional notes on changes",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"profiles": {
"description": "Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Layer 7 service profiles or TLS action profile",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"Rule"
],
"relationshipType": "COMMUNICATION_ENTRY_L7_ACCESS_PROFILE_RELATIONSHIP",
"rightType": [
"L7AccessProfile"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_CONTEXT_PROFILE_RELATIONSHIP",
"rightType": [
"PolicyContextProfile"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"rule_id": {
"description": "This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.",
"readonly": true,
"required": false,
"title": "Unique rule ID",
"type": "integer"
},
"scope": {
"description": "The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier0Interface",
"Tier1Interface",
"Tier0",
"Tier1",
"IPSecVpnSession",
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SCOPE_RELATIONSHIP",
"rightType": [
"PolicyLabel",
"Tier1Interface",
"Tier0",
"Tier1Interface",
"Tier1",
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sequence_number": {
"description": "This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number",
"minimum": 0,
"required": false,
"title": "Sequence number of the this Rule",
"type": "int"
},
"service_entries": {
"description": "In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.",
"items": {
"$ref": "ServiceEntry
},
"maxItems": 128,
"required": false,
"title": "Raw services",
"type": "array"
},
"services": {
"description": "In order to specify all services, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Names of services",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SERVICE_RELATIONSHIP",
"rightType": [
"Service"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"source_groups": {
"description": "We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant \"ANY\". This is case insensitive. If \"ANY\" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.",
"items": {
"type": "string"
},
"maxItems": 128,
"required": false,
"title": "Source group paths",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Rule",
"ForwardingRule",
"RedirectionRule"
],
"relationshipType": "COMMUNICATION_ENTRY_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"IdsRule"
],
"relationshipType": "IDS_RULE_SOURCE_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
},
{
"leftType": [
"SecurityPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"GatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"ForwardingPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
},
{
"leftType": [
"IdsGatewayPolicy"
],
"relationshipType": "IGNORE",
"rightType": []
}
]
},
"sources_excluded": {
"default": false,
"description": "If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups",
"readonly": false,
"required": false,
"title": "Negation of source groups",
"type": "boolean"
},
"tag": {
"description": "User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.",
"required": false,
"title": "Tag applied on the rule",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tls_profile": {
"description": "TLS profile path.",
"required": true,
"title": "TLS inspection action profile path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"TlsRule"
],
"relationshipType": "TLS_GATEWAY_RULE_TLS_PROFILE_RELATIONSHIP",
"rightType": [
"TlsProfile"
]
}
]
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "A rule specifies the TLS policy rule between the workload groups",
"type": "object"
}
TlsServiceEndpoint (type)
{
"additionalProperties": false,
"description": "The hostname or IP and port number of a TLS service endpoint.",
"id": "TlsServiceEndpoint",
"module_id": "CertificateManager",
"properties": {
"host": {
"description": "The hostname or IP address of the TLS service endpoint.",
"format": "hostname-or-ip",
"title": "Hostname or IP of the endpoint",
"type": "string"
},
"port": {
"description": "The TCP port number of the endpoint.",
"maximum": 65535,
"minimum": 0,
"title": "TCP port number",
"type": "int"
}
},
"title": "TLS service endpoint",
"type": "object"
}
TlsTrustData (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyConfigResource
},
"id": "TlsTrustData",
"module_id": "PolicyCertificate",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"key_algo": {
"description": "Key algorithm contained in this certificate.",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"passphrase": {
"description": "Password for private key encryption.",
"readonly": false,
"required": false,
"sensitive": true,
"type": "secure_string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"pem_encoded": {
"description": "pem encoded certificate data.",
"readonly": false,
"required": true,
"type": "string"
},
"private_key": {
"description": "private key data",
"readonly": false,
"required": false,
"sensitive": true,
"type": "secure_string"
},
"purpose": {
"description": "Purpose of this certificate. Can be empty or set to \"signing-ca\".",
"enum": [
"signing-ca"
],
"readonly": false,
"required": false,
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"type": "object"
}
TokenBasedPrincipalIdentity (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "TokenBasedPrincipalIdentity",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_protected": {
"description": "Indicator whether the entities created by this principal should be protected.",
"readonly": false,
"required": false,
"title": "Protection indicator",
"type": "boolean"
},
"name": {
"description": "Name of the principal. This will be matched to the name provided in the token.",
"maxLength": 255,
"pattern": "^[a-zA-Z0-9]+([-._@]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Name",
"type": "string"
},
"node_id": {
"description": "Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string.",
"maxLength": 255,
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Unique node-id",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"roles_for_paths": {
"description": "The roles that are associated with this PI, limiting them to a path. In case the path is '/', the roles apply everywhere.",
"items": {
"$ref": "RolesForPath
},
"readonly": false,
"required": false,
"title": "Roles for Paths",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
TokenBasedPrincipalIdentityListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "TokenBasedPrincipalIdentityListResult",
"module_id": "CertificateManager",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"description": "TokenBasedPrincipalIdentity list.",
"items": {
"$ref": "TokenBasedPrincipalIdentity
},
"readonly": false,
"required": true,
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Token-based PrincipalIdentity query result",
"type": "object"
}
Tooltip (type)
{
"additionalProperties": false,
"description": "Tooltip to be shown while hovering over the dashboard UI element.",
"id": "Tooltip",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"condition": {
"description": "If the condition is met then the tooltip will be applied. If no condition is provided, then the tooltip will be applied unconditionally. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"heading": {
"description": "If true, displays tooltip text in bold",
"title": "Tooltip will be treated as header.",
"type": "boolean"
},
"text": {
"description": "Text to be shown on tooltip while hovering over UI element. The text would be wrapped if it exceeds 80 chars.",
"maxLength": 1024,
"required": true,
"title": "Textbox shown at tooltip",
"type": "string"
}
},
"title": "Tooltip",
"type": "object"
}
Traceflow (type)
{
"extends": {
"$ref": "ManagedResource
},
"id": "Traceflow",
"module_id": "Traceflow",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"analysis": {
"items": {
"type": "string"
},
"readonly": true,
"title": "Traceflow result analysis notes",
"type": "array"
},
"counters": {
"$ref": "TraceflowObservationCounters,
"readonly": true,
"required": false,
"title": "observation counters"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"readonly": true,
"required": true,
"title": "The id of the traceflow round",
"type": "string"
},
"logical_counters": {
"$ref": "TraceflowObservationCounters,
"readonly": true,
"required": false,
"title": "counters of observations from logical components"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "id of the source logical port used for injecting the traceflow packet",
"type": "string"
},
"operation_state": {
"enum": [
"IN_PROGRESS",
"FINISHED",
"FAILED"
],
"readonly": true,
"required": true,
"title": "Represents the traceflow operation state",
"type": "string"
},
"request_status": {
"description": "The status of the traceflow RPC request. SUCCESS - The traceflow request is sent successfully. TIMEOUT - The traceflow request gets timeout. SOURCE_PORT_NOT_FOUND - The source port of the request cannot be found. DATA_PATH_NOT_READY - The datapath component cannot be ready to receive request. CONNECTION_ERROR - There is connection error on datapath component. UNKNOWN - The status of traceflow request cannot be determined.",
"enum": [
"SUCCESS",
"TIMEOUT",
"SOURCE_PORT_NOT_FOUND",
"DATA_PATH_NOT_READY",
"CONNECTION_ERROR",
"UNKNOWN"
],
"readonly": true,
"required": false,
"title": "Traceflow request status",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"result_overflowed": {
"readonly": true,
"required": false,
"title": "A flag, when set true, indicates some observations were deleted from the result set.",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"description": "Maximum time (in ms) the management plane will be waiting for this traceflow round. Upper limit for federation case is 90000, for non-federation case is 15000, the maximum is set to 90000 as the higher of the two cases.",
"maximum": 90000,
"minimum": 5000,
"readonly": true,
"required": false,
"title": "Timeout (in ms) for traceflow observations result list",
"type": "integer"
}
},
"type": "object"
}
TraceflowComponentSubType (type)
{
"description": "This field specifies the traceflow component sub type that reports the observation LR_TIER0 - Tier-0 Gateway LR_TIER1 - Tier-1 Gateway LR_VRF_TIER0 - Tier-0 VRF Gateway LS_TRANSIT - Transit Switch SI_CLASSIFIER - Service Insertion Classifier SI_PROXY - Service Insertion Proxy VDR - Virtual Distributed Router ENI - Elastic Network Interface AWS_GATEWAY - Amazon Gateway TGW_ROUTE - Transit Gateway EDGE_UPLINK - Edge Uplink DELL_GATEWAY - Dell Gateway LGW_ROUTE - Local Gateway LR_KNI - Kernel NIC Interface UNKNOWN - Unknown component sub type",
"enum": [
"LR_TIER0",
"LR_TIER1",
"LR_VRF_TIER0",
"LS_TRANSIT",
"SI_CLASSIFIER",
"SI_PROXY",
"VDR",
"ENI",
"AWS_GATEWAY",
"TGW_ROUTE",
"EDGE_UPLINK",
"DELL_GATEWAY",
"LGW_ROUTE",
"LR_KNI",
"UNKNOWN"
],
"id": "TraceflowComponentSubType",
"module_id": "Traceflow",
"readonly": true,
"required": false,
"type": "string"
}
TraceflowComponentType (type)
{
"enum": [
"PHYSICAL",
"LR",
"LS",
"DFW",
"BRIDGE",
"EDGE_TUNNEL",
"EDGE_HOSTSWITCH",
"FW_BRIDGE",
"EDGE_RTEP_TUNNEL",
"LOAD_BALANCER",
"NAT",
"IPSEC",
"SERVICE_INSERTION",
"VMC",
"SPOOFGUARD",
"EDGE_FW",
"DLB",
"ANTREA_SPOOFGUARD",
"ANTREA_LB",
"ANTREA_ROUTING",
"ANTREA_DFW",
"ANTREA_FORWARDING",
"HOST_SWITCH",
"UNKNOWN"
],
"id": "TraceflowComponentType",
"module_id": "Traceflow",
"type": "string"
}
TraceflowConfig (type)
{
"additionalProperties": false,
"description": "TraceflowConfig mainly records what type of packets the user wants to inject into which port. This configuration will be cleaned up by the system after two hours of inactivity if is_transient is true. Traceflow is not supported for VPC Admin role.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "TraceflowConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"connected_parent_path_as_source": {
"description": "Policy path of child segment connected to container port. Child segment connection is configured through SegmentConnectionBindingMapDto. This field should be provided only when source_id/segment_port_path is a VIF attached port on the parent segment.",
"nsx_feature": "ChildSegment",
"required": false,
"title": "PolicyPath of segment connected to container port",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_transient": {
"default": true,
"description": "This field indicates if intent is transient and will be cleaned up by the system if set to true",
"required": false,
"title": "Marker to indicate if intent is transient",
"type": "boolean"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"packet": {
"$ref": "PacketData,
"description": "Configuration of packet data",
"required": true,
"title": "Packet configuration"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"segment_port_path": {
"deprecated": true,
"description": "Policy path or UUID of segment port to start traceflow from. Auto-plumbed ports don't have corresponding policy path. Ports auto-created by policy as part of connecting segment to Tier-0 or Tier-1 or DHCP server cannot be used. UUID is validated for syntax only. This configuration will be cleaned up by the system after two hours of inactivity.",
"title": "Segment Port Path or UUID",
"type": "string"
},
"source_id": {
"description": "Policy path or UUID (validated for syntax only) of segment port to start traceflow from. Auto-plumbed ports don't have corresponding policy path. Both overlay backed port and VLAN backed port are supported.",
"title": "Segment Port Path or UUID",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"timeout": {
"default": 10,
"description": "Maximum time in seconds the management plane will wait for observation result to be generated. The default, minimum and maximum timeout values, in seconds, for: Single site environment - minimum 5, default 10, maximum 15. Federated enviroment - minimum 15, default 30, maximum 60. These values are validated by the system based on type of environment.",
"maximum": 60,
"minimum": 5,
"required": false,
"title": "Timeout for traceflow observation results",
"type": "integer"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Traceflow configuration",
"type": "object"
}
TraceflowConfigListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "TraceflowConfigListResult",
"module_id": "PolicyConnectivity",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "TraceflowConfig
},
"required": true,
"title": "TraceflowConfig list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Paged Collection of TraceflowConfigs",
"type": "object"
}
TraceflowObservation (type)
{
"abstract": true,
"additionalProperties": false,
"id": "TraceflowObservation",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"mode": "enabled",
"property-name": "resource_type"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
}
},
"type": "object"
}
TraceflowObservationCounters (type)
{
"id": "TraceflowObservationCounters",
"module_id": "Traceflow",
"properties": {
"delivered_count": {
"description": "Total number of delivered observations for this traceflow round.",
"readonly": true,
"required": false,
"title": "Delivered observation count",
"type": "integer"
},
"dropped_count": {
"description": "Total number of dropped observations for this round.",
"readonly": true,
"required": false,
"title": "Dropped observation count",
"type": "integer"
},
"forwarded_count": {
"description": "Total number of forwarded observations for this traceflow round.",
"readonly": true,
"required": false,
"title": "Forwarded observation count",
"type": "integer"
},
"protected_count": {
"description": "Total number of protected observations for this traceflow round, which current user does not have access.",
"readonly": true,
"required": false,
"title": "Protected observation count",
"type": "integer"
},
"received_count": {
"description": "Total number of received observations for this traceflow round.",
"readonly": true,
"required": false,
"title": "Received observation count",
"type": "integer"
}
},
"type": "object"
}
TraceflowObservationDelivered (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationDelivered",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationDelivered"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port into which the traceflow packet was delivered",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port into which the traceflow packet was delivered",
"type": "string"
},
"resolution_type": {
"description": "This field specifies the resolution type of ARP ARP_SUPPRESSION_PORT_CACHE - ARP request is suppressed by IP table. ARP_SUPPRESSION_TABLE - ARP request is suppressed by ARP table. ARP_SUPPRESSION_CP_QUERY - ARP request is suppressed by info derived from CP. ARP_VM - No suppression and the ARP request is resolved by VM. ARP_LRP - No suppression and the ARP request is resolved by logical router.",
"enum": [
"UNKNOWN",
"ARP_SUPPRESSION_PORT_CACHE",
"ARP_SUPPRESSION_TABLE",
"ARP_SUPPRESSION_CP_QUERY",
"ARP_VM",
"ARP_LRP"
],
"readonly": true,
"required": false,
"title": "The resolution type of the delivered message for ARP",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"target_mac": {
"description": "The source MAC address of form: \"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$\". For example: 00:00:00:00:00:00.",
"readonly": true,
"required": false,
"title": "MAC address of the resolved IP by ARP",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"vlan_id": {
"$ref": "VlanID,
"required": false,
"title": "VLAN on bridged network"
}
},
"type": "object"
}
TraceflowObservationDropped (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationDropped",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationDropped"
},
"properties": {
"acl_rule_id": {
"description": "This field is specified when the traceflow packet matched a L3 firewall rule.",
"readonly": true,
"required": false,
"title": "The id of the L3 firewall rule that was applied to drop the traceflow packet",
"type": "integer"
},
"arp_fail_reason": {
"description": "This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction",
"enum": [
"ARP_UNKNOWN",
"ARP_TIMEOUT",
"ARP_CPFAIL",
"ARP_FROMCP",
"ARP_PORTDESTROY",
"ARP_TABLEDESTROY",
"ARP_NETDESTROY"
],
"readonly": true,
"required": false,
"title": "The detailed drop reason of ARP traceflow packet",
"type": "string"
},
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"ipsec_fail_reason": {
"description": "This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown",
"enum": [
"IPSEC_SA_NOT_FOUND",
"IPSEC_UDP_ENC_STATE_MISMATCH",
"IPSEC_SEQ_ROLLOVER",
"IPSEC_FRAG_NEEDED",
"IPSEC_TUN_IFACE_DOWN",
"IPSEC_POLICY_NOMATCH",
"IPSEC_POLICY_BLOCK",
"IPSEC_POLICY_ERROR",
"IPSEC_REPLAY_SEQ_NUM_REPEAT",
"IPSEC_REPLAY_RECV_DELAY",
"IPSEC_REPLAY_PROC_DELAY",
"IPSEC_ZERO_SEQ_NUM_RECVD",
"IPSEC_ENQUEUE_FAIL",
"IPSEC_AUTH_DGST_MISMATCH",
"IPSEC_AUTH_DGST_SIZE_MISMATCH",
"IPSEC_AUTH_UNSUPPORTED_ALGO",
"IPSEC_CRYPTO_FAIL",
"IPSEC_CRYPTO_PROC_INCOMPLETE",
"IPSEC_CRYPTO_SESSION_INV",
"IPSEC_CRYPTO_ARGS_INV",
"IPSEC_CRYPTO_PROC_ERROR",
"IPSEC_CRYPTO_NO_BUF_SPACE",
"IPSEC_CRYPTO_UNSUPPORTED_CIPHER",
"IPSEC_MALFORMED",
"IPSEC_MALFORMED_INV_PADDING",
"IPSEC_PADDING_REMOVAL_FAILED",
"IPSEC_INNER_MALFORMED",
"IPSEC_INNER_MALFORMED_IP",
"IPSEC_INNER_MALFORMED_UDP",
"IPSEC_INNER_MALFORMED_TCP",
"IPSEC_UNKNOWN"
],
"readonly": true,
"required": false,
"title": "The detailed drop reason of IPSec VPN traceflow packet",
"type": "string"
},
"jumpto_rule_id": {
"description": "This field is specified when the traceflow packet matched a jump-to rule.",
"readonly": true,
"required": false,
"title": "The ID of the jump-to rule that was applied to the traceflow packet",
"type": "integer"
},
"l2_rule_id": {
"description": "This field is specified when the traceflow packet matched a l2 rule.",
"readonly": true,
"required": false,
"title": "The ID of the l2 rule that was applied to the traceflow packet",
"type": "integer"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port at which the traceflow packet was dropped",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port at which the traceflow packet was dropped",
"type": "string"
},
"nat_rule_id": {
"description": "This field is specified when the traceflow packet matched a NAT rule.",
"readonly": true,
"required": false,
"title": "The ID of the NAT rule that was applied to drop the traceflow packet",
"type": "integer"
},
"reason": {
"description": "This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation.",
"enum": [
"ARP_FAIL",
"BFD",
"BROADCAST",
"DHCP",
"DLB",
"FW_RULE",
"GENEVE",
"GRE",
"IFACE",
"IP",
"IP_REASS",
"IPSEC",
"IPSEC_VTI",
"L2VPN",
"L4PORT",
"LB",
"LROUTER",
"LSERVICE",
"LSWITCH",
"MANAGEMENT",
"MD_PROXY",
"NAT",
"RTEP_TUNNEL",
"ND_NS_FAIL",
"NEIGH",
"NO_EIP_FOUND",
"NO_EIP_ASSOCIATION",
"NO_ENI_FOR_IP",
"NO_ENI_FOR_LIF",
"NO_ROUTE",
"NO_ROUTE_TABLE_FOUND",
"NO_UNDERLAY_ROUTE_FOUND",
"NOT_VDR_DOWNLINK",
"NO_VDR_FOUND",
"NO_VDR_ON_HOST",
"NOT_VDR_UPLINK",
"SERVICE_INSERT",
"SPOOFGUARD",
"TTL_ZERO",
"TUNNEL",
"VLAN",
"VXLAN",
"VXSTT",
"VMC_NO_RESPONSE",
"WRONG_UPLINK",
"FW_STATE",
"NO_MAC",
"UNKNOWN",
"FILTERED_UPLINK"
],
"readonly": true,
"required": false,
"title": "The reason traceflow packet was dropped",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
}
},
"type": "object"
}
TraceflowObservationDroppedLogical (type)
{
"extends": {
"$ref": "TraceflowObservationDropped
},
"id": "TraceflowObservationDroppedLogical",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationDroppedLogical"
},
"properties": {
"acl_rule_id": {
"description": "This field is specified when the traceflow packet matched a L3 firewall rule.",
"readonly": true,
"required": false,
"title": "The id of the L3 firewall rule that was applied to drop the traceflow packet",
"type": "integer"
},
"arp_fail_reason": {
"description": "This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction",
"enum": [
"ARP_UNKNOWN",
"ARP_TIMEOUT",
"ARP_CPFAIL",
"ARP_FROMCP",
"ARP_PORTDESTROY",
"ARP_TABLEDESTROY",
"ARP_NETDESTROY"
],
"readonly": true,
"required": false,
"title": "The detailed drop reason of ARP traceflow packet",
"type": "string"
},
"component_id": {
"readonly": true,
"required": false,
"title": "The id of the component that dropped the traceflow packet.",
"type": "string"
},
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"ipsec_fail_reason": {
"description": "This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown",
"enum": [
"IPSEC_SA_NOT_FOUND",
"IPSEC_UDP_ENC_STATE_MISMATCH",
"IPSEC_SEQ_ROLLOVER",
"IPSEC_FRAG_NEEDED",
"IPSEC_TUN_IFACE_DOWN",
"IPSEC_POLICY_NOMATCH",
"IPSEC_POLICY_BLOCK",
"IPSEC_POLICY_ERROR",
"IPSEC_REPLAY_SEQ_NUM_REPEAT",
"IPSEC_REPLAY_RECV_DELAY",
"IPSEC_REPLAY_PROC_DELAY",
"IPSEC_ZERO_SEQ_NUM_RECVD",
"IPSEC_ENQUEUE_FAIL",
"IPSEC_AUTH_DGST_MISMATCH",
"IPSEC_AUTH_DGST_SIZE_MISMATCH",
"IPSEC_AUTH_UNSUPPORTED_ALGO",
"IPSEC_CRYPTO_FAIL",
"IPSEC_CRYPTO_PROC_INCOMPLETE",
"IPSEC_CRYPTO_SESSION_INV",
"IPSEC_CRYPTO_ARGS_INV",
"IPSEC_CRYPTO_PROC_ERROR",
"IPSEC_CRYPTO_NO_BUF_SPACE",
"IPSEC_CRYPTO_UNSUPPORTED_CIPHER",
"IPSEC_MALFORMED",
"IPSEC_MALFORMED_INV_PADDING",
"IPSEC_PADDING_REMOVAL_FAILED",
"IPSEC_INNER_MALFORMED",
"IPSEC_INNER_MALFORMED_IP",
"IPSEC_INNER_MALFORMED_UDP",
"IPSEC_INNER_MALFORMED_TCP",
"IPSEC_UNKNOWN"
],
"readonly": true,
"required": false,
"title": "The detailed drop reason of IPSec VPN traceflow packet",
"type": "string"
},
"jumpto_rule_id": {
"description": "This field is specified when the traceflow packet matched a jump-to rule.",
"readonly": true,
"required": false,
"title": "The ID of the jump-to rule that was applied to the traceflow packet",
"type": "integer"
},
"l2_rule_id": {
"description": "This field is specified when the traceflow packet matched a l2 rule.",
"readonly": true,
"required": false,
"title": "The ID of the l2 rule that was applied to the traceflow packet",
"type": "integer"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port at which the traceflow packet was dropped",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port at which the traceflow packet was dropped",
"type": "string"
},
"nat_rule_id": {
"description": "This field is specified when the traceflow packet matched a NAT rule.",
"readonly": true,
"required": false,
"title": "The ID of the NAT rule that was applied to drop the traceflow packet",
"type": "integer"
},
"reason": {
"description": "This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation.",
"enum": [
"ARP_FAIL",
"BFD",
"BROADCAST",
"DHCP",
"DLB",
"FW_RULE",
"GENEVE",
"GRE",
"IFACE",
"IP",
"IP_REASS",
"IPSEC",
"IPSEC_VTI",
"L2VPN",
"L4PORT",
"LB",
"LROUTER",
"LSERVICE",
"LSWITCH",
"MANAGEMENT",
"MD_PROXY",
"NAT",
"RTEP_TUNNEL",
"ND_NS_FAIL",
"NEIGH",
"NO_EIP_FOUND",
"NO_EIP_ASSOCIATION",
"NO_ENI_FOR_IP",
"NO_ENI_FOR_LIF",
"NO_ROUTE",
"NO_ROUTE_TABLE_FOUND",
"NO_UNDERLAY_ROUTE_FOUND",
"NOT_VDR_DOWNLINK",
"NO_VDR_FOUND",
"NO_VDR_ON_HOST",
"NOT_VDR_UPLINK",
"SERVICE_INSERT",
"SPOOFGUARD",
"TTL_ZERO",
"TUNNEL",
"VLAN",
"VXLAN",
"VXSTT",
"VMC_NO_RESPONSE",
"WRONG_UPLINK",
"FW_STATE",
"NO_MAC",
"UNKNOWN",
"FILTERED_UPLINK"
],
"readonly": true,
"required": false,
"title": "The reason traceflow packet was dropped",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"service_path_index": {
"description": "The index of service path that is a chain of services represents the point where the traceflow packet was dropped.",
"readonly": true,
"required": false,
"title": "The index of service path",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
}
},
"type": "object"
}
TraceflowObservationForwarded (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationForwarded",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationForwarded"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"context": {
"required": false,
"title": "The 64bit tunnel context carried on the wire",
"type": "integer"
},
"dst_transport_node_id": {
"description": "This field will not be always available. Use remote_ip_address when this field is not set.",
"readonly": true,
"required": false,
"title": "The id of the transport node to which the traceflow packet is forwarded",
"type": "string"
},
"dst_transport_node_name": {
"readonly": true,
"required": false,
"title": "The name of the transport node to which the traceflow packet is forwarded",
"type": "string"
},
"local_ip_address": {
"$ref": "IPAddress,
"required": false,
"title": "IP address of the source end of the tunnel"
},
"remote_ip_address": {
"$ref": "IPAddress,
"required": false,
"title": "IP address of the destination end of the tunnel"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"uplink_name": {
"required": false,
"title": "The name of the uplink the traceflow packet is forwarded on",
"type": "string"
},
"vtep_label": {
"required": false,
"title": "The virtual tunnel endpoint label",
"type": "integer"
}
},
"type": "object"
}
TraceflowObservationForwardedLogical (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationForwardedLogical",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationForwardedLogical"
},
"properties": {
"acl_rule_id": {
"description": "This field is specified when the traceflow packet matched a L3 firewall rule.",
"readonly": true,
"required": false,
"title": "The id of the L3 firewall rule that was applied to forward the traceflow packet",
"type": "integer"
},
"component_id": {
"readonly": true,
"required": false,
"title": "The id of the component that forwarded the traceflow packet.",
"type": "string"
},
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"dst_component_id": {
"readonly": true,
"required": false,
"title": "The id of the destination component to which the traceflow packet was forwarded.",
"type": "string"
},
"dst_component_name": {
"readonly": true,
"required": false,
"title": "The name of the destination component to which the traceflow packet was forwarded.",
"type": "string"
},
"dst_component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the destination component to which the traceflow packet was forwarded."
},
"ipsec_vpn": {
"$ref": "TraceflowObservationIpsecVpn,
"description": "This field is specified when the traceflow packet was forwarded through IPSec VPN.",
"readonly": true,
"required": false,
"title": "IPSec VPN on which the traceflow packet was forwarded"
},
"jumpto_rule_id": {
"description": "This field is specified when the traceflow packet matched a jump-to rule.",
"readonly": true,
"required": false,
"title": "The ID of the jump-to rule that was applied to the traceflow packet",
"type": "integer"
},
"l2_rule_id": {
"description": "This field is specified when the traceflow packet matched a l2 rule.",
"readonly": true,
"required": false,
"title": "The ID of the l2 rule that was applied to the traceflow packet",
"type": "integer"
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port through which the traceflow packet was forwarded.",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port through which the traceflow packet was forwarded.",
"type": "string"
},
"nat_rule_id": {
"description": "This field is specified when the traceflow packet matched a NAT rule.",
"readonly": true,
"required": false,
"title": "The ID of the NAT rule that was applied to forward the traceflow packet",
"type": "integer"
},
"next_hop": {
"$ref": "IPAddress,
"description": "This field is specified when the traceflow packet was routed by logical router.",
"readonly": true,
"required": false,
"title": "Next hop IP address of matched routing entry"
},
"resend_type": {
"description": "ARP_UNKNOWN_FROM_CP - Unknown ARP query result emitted by control plane ND_NS_UNKNOWN_FROM_CP - Unknown neighbor solicitation query result emitted by control plane UNKNOWN - Unknown resend type",
"enum": [
"UNKNOWN",
"ARP_UNKNOWN_FROM_CP",
"ND_NS_UNKNWON_FROM_CP"
],
"readonly": true,
"required": false,
"title": "The type of packet resending",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"route_prefix": {
"$ref": "IPCIDRBlock,
"description": "This field is specified when the traceflow packet was routed by logical router.",
"readonly": true,
"required": false,
"title": "Prefix of matched routing entry"
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"service_index": {
"readonly": true,
"required": false,
"title": "The index of the service insertion component",
"type": "integer"
},
"service_path_index": {
"readonly": true,
"required": false,
"title": "The path index of the service insertion component",
"type": "integer"
},
"service_ttl": {
"readonly": true,
"required": false,
"title": "The ttl of the service insertion component",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"spoofguard_ip": {
"$ref": "IPCIDRBlock,
"description": "This field specified the prefix IP address a traceflow packet matched in the whitelist in spoofguard.",
"readonly": true,
"required": false,
"title": "Prefix IP address matched in the whitelist in spoofguard"
},
"spoofguard_mac": {
"$ref": "MACAddress,
"description": "The source MAC address of form: \"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$\". For example: 00:00:00:00:00:00.",
"readonly": true,
"required": false,
"title": "MAC address matched in the whitelist in spoofguard"
},
"spoofguard_vlan_id": {
"$ref": "VlanID,
"description": "This field specified the VLAN id a traceflow packet matched in the whitelist in spoofguard.",
"readonly": true,
"required": false,
"title": "VLAN id matched in the whitelist in spoofguard"
},
"svc_nh_mac": {
"description": "MAC address of nexthop for service insertion(SI) in service VM(SVM) where the traceflow packet was received.",
"readonly": true,
"required": false,
"title": "MAC address of nexthop",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"translated_dst_ip": {
"$ref": "IPAddress,
"readonly": true,
"required": false,
"title": "The translated destination IP address of VNP/NAT"
},
"translated_src_ip": {
"$ref": "IPAddress,
"readonly": true,
"required": false,
"title": "The translated source IP address of VPN/NAT"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"vlan": {
"$ref": "VlanID,
"description": "This field is specified when the traceflow packet was forwarded by a VLAN logical network.",
"readonly": true,
"required": false,
"title": "VLAN for the logical network on which the traceflow packet was forwarded"
},
"vni": {
"description": "This field is specified when the traceflow packet was forwarded by an overlay logical network.",
"readonly": true,
"required": false,
"title": "VNI for the logical network on which the traceflow packet was forwarded.",
"type": "int"
}
},
"type": "object"
}
TraceflowObservationIpsecVpn (type)
{
"additionalProperties": false,
"description": "IPSec VPN traceflow observation.",
"id": "TraceflowObservationIpsecVpn",
"module_id": "Traceflow",
"properties": {
"inner_dst_ip": {
"$ref": "IPAddress,
"description": "Inner destination IP Address.",
"readonly": true,
"required": false,
"title": "Inner destination IP"
},
"inner_src_ip": {
"$ref": "IPAddress,
"description": "Inner source IP Address.",
"readonly": true,
"required": false,
"title": "Inner source IP"
},
"local_ip": {
"$ref": "IPAddress,
"description": "Local VPN endpoint IP Address.",
"readonly": true,
"required": false,
"title": "Local VPN endpoint IP"
},
"policy_id": {
"description": "IPSec tunnel interface universally unique identifier in case of Policy-based IPSec VPN.",
"readonly": true,
"required": false,
"title": "IPSec tunnel interface UUID in case of Policy-based IPSec VPN",
"type": "string"
},
"remote_ip": {
"$ref": "IPAddress,
"description": "Peer VPN endpoint IP Address.",
"readonly": true,
"required": false,
"title": "Peer VPN endpoint IP"
},
"session_id": {
"description": "IPSec VPN session universally unique identifier.",
"readonly": true,
"required": false,
"title": "VPN session UUID",
"type": "string"
},
"spi": {
"description": "Security Parameter Index is used to uniquely identify a particular IPSec Security Association.",
"maximum": 4294967295,
"minimum": 1,
"readonly": true,
"required": false,
"title": "Security Parameter Index",
"type": "integer"
},
"vti_id": {
"description": "Virtual tunnel interface universally unique identifier in case of Route-based IPSec VPN.",
"readonly": true,
"required": false,
"title": "Virtual tunnel interface UUID in case of Route-based IPSec VPN",
"type": "string"
}
},
"title": "IPSec VPN traceflow observation",
"type": "object"
}
TraceflowObservationListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "TraceflowObservationListResult",
"module_id": "Traceflow",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "TraceflowObservation
},
"required": false,
"title": "TraceflowObservation list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
TraceflowObservationProtected (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationProtected",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationProtected"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"original_type": {
"$ref": "TraceflowObservationType,
"description": "Holding the type of observation before converted to protected type.",
"required": true,
"title": "Type of observation before converted to protected."
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
}
},
"type": "object"
}
TraceflowObservationReceived (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationReceived",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationReceived"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"local_ip_address": {
"$ref": "IPAddress,
"required": false,
"title": "IP address of the destination end of the tunnel"
},
"remote_ip_address": {
"$ref": "IPAddress,
"required": false,
"title": "IP address of the source end of the tunnel"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"uplink_name": {
"required": false,
"title": "The name of the uplink the traceflow packet is received on",
"type": "string"
},
"vtep_label": {
"required": false,
"title": "The virtual tunnel endpoint label",
"type": "integer"
}
},
"type": "object"
}
TraceflowObservationReceivedLogical (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationReceivedLogical",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationReceivedLogical"
},
"properties": {
"component_id": {
"readonly": true,
"required": false,
"title": "The id of the component that received the traceflow packet.",
"type": "string"
},
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"ipsec_vpn": {
"$ref": "TraceflowObservationIpsecVpn,
"description": "This field is specified when the traceflow packet was received on IPSec VPN.",
"readonly": true,
"required": false,
"title": "IPSec VPN on which the traceflow packet was received."
},
"lport_id": {
"readonly": true,
"required": false,
"title": "The id of the logical port at which the traceflow packet was received",
"type": "string"
},
"lport_name": {
"readonly": true,
"required": false,
"title": "The name of the logical port at which the traceflow packet was received",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"src_component_id": {
"readonly": true,
"required": false,
"title": "The id of the source component from which the traceflow packet was received.",
"type": "string"
},
"src_component_name": {
"readonly": true,
"required": false,
"title": "The name of source component from which the traceflow packet was received.",
"type": "string"
},
"src_component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the source component from which the traceflow packet was received."
},
"svc_mac": {
"description": "MAC address of SAN volume controller for service insertion(SI) in service VM(SVM) where the traceflow packet was received.",
"readonly": true,
"required": false,
"title": "MAC address of SAN volume controller",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"vlan": {
"$ref": "VlanID,
"description": "This field is specified when the traceflow packet was received by a VLAN logical network.",
"readonly": true,
"required": false,
"title": "VLAN for the logical network on which the traceflow packet was received."
},
"vni": {
"description": "This field is specified when the traceflow packet was received by an overlay logical network.",
"readonly": true,
"required": false,
"title": "VNI for the logical network on which the traceflow packet was received.",
"type": "int"
}
},
"type": "object"
}
TraceflowObservationRelayedLogical (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationRelayedLogical",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationRelayedLogical"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"dst_server_address": {
"$ref": "IPAddress,
"description": "This field specified the IP address of the destination which the packet will be relayed.",
"readonly": true,
"required": true,
"title": "The IP address of the destination"
},
"logical_comp_uuid": {
"description": "This field specified the logical component that relay service located.",
"readonly": true,
"required": false,
"title": "The id of the component which relay service located",
"type": "string"
},
"message_type": {
"default": "REQUEST",
"description": "This field specified the message type of the relay service REQUEST - The relay service will relay a request message to the destination server REPLY - The relay service will relay a reply message to the client",
"enum": [
"REQUEST",
"REPLY"
],
"readonly": true,
"required": true,
"title": "The type of the relay service",
"type": "string"
},
"relay_server_address": {
"$ref": "IPAddress,
"description": "This field specified the IP address of the relay service.",
"readonly": true,
"required": true,
"title": "The IP address of relay service"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
}
},
"type": "object"
}
TraceflowObservationReplicationLogical (type)
{
"extends": {
"$ref": "TraceflowObservation
},
"id": "TraceflowObservationReplicationLogical",
"module_id": "Traceflow",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowObservationReplicationLogical"
},
"properties": {
"component_name": {
"readonly": true,
"required": false,
"title": "The name of the component that issued the observation.",
"type": "string"
},
"component_sub_type": {
"$ref": "TraceflowComponentSubType,
"readonly": true,
"required": false,
"title": "The sub type of the component that issued the observation."
},
"component_type": {
"$ref": "TraceflowComponentType,
"readonly": true,
"required": false,
"title": "The type of the component that issued the observation."
},
"local_ip_address": {
"$ref": "IPAddress,
"readonly": true,
"required": false,
"title": "Local IP address of the component that replicates the packet."
},
"replication_type": {
"description": "This field specifies the type of replication message TX_VTEP - Transmit replication to all VTEPs TX_MTEP - Transmit replication to all MTEPs RX - Receive replication",
"enum": [
"TX_VTEP",
"TX_MTEP",
"RX"
],
"readonly": true,
"required": false,
"title": "The replication type of the message",
"type": "string"
},
"resource_type": {
"$ref": "TraceflowObservationType,
"default": "TraceflowObservationReceived",
"required": true
},
"sequence_no": {
"description": "the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.",
"readonly": true,
"required": true,
"title": "the sequence number is the traceflow observation hop count",
"type": "integer"
},
"site_path": {
"description": "This field contains the site path where this observation was generated.",
"readonly": true,
"title": "Policy path of the federated site",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"description": "Timestamp when the observation was created by the transport node (milliseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node"
},
"timestamp_micro": {
"description": "Timestamp when the observation was created by the transport node (microseconds epoch)",
"readonly": true,
"required": false,
"title": "Timestamp when the observation was created by the transport node",
"type": "integer"
},
"transport_node_id": {
"readonly": true,
"required": false,
"title": "id of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_name": {
"readonly": true,
"required": false,
"title": "name of the transport node that observed a traceflow packet",
"type": "string"
},
"transport_node_type": {
"$ref": "TransportNodeType,
"readonly": true,
"required": false,
"title": "type of the transport node that observed a traceflow packet"
},
"uplink_name": {
"readonly": true,
"required": false,
"title": "The name of uplink",
"type": "string"
},
"vtep_label": {
"readonly": true,
"required": false,
"title": "The label of VTEP",
"type": "integer"
}
},
"type": "object"
}
TraceflowObservationType (type)
{
"enum": [
"TraceflowObservationForwarded",
"TraceflowObservationDropped",
"TraceflowObservationDelivered",
"TraceflowObservationReceived",
"TraceflowObservationForwardedLogical",
"TraceflowObservationDroppedLogical",
"TraceflowObservationReceivedLogical",
"TraceflowObservationReplicationLogical",
"TraceflowObservationRelayedLogical",
"TraceflowObservationProtected"
],
"id": "TraceflowObservationType",
"module_id": "Traceflow",
"type": "string"
}
TraceflowRequestParameter (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyRequestParameter
},
"id": "TraceflowRequestParameter",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"type-identifier": "TraceflowRequestParameter"
},
"properties": {
"enforcement_point_path": {
"description": "Policy path of enforcement point on which traceflow session was created.",
"required": true,
"title": "Enforcement point path",
"type": "string"
},
"resource_type": {
"description": "The type of this request parameter.",
"readonly": false,
"required": true,
"type": "string"
}
},
"title": "Traceflow request parameter, used in hierarchical API.",
"type": "object"
}
TraceflowStatusRequest (type)
{
"additionalProperties": false,
"id": "TraceflowStatusRequest",
"module_id": "PolicyConnectivity",
"properties": {
"enforcement_point_path": {
"description": "Policy path of enforcement point on which traceflow session was created.",
"title": "Enforcement point path",
"type": "string"
}
},
"title": "Traceflow request status",
"type": "object"
}
TrafficRateLimits (type)
{
"description": "Activates traffic limit for incoming/outgoing broadcast and multicast packets. Use 0 to deactivate rate limiting for a specific traffic type",
"id": "TrafficRateLimits",
"module_id": "PolicySegmentSecurity",
"properties": {
"rx_broadcast": {
"default": 0,
"description": "Incoming broadcast traffic limit in packets per second",
"minimum": 0,
"readonly": false,
"required": false,
"title": "Broadcast receive limit",
"type": "int"
},
"rx_multicast": {
"default": 0,
"description": "Incoming multicast traffic limit in packets per second",
"minimum": 0,
"readonly": false,
"required": false,
"title": "Multicast receive limit",
"type": "int"
},
"tx_broadcast": {
"default": 0,
"description": "Outgoing broadcast traffic limit in packets per second",
"minimum": 0,
"readonly": false,
"required": false,
"title": "Broadcast transmit limit",
"type": "int"
},
"tx_multicast": {
"default": 0,
"description": "Outgoing multicast traffic limit in packets per second",
"minimum": 0,
"readonly": false,
"required": false,
"title": "Multicast transmit limit",
"type": "int"
}
},
"title": "Rate limiting configuration",
"type": "object"
}
TransportInfo (type)
{
"id": "TransportInfo",
"module_id": "LiveTrace",
"properties": {
"dst_port": {
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Destination port",
"type": "integer"
},
"protocol": {
"enum": [
"TCP",
"UDP",
"ICMPv4",
"ICMPv6",
"ESP"
],
"required": false,
"title": "Protocol type over IP layer",
"type": "string"
},
"spi": {
"description": "Security Parameter Index is to uniquely identify a particular IPSec Security Association",
"maximum": 4294967295,
"minimum": 1,
"required": false,
"title": "Security Parameter Index",
"type": "integer"
},
"src_port": {
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Source port",
"type": "integer"
}
},
"type": "object"
}
TransportNodeIdParameters (type)
{
"extends": {
"$ref": "DataSourceParameters
},
"id": "TransportNodeIdParameters",
"module_id": "AggSvcL2Types",
"properties": {
"source": {
"$ref": "DataSourceType,
"required": false,
"title": "The data source, either realtime or cached. If not provided, cached data is returned."
},
"transport_node_id": {
"required": false,
"title": "TransportNode Id",
"type": "string"
}
},
"type": "object"
}
TransportNodeSpanEnforcedStatus (type)
{
"additionalProperties": false,
"description": "Detailed Realized Status of an Intent on a span of Transport Nodes.",
"extends": {
"$ref": "EnforcedStatusPerScopeNsxT
},
"id": "TransportNodeSpanEnforcedStatus",
"module_id": "PolicyRealizationStatus",
"polymorphic-type-descriptor": {
"type-identifier": "TransportNodeSpanEnforcedStatus"
},
"properties": {
"enforced_status_per_transport_node": {
"description": "List of Detailed Realized Status per Transport Node.",
"items": {
"$ref": "EnforcedStatusPerTransportNode
},
"readonly": true,
"title": "List of Enforced Realized Status per Transport Node",
"type": "array"
},
"resource_type": {
"description": "Enforced Realized Status Per Scope Resource Type.",
"enum": [
"TransportNodeSpanEnforcedStatus"
],
"readonly": true,
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Enforced Realized Status across Transport Nodes",
"type": "object"
}
TransportNodeType (type)
{
"enum": [
"ESX",
"RHELKVM",
"UBUNTUKVM",
"CENTOSKVM",
"RHELCONTAINER",
"CENTOSCONTAINER",
"RHELSERVER",
"UBUNTUSERVER",
"CENTOSSERVER",
"SLESKVM",
"SLESSERVER",
"WINDOWSSERVER",
"RHELSMARTNIC",
"OELSERVER",
"UBUNTUSMARTNIC",
"EDGE",
"PUBLIC_CLOUD_GATEWAY_NODE",
"OTHERS",
"HYPERV"
],
"id": "TransportNodeType",
"module_id": "Traceflow",
"type": "string"
}
TransportProtocolHeader (type)
{
"additionalProperties": false,
"id": "TransportProtocolHeader",
"module_id": "Traceflow",
"properties": {
"dhcp_header": {
"$ref": "DhcpHeader,
"required": false,
"title": "DHCP header"
},
"dhcpv6_header": {
"$ref": "Dhcpv6Header,
"required": false,
"title": "DHCP v6 header"
},
"dns_header": {
"$ref": "DnsHeader,
"required": false,
"title": "DNS header"
},
"icmp_echo_request_header": {
"$ref": "IcmpEchoRequestHeader,
"required": false,
"title": "ICMP echo request header"
},
"ndp_header": {
"$ref": "NdpHeader,
"required": false,
"title": "Neighbor discovery protocol header"
},
"tcp_header": {
"$ref": "TcpHeader,
"required": false,
"title": "TCP header"
},
"udp_header": {
"$ref": "UdpHeader,
"required": false,
"title": "UDP header"
}
},
"type": "object"
}
TriggerUcUpgradeParameters (type)
{
"id": "TriggerUcUpgradeParameters",
"properties": {
"product_version": {
"description": "Target upgrade coordinator version.",
"pattern": "^[a-zA-Z0-9-.]+$",
"title": "Target upgrade coordinator version.",
"type": "string"
}
},
"type": "object"
}
TrustManagementData (type)
{
"additionalProperties": false,
"id": "TrustManagementData",
"module_id": "CertificateManager",
"properties": {
"supported_algorithms": {
"description": "List of supported algorithms.",
"items": {
"$ref": "CryptoAlgorithm
},
"readonly": true,
"required": false,
"type": "array"
}
},
"type": "object"
}
TrustObjectData (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "TrustObjectData",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"key_algo": {
"description": "Key algorithm contained in this certificate.",
"type": "string"
},
"passphrase": {
"description": "Password for private key encryption.",
"readonly": false,
"required": false,
"sensitive": true,
"type": "secure_string"
},
"pem_encoded": {
"description": "PEM encoded certificate data.",
"readonly": false,
"required": true,
"type": "string"
},
"private_key": {
"description": "Private key data.",
"readonly": false,
"required": false,
"sensitive": true,
"type": "secure_string"
},
"purpose": {
"description": "Purpose of this certificate. Can be empty or set to \"signing-ca\".",
"enum": [
"signing-ca"
],
"readonly": false,
"required": false,
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
Tunnel (type)
{
"additionalProperties": false,
"description": "polymorphic resource type and support resource types - GreTunnel",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Tunnel",
"module_id": "PolicyConnectivity",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"description": "Enable/Disable Tunnel",
"required": false,
"type": "boolean"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"mtu": {
"default": 1476,
"description": "Maximum transmission unit(MTU) in bytes specifies the size of the largest packet that a tunnel can transmit.",
"minimum": 64,
"required": false,
"title": "Maximum transmission unit",
"type": "int"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "Indicates Resource type of tunnel, GreTunnel - Resource type as GreTunnel will be used to configure P2P GRE Tunnel.",
"enum": [
"GreTunnel"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"tunnel_address": {
"description": "Specify list of IP address per every edge node for tunnel interface. Supports both IPv4 and IPv6 address.",
"items": {
"$ref": "TunnelAddress
},
"maxItems": 8,
"minItems": 1,
"required": true,
"title": "Tunnel Address object parameter",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Tunnel",
"type": "object"
}
TunnelAddress (type)
{
"additionalProperties": false,
"id": "TunnelAddress",
"module_id": "PolicyConnectivity",
"properties": {
"edge_path": {
"description": "policy path of edge node where tunnel will be realized with the subnet specified.",
"required": true,
"title": "Policy edge node path",
"type": "string"
},
"source_address": {
"$ref": "IPv4Address,
"description": "Specify IPv4 source addresses as the tunnel local end point addresses.",
"required": true,
"title": "IPv4 souurce address"
},
"tunnel_interface_subnet": {
"description": "IP addresses in CIDR format for both IP4 and IPv6 assigned to tunnel interface on a given edge node",
"items": {
"$ref": "InterfaceSubnet
},
"maxItems": 2,
"minItems": 1,
"required": true,
"title": "Interface Subnet object parameter",
"type": "array"
}
},
"title": "Tunnel Address request parameters",
"type": "object"
}
TunnelInterfaceIPSubnet (type)
{
"additionalProperties": false,
"id": "TunnelInterfaceIPSubnet",
"module_id": "PolicyVpnIPSecVpn",
"properties": {
"ip_addresses": {
"items": {
"$ref": "IPAddress
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "IPv4 or IPv6 Addresses",
"type": "array"
},
"prefix_length": {
"maximum": 127,
"minimum": 1,
"required": true,
"title": "Subnet Prefix Length maximum prefixlen for IPv4 address - 31, IPv6 address - 127.",
"type": "integer"
}
},
"type": "object"
}
TunnelKeepAlive (type)
{
"additionalProperties": false,
"id": "TunnelKeepAlive",
"module_id": "PolicyConnectivity",
"properties": {
"dead_time_multiplier": {
"default": 3,
"maximum": 5,
"minimum": 3,
"required": false,
"title": "Dead time multiplier",
"type": "int"
},
"enable_keepalive_ack": {
"default": true,
"required": false,
"title": "Enable tunnel keep alive acknowledge",
"type": "boolean"
},
"enabled": {
"default": false,
"required": false,
"title": "Enable/Disable tunnel keep alive",
"type": "boolean"
},
"keepalive_interval": {
"default": 10,
"maximum": 120,
"minimum": 2,
"required": false,
"title": "Keep alive interval",
"type": "int"
}
},
"title": "Tunnel Keep Alive",
"type": "object"
}
TunnelSubnet (type) (Deprecated)
{
"additionalProperties": false,
"deprecated": true,
"id": "TunnelSubnet",
"module_id": "PolicyL3Vpn",
"properties": {
"ip_addresses": {
"items": {
"$ref": "IPv4Address
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "Subnet ip addresses",
"type": "array",
"uniqueItems": true
},
"prefix_length": {
"maximum": 31,
"minimum": 1,
"required": true,
"title": "Subnet Prefix Length",
"type": "integer"
}
},
"type": "object"
}
UcBundleMetadata (type)
{
"additionalProperties": false,
"description": "Provides the information about previous uploaded bundle.",
"id": "UcBundleMetadata",
"module_id": "Upgrade",
"properties": {
"upgrade_bundle_file_name": {
"readonly": true,
"required": false,
"title": "Uc bundle file name",
"type": "string"
},
"upgrade_bundle_type": {
"enum": [
"MUB",
"PUB"
],
"readonly": true,
"required": false,
"title": "upgrade bundle type",
"type": "string"
},
"upgrade_bundle_upload_type": {
"enum": [
"LOCAL_BUNDLE",
"DOWNLOAD_URL",
"DOWNLOAD_SITE"
],
"readonly": true,
"required": false,
"title": "upgrade bundle upload type",
"type": "string"
},
"upgrade_bundle_url": {
"readonly": true,
"required": false,
"title": "Uc bundle url",
"type": "string"
},
"upgrade_bundle_version": {
"readonly": true,
"required": false,
"title": "upgrade bundle version",
"type": "string"
},
"upload_start_time": {
"readonly": true,
"required": false,
"title": "Uc bundle start time epoch",
"type": "string"
}
},
"title": "Uc Bundle Metadata for last uploaded bundle.",
"type": "object"
}
UcFunctionalState (type)
{
"additionalProperties": false,
"description": "Upgrade coordinator Uc functional State.",
"id": "UcFunctionalState",
"module_id": "Upgrade",
"properties": {
"error_message": {
"description": "error message that explains why UC is on standby mode.",
"readonly": true,
"required": false,
"title": "error message",
"type": "string"
},
"state": {
"description": "function state of the upgrade coordinator",
"enum": [
"RUNNING",
"STANDBY"
],
"readonly": true,
"required": true,
"title": "State of UC UI",
"type": "string"
}
},
"title": "Uc Functional State",
"type": "object"
}
UcStateProperties (type)
{
"additionalProperties": false,
"id": "UcStateProperties",
"properties": {
"update_uc_state_properties": {
"default": true,
"required": false,
"title": "Flag for updating upgrade-coodinator state properties to database",
"type": "boolean"
}
},
"title": "Upgrade Coordinator state properties",
"type": "object"
}
UcUpgradeMetadata (type)
{
"additionalProperties": false,
"description": "Provides the information about previous Uc upgrade operation.",
"id": "UcUpgradeMetadata",
"module_id": "Upgrade",
"properties": {
"uc_upgrade_time": {
"readonly": true,
"required": false,
"title": "Uc upgrade time epoch",
"type": "string"
},
"upgrade_bundle_name": {
"readonly": true,
"required": false,
"title": "upgrade bundle name",
"type": "string"
},
"upgrade_bundle_type": {
"readonly": true,
"required": false,
"title": "upgrade bundle type",
"type": "string"
},
"upgrade_bundle_version": {
"readonly": true,
"required": false,
"title": "upgrade bundle version",
"type": "string"
}
},
"title": "UC Upgrade status",
"type": "object"
}
UcUpgradeStatus (type)
{
"additionalProperties": false,
"description": "Upgrade status of upgrade-coordinator",
"id": "UcUpgradeStatus",
"module_id": "Upgrade",
"properties": {
"errors": {
"description": "List of failure messages.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of failure messages",
"type": "array"
},
"progress_messages": {
"description": "List of progress messages.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Progress messages",
"type": "array"
},
"progress_percentage": {
"readonly": true,
"required": false,
"title": "Upgrade Coordinator Upgrade Progress Percentage",
"type": "int"
},
"state": {
"description": "Current state of UC upgrade",
"enum": [
"NOT_STARTED",
"IN_PROGRESS",
"SUCCESS",
"FAILED"
],
"readonly": true,
"required": false,
"title": "State of UC upgrade",
"type": "string"
},
"status": {
"description": "Status of UC upgrade.",
"readonly": true,
"required": false,
"title": "Status of UC upgrade",
"type": "string"
}
},
"title": "UC Upgrade status",
"type": "object"
}
UdpHeader (type)
{
"additionalProperties": false,
"id": "UdpHeader",
"module_id": "Traceflow",
"properties": {
"dst_port": {
"default": 0,
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Destination port of udp header",
"type": "integer"
},
"src_port": {
"default": 0,
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Source port of udp header",
"type": "integer"
}
},
"type": "object"
}
UnaryOperation (type)
{
"additionalProperties": false,
"description": "Unary Operation.",
"id": "UnaryOperation",
"module_id": "PolicyReaction",
"properties": {
"operand": {
"$ref": "ResourceFieldPointer,
"description": "Represents an argument of the operation pointing to a specific field value.",
"required": true,
"title": "Operand"
},
"operator": {
"description": "Logical Operator describing the operation to apply to the operand.",
"enum": [
"APPEND",
"SUBTRACT"
],
"required": true,
"title": "Operator",
"type": "string"
}
},
"title": "Unary Operation",
"type": "object"
}
UnaryOperationBasedInjectionValue (type)
{
"additionalProperties": false,
"description": "Operation based Injection Value.",
"extends": {
"$ref": "InjectionValue
},
"id": "UnaryOperationBasedInjectionValue",
"module_id": "PolicyReaction",
"polymorphic-type-descriptor": {
"type-identifier": "UnaryOperationBasedInjectionValue"
},
"properties": {
"initial_value": {
"$ref": "ResourceFieldPointer,
"description": "Resource field pointer representing the initial value for the injection value. If an operation is supplied, the value is handed to the operation function to produce a final result.",
"required": true,
"title": "Intitial value"
},
"operation": {
"$ref": "UnaryOperation,
"description": "Represents an optional operation to be done on the initial value.",
"title": "Operation Function"
},
"resource_type": {
"description": "Injection Value resource type.",
"enum": [
"UnaryOperationBasedInjectionValue"
],
"required": true,
"title": "Resource Type",
"type": "string"
}
},
"title": "Operation based Injection Value",
"type": "object"
}
UnboundedKeyValuePair (type)
{
"additionalProperties": false,
"id": "UnboundedKeyValuePair",
"module_id": "Common",
"properties": {
"key": {
"readonly": false,
"required": true,
"title": "Key",
"type": "string"
},
"value": {
"readonly": false,
"required": true,
"title": "Value",
"type": "string"
}
},
"title": "A key-value pair with no limitations on size",
"type": "object"
}
UnsupportedFeature (type)
{
"description": "List of unsupported features for configuration onboarding on global manager.",
"enum": [
"LB"
],
"id": "UnsupportedFeature",
"module_id": "GmConfigOnboarding",
"title": "Unsupported features",
"type": "string"
}
UpdateOidcEndPointThumbprintRequest (type)
{
"additionalProperties": false,
"description": "Request to update the thumbprint of an OpenID Connect end-point with a new thumbprint.",
"extends": {
"$ref": "ManagedResource
},
"id": "UpdateOidcEndPointThumbprintRequest",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"oidc_uri": {
"description": "URI where to download the meta-data of the OIDC end-point.",
"maxLength": 255,
"readonly": false,
"required": true,
"title": "OpenID Connect end-point URI",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"thumbprint": {
"description": "Thumbprint of the OIDC URI to make an SSL connection.",
"readonly": false,
"required": false,
"title": "Thumbprint",
"type": "string"
}
},
"title": "Request to update the thumbprint of an OpenId Connect end-point",
"type": "object"
}
UpdatePrincipalIdentityCertificateRequest (type)
{
"additionalProperties": false,
"description": "Request to update the certificate of a principal identity with a new certificate.",
"extends": {
"$ref": "ManagedResource
},
"id": "UpdatePrincipalIdentityCertificateRequest",
"module_id": "CertificateManager",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"certificate_id": {
"description": "Id of the stored certificate.",
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Id of the stored certificate",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"principal_identity_id": {
"description": "Unique ID of the principal.",
"maxLength": 255,
"pattern": "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$",
"readonly": false,
"required": true,
"title": "Principal Identity ID",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"title": "Request to update the certificate of a principal identity",
"type": "object"
}
UpgradeBundle (type)
{
"additionalProperties": false,
"id": "UpgradeBundle",
"module_id": "Upgrade",
"properties": {
"file": {
"readonly": false,
"required": true,
"title": "Upgrade bundle file",
"type": "multipart_file"
},
"install": {
"readonly": false,
"required": false,
"title": "Hint to install bundle after upload",
"type": "boolean"
}
},
"type": "object"
}
UpgradeBundleFetchRequest (type)
{
"additionalProperties": false,
"description": "URL and other fetch requests of upgrade bundle",
"id": "UpgradeBundleFetchRequest",
"module_id": "Upgrade",
"properties": {
"bundle_type": {
"description": "Bundle type i.e. pre-upgrade bundle or main upgrade bundle.",
"enum": [
"PRE-UPGRADE",
"UPGRADE"
],
"readonly": false,
"required": false,
"title": "Bundle type i.e. pre-upgrade bundle or main upgrade bundle.",
"type": "string"
},
"password": {
"description": "Password for Username provided in this request for VMware Download site.",
"readonly": false,
"required": false,
"title": "Password for VMware Download Site.",
"type": "secure_string"
},
"url": {
"description": "URL for uploading upgrade bundle",
"readonly": false,
"required": false,
"title": "URL of upgrade bundle",
"type": "string"
},
"username": {
"description": "Username representing user on VMware Download site.",
"readonly": false,
"required": false,
"title": "Username for VMware Download Site.",
"type": "string"
},
"version": {
"description": "Version available on the VMware Download site, targeted for upgrade.",
"readonly": false,
"required": false,
"title": "version to be downloaded",
"type": "string"
}
},
"title": "Fetch request for fetching upgrade bundle",
"type": "object"
}
UpgradeBundleId (type)
{
"additionalProperties": false,
"description": "Identifier of the upgrade bundle",
"id": "UpgradeBundleId",
"module_id": "Upgrade",
"properties": {
"bundle_id": {
"description": "Identifier of bundle upload",
"readonly": true,
"required": false,
"title": "Bundle Id of upgrade bundle uploaded",
"type": "string"
}
},
"title": "Bundle id of upgrade bundle",
"type": "object"
}
UpgradeBundleInfo (type)
{
"additionalProperties": false,
"description": "Information about the upgrade bundle",
"id": "UpgradeBundleInfo",
"module_id": "Upgrade",
"properties": {
"bundle_size": {
"readonly": true,
"required": false,
"title": "size of upgrade bundle",
"type": "string"
},
"url": {
"description": "URL for uploading upgrade bundle",
"readonly": true,
"required": false,
"title": "URL of the upgrade bundle",
"type": "string"
}
},
"title": "Information about upgrade bundle",
"type": "object"
}
UpgradeBundleStatus (type)
{
"id": "UpgradeBundleStatus",
"module_id": "Upgrade",
"properties": {
"error_messages": {
"description": "List of failure messages.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of failure messages",
"type": "array"
},
"operation": {
"description": "Current running operation",
"enum": [
"UPLOAD",
"INSTALL"
],
"readonly": true,
"required": false,
"title": "Current operation",
"type": "string"
},
"percentage": {
"description": "Progress percentage of the Upgrade Bundle Operations",
"readonly": true,
"required": false,
"title": "Progress percentage of the Upgrade Bundle Operations",
"type": "int"
},
"progress_messages": {
"description": "List of progress messages.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Progress messages",
"type": "array"
},
"status": {
"description": "State of Upgrade Bundle",
"enum": [
"NOT_STARTED",
"IN_PROGRESS",
"SUCCESS",
"FAILED"
],
"readonly": true,
"required": false,
"title": "State of Upgrade Bundle",
"type": "string"
},
"step": {
"description": "Current state of UC upgrade",
"enum": [
"START_UPLOAD_BUNDLE",
"UPLOAD_BUNDLE",
"EXTRACT_OUTER_BUNDLE",
"VERIFY",
"CHECK_COMPATIBILITY",
"MOVE_BUNDLE",
"CLEAN",
"UPLOAD_CANCELLED",
"UPLOAD_COMPLETE",
"START_UC_UPGRADE",
"EXTRACT",
"LOAD_METADATA",
"RESTART",
"REPO_SYNC",
"UPGRADE_OTHER_NODES",
"UPGRADE_COMPLETE",
"UNKNOWN"
],
"readonly": true,
"required": false,
"title": "current step in the process.",
"type": "string"
},
"upgradeBundleType": {
"description": "Type of upgrade bundle uploaded. \\n MUB type represents upgrade bundle,\\n PUB type represents pre-check bundle, \\n UNKNOWN type represents the default type, \\n COMPATIBILITY_MATRIX type represents the compatibility bundle.",
"enum": [
"MUB",
"PUB",
"COMPATIBILITY_MATRIX",
"UNKNOWN"
],
"readonly": true,
"required": false,
"title": "Type of upgrade bundle",
"type": "string"
}
},
"type": "object"
}
UpgradeBundleStatusQueryParameters (type)
{
"id": "UpgradeBundleStatusQueryParameters",
"module_id": "Upgrade",
"properties": {
"operation": {
"description": "Target operation",
"enum": [
"UPLOAD",
"INSTALL"
],
"readonly": true,
"required": false,
"title": "Target operation",
"type": "string"
}
},
"type": "object"
}
UpgradeBundleUploadParameters (type)
{
"additionalProperties": false,
"description": "Upload request Parameters of upgrade bundle",
"id": "UpgradeBundleUploadParameters",
"module_id": "Upgrade",
"properties": {
"install": {
"description": "URL for uploading upgrade bundle",
"readonly": false,
"required": false,
"title": "Hint to install the bundle after upload.",
"type": "boolean"
}
},
"title": "Parameters for uploading upgrade bundle",
"type": "object"
}
UpgradeBundleUploadStatus (type)
{
"additionalProperties": false,
"description": "Upload status of upgrade bundle uploaded from url",
"id": "UpgradeBundleUploadStatus",
"module_id": "Upgrade",
"properties": {
"detailed_status": {
"description": "Detailed status of upgrade bundle upload",
"readonly": true,
"required": false,
"title": "Detailed status of bundle upload",
"type": "string"
},
"percent": {
"description": "Percent of bundle uploaded from URL",
"readonly": true,
"required": false,
"title": "Percent of upload completed",
"type": "number"
},
"status": {
"description": "Current status of upgrade bundle upload",
"enum": [
"UPLOADING",
"VERIFYING",
"SUCCESS",
"FAILED"
],
"readonly": true,
"required": false,
"title": "Status of upgrade bundle upload",
"type": "string"
},
"upgradeBundleType": {
"description": "Type of upgrade bundle uploaded. \\n MUB type represents upgrade bundle,\\n PUB type represents pre-check bundle, \\n UNKNOWN type represents the default type, \\n COMPATIBILITY_MATRIX type represents the compatibility bundle.",
"enum": [
"MUB",
"PUB",
"COMPATIBILITY_MATRIX",
"UNKNOWN"
],
"readonly": true,
"required": false,
"title": "Type of upgrade bundle",
"type": "string"
},
"url": {
"description": "URL for uploading upgrade bundle",
"readonly": true,
"required": false,
"title": "URL from which the bundle was uploaded",
"type": "string"
}
},
"title": "Upload status of upgrade bundle",
"type": "object"
}
UpgradeCheck (type)
{
"additionalProperties": false,
"description": "Check to identify potential pre/post-upgrade issues",
"id": "UpgradeCheck",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": true,
"title": "Component type",
"type": "string"
},
"display_name": {
"readonly": false,
"required": false,
"title": "Name of the pre/post-upgrade check",
"type": "string"
},
"failure_messages": {
"deprecated": true,
"description": "List of failure messages. This field is deprecated now. Please use failures instead.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of failure messages",
"type": "array"
},
"failures": {
"items": {
"$ref": "UpgradeCheckFailureMessage
},
"readonly": true,
"required": false,
"title": "List of failures",
"type": "array"
},
"status": {
"enum": [
"SUCCESS",
"FAILURE",
"WARNING"
],
"readonly": true,
"required": true,
"title": "Status of pre/post-upgrade check",
"type": "string"
}
},
"title": "Pre/post-upgrade check",
"type": "object"
}
UpgradeCheckCsvListResult (type)
{
"extends": {
"$ref": "CsvListResult
},
"id": "UpgradeCheckCsvListResult",
"module_id": "Upgrade",
"properties": {
"file_name": {
"description": "File name set by HTTP server if API returns CSV result as a file.",
"required": false,
"title": "File name",
"type": "string"
},
"results": {
"items": {
"$ref": "UpgradeCheckCsvRecord
},
"required": false,
"type": "array"
}
},
"type": "object"
}
UpgradeCheckCsvRecord (type)
{
"additionalProperties": false,
"description": "CSV record for a pre/post-upgrade check",
"extends": {
"$ref": "CsvRecord
},
"id": "UpgradeCheckCsvRecord",
"module_id": "Upgrade",
"properties": {
"check_description": {
"description": "Description of the pre/post-upgrade check",
"readonly": false,
"required": false,
"title": "Description of the upgrade check",
"type": "string"
},
"check_name": {
"description": "Display name of the pre/post-upgrade check",
"readonly": false,
"required": true,
"title": "Name of the upgrade check",
"type": "string"
},
"failure_messages": {
"description": "Space-separated list of failure messages",
"readonly": true,
"required": false,
"title": "Failure messages",
"type": "string"
},
"status": {
"description": "Status of the pre/post-upgrade check",
"enum": [
"SUCCESS",
"FAILURE",
"WARNING"
],
"readonly": true,
"required": true,
"title": "Status of the upgrade check",
"type": "string"
},
"upgrade_unit_id": {
"description": "Identifier of the upgrade unit",
"readonly": true,
"required": true,
"title": "UUID of the upgrade unit",
"type": "string"
},
"upgrade_unit_metadata": {
"description": "Meta-data of the upgrade-unit",
"readonly": true,
"required": false,
"title": "Meta-data of the upgrade-unit",
"type": "string"
},
"upgrade_unit_type": {
"description": "Component type of the upgrade unit",
"readonly": false,
"required": true,
"title": "Component type",
"type": "string"
}
},
"title": "CSV record for an upgrade-check",
"type": "object"
}
UpgradeCheckFailure (type)
{
"additionalProperties": false,
"description": "Pre/post-upgrade check failure",
"id": "UpgradeCheckFailure",
"module_id": "Upgrade",
"properties": {
"acked": {
"description": "Flag which tells if the precheck is acknowledged",
"readonly": true,
"required": false,
"title": "Flag which tells if the precheck is acknowledged",
"type": "boolean"
},
"component_type": {
"description": "Component type of the origin of failure",
"readonly": true,
"required": true,
"title": "Component type",
"type": "string"
},
"group_name": {
"description": "Name of the upgrade group of the origin of failure. Only applicable when origin_type is UPGRADE_UNIT.",
"readonly": false,
"required": false,
"title": "Name of upgrade group",
"type": "string"
},
"id": {
"description": "Precheckid of the pre upgrade check",
"readonly": true,
"required": false,
"title": "precheck id of the check",
"type": "string"
},
"message": {
"$ref": "UpgradeCheckFailureMessage,
"description": "Pre/post-upgrade check failure message",
"readonly": true,
"required": true,
"title": "Upgrade check failure message"
},
"needs_ack": {
"description": "Flag which identifies if acknowledgement is required for the precheck",
"readonly": true,
"required": false,
"title": "Flag which identifies if acknowledgement is required for the precheck",
"type": "boolean"
},
"needs_resolve": {
"description": "Flag which identifies if resolution is required for the precheck",
"readonly": true,
"required": false,
"title": "Flag which identifies if resolution is required for the precheck",
"type": "boolean"
},
"origin_id": {
"description": "Unique id of origin of pre/post-upgrade check failure",
"readonly": true,
"required": true,
"title": "Unique id of origin of failure",
"type": "string"
},
"origin_name": {
"description": "Name of origin of pre/post-upgrade check failure",
"readonly": true,
"required": true,
"title": "Name of origin of failure",
"type": "string"
},
"origin_type": {
"description": "Type of origin of pre/post-upgrade check failure",
"enum": [
"COMPONENT",
"UPGRADE_UNIT"
],
"readonly": true,
"required": true,
"title": "Type of origin of failure",
"type": "string"
},
"resolution_error": {
"description": "Error occured while resolving precheck",
"readonly": true,
"required": false,
"title": "Error occured while resolving",
"type": "string"
},
"resolution_status": {
"description": "Type of resolution status of precheck",
"enum": [
"UNRESOLVED",
"RESOLVING",
"RESOLVED",
"FAILURE"
],
"readonly": true,
"required": false,
"title": "Type of Resolution status",
"type": "string"
},
"type": {
"description": "Type of the pre/post-upgrade check failure",
"enum": [
"FAILURE",
"WARNING"
],
"readonly": true,
"required": true,
"title": "Type of failure",
"type": "string"
}
},
"title": "Upgrade check failure",
"type": "object"
}
UpgradeCheckFailureListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeCheckFailureListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"description": "Component type on which upgrade check failures are to be filtered",
"readonly": false,
"required": false,
"title": "Component type",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"filter_text": {
"description": "Text to filter the results on. The filter text is matched with origin name and failure message. String matching for the filter is case-insensitive.",
"readonly": false,
"required": false,
"title": "Filter text",
"type": "string"
},
"group_id": {
"description": "Group id for filter to be applied.",
"readonly": false,
"required": false,
"title": "Filter on the group id",
"type": "string"
},
"group_name": {
"description": "Group name for filter to be applied.",
"readonly": false,
"required": false,
"title": "Filter on the group name",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"needs_ack": {
"description": "Filter based on if acknowledgement is required.",
"readonly": false,
"required": false,
"title": "Filter based on acknowledgement required",
"type": "boolean"
},
"origin_type": {
"description": "Type of origin of pre/post-upgrade check failure",
"enum": [
"COMPONENT",
"UPGRADE_UNIT"
],
"readonly": false,
"required": false,
"title": "Type of origin of failure",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"type": {
"description": "Status of the pre/post-upgrade check to filter the results on",
"enum": [
"FAILURE",
"WARNING"
],
"readonly": false,
"required": false,
"title": "Status of the upgrade check",
"type": "string"
},
"unit_id": {
"description": "Unit id for filter to be applied.",
"readonly": false,
"required": false,
"title": "Filter on the unit id",
"type": "string"
},
"unit_name": {
"description": "Unit name for filter to be applied.",
"readonly": false,
"required": false,
"title": "Filter on the unit name",
"type": "string"
}
},
"type": "object"
}
UpgradeCheckFailureListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeCheckFailureListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeCheckFailure
},
"required": true,
"title": "Collection of pre/post-upgrade check failures",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeCheckFailureMessage (type)
{
"description": "Pre/post-upgrade check failure message",
"id": "UpgradeCheckFailureMessage",
"module_id": "Upgrade",
"properties": {
"error_code": {
"description": "Error code for the error/warning",
"readonly": true,
"required": true,
"title": "Error code",
"type": "integer"
},
"message": {
"description": "Error/warning message",
"readonly": true,
"required": true,
"title": "Error/warning message",
"type": "string"
}
},
"title": "Upgrade check failure message",
"type": "object"
}
UpgradeCheckInfo (type)
{
"additionalProperties": false,
"description": "Meta-data of a pre/post-upgrade check",
"id": "UpgradeCheckInfo",
"module_id": "Upgrade",
"properties": {
"component_type": {
"description": "Component type of the pre/post-upgrade check",
"readonly": false,
"required": true,
"title": "Component type",
"type": "string"
},
"description": {
"description": "Description of the pre/post-upgrade check",
"readonly": true,
"required": false,
"title": "Description",
"type": "string"
},
"id": {
"description": "Unique identifier of the pre/post-upgrade check",
"readonly": true,
"required": false,
"title": "Unique identifier of the upgrade check",
"type": "string"
},
"name": {
"description": "Display name of the pre/post-upgrade check",
"readonly": true,
"required": true,
"title": "Name of the upgrade check",
"type": "string"
}
},
"title": "Meta-data of a pre/post-upgrade check",
"type": "object"
}
UpgradeCheckInfoListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeCheckInfoListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": false,
"title": "Component type based on which upgrade checks are to be filtered",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeCheckListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeCheckListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"checks": {
"items": {
"$ref": "UpgradeCheck
},
"required": true,
"title": "Paged Collection of pre/post-upgrade checks",
"type": "array"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeCheckListResults (type)
{
"additionalProperties": false,
"id": "UpgradeCheckListResults",
"module_id": "Upgrade",
"properties": {
"checks_with_warnings": {
"$ref": "UpgradeCheckListResult,
"readonly": true,
"required": false
},
"failed_checks": {
"$ref": "UpgradeCheckListResult,
"readonly": true,
"required": false
},
"successful_checks": {
"$ref": "UpgradeCheckListResult,
"readonly": true,
"required": false
}
},
"type": "object"
}
UpgradeCheckSuccess (type)
{
"additionalProperties": false,
"description": "Pre/post-upgrade check success",
"id": "UpgradeCheckSuccess",
"module_id": "Upgrade",
"properties": {
"acked": {
"description": "Flag which tells if the precheck is acknowledged",
"readonly": true,
"required": false,
"title": "Flag which tells if the precheck is acknowledged",
"type": "boolean"
},
"component_type": {
"description": "Component type of the origin of success",
"readonly": true,
"required": true,
"title": "Component type",
"type": "string"
},
"group_name": {
"description": "Name of the upgrade group of the origin of success. Only applicable when origin_type is UPGRADE_UNIT.",
"readonly": false,
"required": false,
"title": "Name of upgrade group",
"type": "string"
},
"id": {
"description": "Precheck id of the upgrade check",
"readonly": true,
"required": false,
"title": "Precheck id of the check",
"type": "string"
},
"message": {
"$ref": "UpgradeCheckSuccessMessage,
"description": "Pre/post-upgrade check failure message",
"readonly": true,
"required": true,
"title": "Upgrade check failure message"
},
"needs_ack": {
"description": "Flag which identifies if acknowledgement is required for the precheck",
"readonly": true,
"required": false,
"title": "Flag which identifies if acknowledgement is required for the precheck",
"type": "boolean"
},
"needs_resolve": {
"description": "Flag which identifies if resolution is required for the precheck",
"readonly": true,
"required": false,
"title": "Flag which identifies if resolution is required for the precheck",
"type": "boolean"
},
"origin_id": {
"description": "Unique id of origin of pre/post-upgrade check success",
"readonly": true,
"required": true,
"title": "Unique id of origin of sucess",
"type": "string"
},
"origin_name": {
"description": "Name of origin of pre/post-upgrade check success",
"readonly": true,
"required": true,
"title": "Name of origin of success",
"type": "string"
},
"origin_type": {
"description": "Type of origin of pre/post-upgrade check success",
"enum": [
"COMPONENT",
"UPGRADE_UNIT"
],
"readonly": true,
"required": true,
"title": "Type of origin of success",
"type": "string"
},
"resolution_error": {
"description": "Error occured while resolving precheck",
"readonly": true,
"required": false,
"title": "Error occured while resolving",
"type": "string"
},
"resolution_status": {
"description": "Type of resolution status of precheck",
"enum": [
"UNRESOLVED",
"RESOLVING",
"RESOLVED",
"FAILURE"
],
"readonly": true,
"required": false,
"title": "Type of Resolution status",
"type": "string"
},
"type": {
"description": "Type of the pre/post-upgrade check success",
"enum": [
"SUCCESS"
],
"readonly": true,
"required": true,
"title": "Type of success",
"type": "string"
}
},
"title": "Upgrade check success",
"type": "object"
}
UpgradeCheckSuccessListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeCheckSuccessListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"description": "Component type on which upgrade check successes are to be filtered",
"readonly": false,
"required": false,
"title": "Component type",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"filter_text": {
"description": "Text to filter the results on. The filter text is matched with origin name and success message. String matching for the filter is case-insensitive.",
"readonly": false,
"required": false,
"title": "Filter text",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"origin_type": {
"description": "Type of origin of pre/post-upgrade check success",
"enum": [
"COMPONENT",
"UPGRADE_UNIT"
],
"readonly": false,
"required": false,
"title": "Type of origin of success",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"type": {
"description": "Status of the pre/post-upgrade check to filter the results on",
"enum": [
"SUCCESS"
],
"readonly": false,
"required": false,
"title": "Status of the upgrade check",
"type": "string"
}
},
"type": "object"
}
UpgradeCheckSuccessListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeCheckSuccessListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeCheckSuccess
},
"required": true,
"title": "Collection of pre/post-upgrade check success",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeCheckSuccessMessage (type)
{
"description": "Pre/post-upgrade check success message",
"id": "UpgradeCheckSuccessMessage",
"module_id": "Upgrade",
"properties": {
"message": {
"description": "success message",
"readonly": true,
"required": true,
"title": "success message",
"type": "string"
}
},
"title": "Upgrade check success message",
"type": "object"
}
UpgradeChecksExecutionStatus (type)
{
"additionalProperties": false,
"description": "Execution status of pre/post-upgrade checks",
"id": "UpgradeChecksExecutionStatus",
"module_id": "Upgrade",
"properties": {
"details": {
"readonly": true,
"required": false,
"title": "Details about current execution of pre/post-upgrade checks",
"type": "string"
},
"end_time": {
"$ref": "EpochMsTimestamp,
"required": false,
"title": "Time (in milliseconds since epoch) when the execution of\npre/post-upgrade checks completed\n"
},
"error_count": {
"description": "Total count of generated Failures in last execution of pre/post upgrade checks",
"readonly": true,
"required": false,
"title": "Failure count",
"type": "int"
},
"failure_count": {
"description": "Total count of generated failures or warnings in last execution of pre/post-upgrade checks",
"readonly": true,
"required": false,
"title": "Failure count",
"type": "int"
},
"node_with_issues_count": {
"deprecated": true,
"description": "Number of nodes which generated failures or warnings in last execution of pre/post-upgrade checks. This field has been deprecated. Please use failure_count instead.",
"readonly": true,
"required": false,
"title": "Number of nodes with failures/warnings",
"type": "int"
},
"start_time": {
"$ref": "EpochMsTimestamp,
"required": false,
"title": "Time (in milliseconds since epoch) when the execution of\npre/post-upgrade checks started\n"
},
"status": {
"enum": [
"NOT_STARTED",
"IN_PROGRESS",
"ABORTING",
"ABORTED",
"COMPLETED"
],
"readonly": true,
"required": true,
"title": "Status of execution of pre/post-upgrade checks",
"type": "string"
},
"warning_count": {
"description": "Total count of generated warnings in last execution of pre/post upgrade checks.",
"readonly": true,
"required": false,
"title": "Warning count",
"type": "int"
}
},
"title": "Execution status of pre/post-upgrade checks",
"type": "object"
}
UpgradeComponentType (type)
{
"additionalProperties": false,
"id": "UpgradeComponentType",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": true,
"required": false,
"title": "Type of the component",
"type": "string"
}
},
"type": "object"
}
UpgradeHistory (type)
{
"additionalProperties": false,
"id": "UpgradeHistory",
"module_id": "UpgradeTypes",
"properties": {
"initial_version": {
"description": "Version before the upgrade started",
"required": true,
"title": "Initial Version",
"type": "string"
},
"target_version": {
"description": "Version being upgraded to",
"required": true,
"title": "Target Version",
"type": "string"
},
"timestamp": {
"$ref": "EpochMsTimestamp,
"required": true,
"title": "Timestamp (in milliseconds since epoch) when the upgrade was performed"
},
"upgrade_status": {
"enum": [
"STARTED",
"SUCCESS",
"FAILED"
],
"required": true,
"title": "Status of the upgrade",
"type": "string"
}
},
"type": "object"
}
UpgradeHistoryList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeHistoryList",
"module_id": "UpgradeTypes",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeHistory
},
"readonly": true,
"required": false,
"title": "Upgrade history list",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradePlanResetRequest (type)
{
"additionalProperties": false,
"id": "UpgradePlanResetRequest",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": true,
"title": "Component type",
"type": "string"
}
},
"type": "object"
}
UpgradePlanSettings (type)
{
"additionalProperties": false,
"id": "UpgradePlanSettings",
"module_id": "Upgrade",
"properties": {
"parallel": {
"default": true,
"readonly": false,
"required": false,
"title": "Upgrade Method to specify whether the upgrade is to be performed serially or in parallel",
"type": "boolean"
},
"pause_after_each_group": {
"default": false,
"readonly": false,
"required": false,
"title": "Flag to indicate whether to pause the upgrade after upgrade of each group is completed",
"type": "boolean"
},
"pause_on_error": {
"default": false,
"readonly": false,
"required": false,
"title": "Flag to indicate whether to pause the upgrade plan execution when an error occurs",
"type": "boolean"
}
},
"type": "object"
}
UpgradeProgressStatus (type)
{
"id": "UpgradeProgressStatus",
"properties": {
"last_upgrade_step_status": {
"title": "Status of last upgrade step",
"type": "object"
},
"upgrade_bundle_present": {
"title": "True if upgrade bundle is present",
"type": "boolean"
},
"upgrade_metadata": {
"title": "Meta info of upgrade",
"type": "object"
}
},
"title": "Upgrade progress status",
"type": "object"
}
UpgradeResourceFilter (type)
{
"additionalProperties": false,
"id": "UpgradeResourceFilter",
"module_id": "Upgrade",
"properties": {
"field_name": {
"description": "Resource type. It is mandatory field.",
"enum": [
"id",
"name",
"enabled",
"mode",
"status",
"ip",
"host-os",
"host-os-version",
"version",
"vlcm-sah"
],
"readonly": false,
"required": true,
"title": "Resource type",
"type": "string"
},
"values": {
"description": "Values to be searched. For searching exact string use simple string e.g. Cluster-1 , for wildcard , use *Cluster*1*. This values are Or'ed while filtering i.e. if resource matches any of the value in array (case-insensitive) then it will be returned.",
"items": {
"type": "string"
},
"readonly": false,
"required": true,
"title": "array of exact value / wildcard patterns to be searched",
"type": "array"
}
},
"type": "object"
}
UpgradeResourceFilters (type)
{
"additionalProperties": false,
"id": "UpgradeResourceFilters",
"module_id": "Upgrade",
"properties": {
"filters": {
"description": "filter query",
"items": {
"$ref": "UpgradeResourceFilter
},
"readonly": false,
"required": true,
"title": "filter query",
"type": "array"
},
"resource_type": {
"description": "Resource type. It is mandatory field. The valid values are \"\"",
"enum": [
"UPGRADE_GROUP",
"UPGRADE_UNIT"
],
"readonly": false,
"required": true,
"title": "Resource type",
"type": "string"
}
},
"type": "object"
}
UpgradeResourcesFilterListRequestParameters (type)
{
"additionalProperties": false,
"id": "UpgradeResourcesFilterListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"description": "The component_type the resource belongs to. This is mandatory parameter.",
"readonly": false,
"required": true,
"title": "Component type",
"type": "string"
},
"query": {
"description": "Upgrade Resource filters",
"items": {
"$ref": "UpgradeResourceFilters
},
"readonly": true,
"required": false,
"title": "Upgrade Resource filters",
"type": "array"
},
"sync": {
"default": false,
"description": "If the flag is true , sync operation will be performed before executing the request. If flag is false ,sync is skipped. Please note, sync operation is sometimes expensive and will increase the response time. Any error occurred during sync is ignored.",
"readonly": false,
"required": false,
"title": "Hint to whether perform sync before operation or not",
"type": "boolean"
}
},
"type": "object"
}
UpgradeStatus (type)
{
"additionalProperties": false,
"id": "UpgradeStatus",
"module_id": "Upgrade",
"properties": {
"ccp_status": {
"$ref": "CCPUpgradeStatus,
"readonly": true,
"required": false,
"title": "CCP upgrade status"
},
"component_status": {
"items": {
"$ref": "ComponentUpgradeStatus
},
"readonly": true,
"required": true,
"title": "List of component statuses",
"type": "array"
},
"edge_status": {
"$ref": "EdgeUpgradeStatus,
"readonly": true,
"required": false,
"title": "Edge upgrade status"
},
"host_status": {
"$ref": "HostUpgradeStatus,
"readonly": true,
"required": false,
"title": "Host upgrade status"
},
"overall_upgrade_status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Status of upgrade",
"type": "string"
}
},
"type": "object"
}
UpgradeStatusSummary (type)
{
"id": "UpgradeStatusSummary",
"properties": {
"upgrade_bundle_present": {
"title": "True if upgrade bundle is present",
"type": "boolean"
},
"upgrade_metadata": {
"title": "Meta info of upgrade",
"type": "object"
},
"upgrade_steps": {
"items": {
"type": "object"
},
"title": "List of all upgrade steps performed",
"type": "array"
}
},
"title": "Upgrade status summry",
"type": "object"
}
UpgradeSummary (type)
{
"additionalProperties": false,
"id": "UpgradeSummary",
"module_id": "Upgrade",
"properties": {
"component_target_versions": {
"items": {
"$ref": "ComponentTargetVersion
},
"readonly": true,
"required": false,
"type": "array"
},
"pre_upgrade_bundle_version": {
"readonly": true,
"required": true,
"title": "Current version of pre-upgrade bundle",
"type": "string"
},
"system_version": {
"readonly": true,
"required": true,
"title": "Current system version",
"type": "string"
},
"target_version": {
"readonly": true,
"required": true,
"title": "Target system version",
"type": "string"
},
"upgrade_bundle_file_name": {
"readonly": true,
"required": false,
"title": "Name of the last successfully uploaded upgrade bundle file",
"type": "string"
},
"upgrade_coordinator_updated": {
"readonly": true,
"required": false,
"title": "Has upgrade coordinator been updated after upload of upgrade bundle file",
"type": "boolean"
},
"upgrade_coordinator_version": {
"readonly": true,
"required": true,
"title": "Current version of upgrade coordinator",
"type": "string"
},
"upgrade_status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Status of upgrade",
"type": "string"
}
},
"type": "object"
}
UpgradeTaskActionParameters (type)
{
"id": "UpgradeTaskActionParameters",
"properties": {
"action": {
"description": "The upgrade task to perform.",
"pattern": "^[^/]+$",
"title": "Upgrade task",
"type": "string"
}
},
"type": "object"
}
UpgradeTaskProperties (type)
{
"additionalProperties": false,
"id": "UpgradeTaskProperties",
"properties": {
"bundle_name": {
"required": true,
"title": "Name of Bundle",
"type": "string"
},
"parameters": {
"readonly": true,
"required": false,
"title": "Bundle arguments",
"type": "object"
},
"step": {
"required": false,
"title": "Step name",
"type": "string"
}
},
"title": "Task properties",
"type": "object"
}
UpgradeTaskStatusQueryParameters (type)
{
"id": "UpgradeTaskStatusQueryParameters",
"properties": {
"bundle_name": {
"description": "Provide a bundle name",
"pattern": "^[a-zA-Z0-9-.]+$",
"title": "Bundle Name",
"type": "string"
},
"upgrade_task_id": {
"description": "Provide a task id",
"pattern": "^[a-z0-9-]+$",
"title": "Upgrade Task ID",
"type": "string"
}
},
"type": "object"
}
UpgradeUIPreferences (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "UpgradeUIPreferences",
"module_id": "Upgrade",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"preferences": {
"description": "Hints for the upgrade UI.",
"items": {
"$ref": "KeyValuePair
},
"readonly": true,
"required": false,
"title": "Hints for UI in key-value format.",
"type": "array"
},
"product": {
"description": "The preferences specified in 'preferences' sections is only applicable for the product name specified here. This hints are only for UI and are product specific. The keys are contract between UI and backend.",
"readonly": true,
"required": false,
"title": "Product name",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
UpgradeUnit (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "UpgradeUnit",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"current_version": {
"description": "This is component version e.g. if upgrade unit is of type edge, then this is edge version.",
"readonly": true,
"required": false,
"title": "Current version of upgrade unit",
"type": "string"
},
"display_name": {
"readonly": false,
"required": false,
"title": "Name of the upgrade unit",
"type": "string"
},
"group": {
"$ref": "UpgradeUnitGroupInfo,
"readonly": true,
"required": false,
"title": "Info of the group to which this upgrade unit belongs"
},
"id": {
"description": "Identifier of the upgrade unit",
"readonly": true,
"required": true,
"title": "UUID of the upgrade unit",
"type": "string"
},
"metadata": {
"items": {
"$ref": "KeyValuePair
},
"readonly": true,
"required": false,
"title": "Metadata about upgrade unit",
"type": "array"
},
"type": {
"readonly": false,
"required": false,
"title": "Upgrade unit type",
"type": "string"
},
"warnings": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of warnings indicating issues with the upgrade unit that may result in upgrade failure",
"type": "array"
}
},
"type": "object"
}
UpgradeUnitAggregateInfo (type)
{
"additionalProperties": false,
"extends": {
"$ref": "Resource
},
"id": "UpgradeUnitAggregateInfo",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"current_version": {
"description": "This is component version e.g. if upgrade unit is of type edge, then this is edge version.",
"readonly": true,
"required": false,
"title": "Current version of upgrade unit",
"type": "string"
},
"display_name": {
"readonly": false,
"required": false,
"title": "Name of the upgrade unit",
"type": "string"
},
"error_details": {
"items": {
"$ref": "ErrorClass
},
"readonly": true,
"required": false,
"title": "List of detailed errors with error code that occurred during upgrade of this upgrade unit",
"type": "array"
},
"errors": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of errors occurred during upgrade of this upgrade unit",
"type": "array"
},
"group": {
"$ref": "UpgradeUnitGroupInfo,
"readonly": true,
"required": false,
"title": "Info of the group to which this upgrade unit belongs"
},
"id": {
"description": "Identifier of the upgrade unit",
"readonly": true,
"required": true,
"title": "Identifier of the upgrade unit",
"type": "string"
},
"metadata": {
"items": {
"$ref": "KeyValuePair
},
"readonly": true,
"required": false,
"title": "Metadata about upgrade unit",
"type": "array"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"post_check_status": {
"enum": [
"NOT_STARTED",
"IN_PROGRESS",
"COMPLETED"
],
"readonly": true,
"required": false,
"title": "Status of upgrade unit",
"type": "string"
},
"post_upgrade_checks": {
"$ref": "UpgradeCheckListResults,
"readonly": true,
"required": false
},
"pre_upgrade_checks": {
"$ref": "UpgradeCheckListResults,
"readonly": true,
"required": false
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Status of upgrade unit",
"type": "string"
},
"type": {
"readonly": false,
"required": false,
"title": "Upgrade unit type",
"type": "string"
},
"warnings": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of warnings indicating issues with the upgrade unit that may result in upgrade failure",
"type": "array"
}
},
"type": "object"
}
UpgradeUnitAggregateInfoListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeUnitAggregateInfoListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": false,
"title": "Component type based on which upgrade units to be filtered",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"group_id": {
"readonly": false,
"required": false,
"title": "Identifier of group based on which upgrade units to be filtered",
"type": "string"
},
"has_errors": {
"default": false,
"readonly": false,
"required": false,
"title": "Flag to indicate whether to return only upgrade units with errors",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"metadata": {
"readonly": false,
"required": false,
"title": "Metadata about upgrade unit to filter on",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"selection_status": {
"default": "ALL",
"enum": [
"SELECTED",
"DESELECTED",
"ALL"
],
"required": false,
"title": "Flag to indicate whether to return only selected, only deselected or both type of upgrade units",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"upgrade_unit_display_name": {
"description": "Display name of upgrade unit to filter the results on. String matching for the filter is case-insensitive.",
"readonly": false,
"required": false,
"title": "Display name of upgrade unit",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitAggregateInfoListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeUnitAggregateInfoListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeUnitAggregateInfo
},
"readonly": true,
"required": true,
"title": "Paged collection of UpgradeUnit AggregateInfo",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitFilterListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeUnitFilterListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": true,
"title": "Component type based on which upgrade units to be filtered",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"group_id": {
"readonly": false,
"required": false,
"title": "Identifier of group based on which upgrade units to be filtered",
"type": "string"
},
"group_name": {
"readonly": false,
"required": false,
"title": "Group name to be filtered",
"type": "string"
},
"hypervisor": {
"readonly": false,
"required": false,
"title": "Hypervisor to be filtered for the upgrade unit",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"status": {
"readonly": false,
"required": false,
"title": "Status of the upgrade unit to filtered",
"type": "string"
},
"unit_ip": {
"readonly": false,
"required": false,
"title": "IP of the upgrade unit to be filtered",
"type": "string"
},
"unit_name": {
"readonly": false,
"required": false,
"title": "Unit name to be filtered for the group",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitGroup (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "UpgradeUnitGroup",
"module_id": "Upgrade",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"readonly": false,
"required": false,
"title": "Flag to indicate whether upgrade of this group is enabled or not",
"type": "boolean"
},
"extended_configuration": {
"description": "Extended configuration for the group. Following extended_configuration is supported: Key: upgrade_mode Supported values: maintenance_mode, in_place, stage_in_vlcm Key: maintenance_mode_config_vsan_mode Supported values: evacuate_all_data, ensure_object_accessibility, no_action Key: maintenance_mode_config_evacuate_powered_off_vms Supported values: true, false Key: rebootless_upgrade Supported values: true, false",
"items": {
"$ref": "KeyValuePair
},
"maxItems": 100,
"readonly": false,
"required": false,
"title": "Extended configuration for the group",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"parallel": {
"default": true,
"readonly": false,
"required": false,
"title": "Upgrade method to specify whether the upgrade is to be performed in parallel or serially",
"type": "boolean"
},
"pause_after_each_upgrade_unit": {
"default": false,
"readonly": false,
"required": false,
"title": "Flag to indicate whether upgrade should be paused after upgrade of each upgrade-unit",
"type": "boolean"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"type": {
"readonly": false,
"required": true,
"title": "Component type",
"type": "string"
},
"upgrade_unit_count": {
"description": "Number of upgrade units in the group",
"readonly": true,
"required": false,
"title": "Count of upgrade units in the group",
"type": "int"
},
"upgrade_units": {
"items": {
"$ref": "UpgradeUnit
},
"maxItems": 512,
"readonly": false,
"required": false,
"title": "List of upgrade units in the group",
"type": "array"
}
},
"type": "object"
}
UpgradeUnitGroupAggregateInfo (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "UpgradeUnitGroupAggregateInfo",
"module_id": "Upgrade",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"enabled": {
"default": true,
"readonly": false,
"required": false,
"title": "Flag to indicate whether upgrade of this group is enabled or not",
"type": "boolean"
},
"extended_configuration": {
"items": {
"$ref": "KeyValuePair
},
"maxItems": 100,
"readonly": false,
"required": false,
"title": "Extended configuration for the group",
"type": "array"
},
"failed_count": {
"readonly": true,
"required": false,
"title": "Number of nodes in the upgrade unit group that failed upgrade",
"type": "int"
},
"group_level_failure": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "Reports failures that occured at the group or cluster level.",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"parallel": {
"default": true,
"readonly": false,
"required": false,
"title": "Upgrade method to specify whether the upgrade is to be performed in parallel or serially",
"type": "boolean"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"post_upgrade_status": {
"$ref": "UpgradeChecksExecutionStatus,
"readonly": true,
"required": false,
"title": "Post-upgrade status of group"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Upgrade status of upgrade unit group",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"type": {
"readonly": false,
"required": true,
"title": "Component type",
"type": "string"
},
"upgrade_unit_count": {
"description": "Number of upgrade units in the group",
"readonly": true,
"required": false,
"title": "Count of upgrade units in the group",
"type": "int"
},
"upgrade_units": {
"items": {
"$ref": "UpgradeUnit
},
"maxItems": 512,
"readonly": false,
"required": false,
"title": "List of upgrade units in the group",
"type": "array"
}
},
"type": "object"
}
UpgradeUnitGroupAggregateInfoListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeUnitGroupAggregateInfoListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeUnitGroupAggregateInfo
},
"readonly": true,
"required": true,
"title": "Paged collection of upgrade status for upgrade unit groups",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitGroupFilterListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeUnitGroupFilterListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": true,
"title": "Component type based on which upgrade unit groups to be filtered",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enabled": {
"readonly": false,
"required": false,
"title": "Status of the group to apply filter",
"type": "string"
},
"group_id": {
"readonly": false,
"required": false,
"title": "Identifier of group based on which upgrade unit groups to be filtered",
"type": "string"
},
"group_name": {
"readonly": false,
"required": false,
"title": "Group name to be filtered",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"status": {
"readonly": false,
"required": false,
"title": "Status of the group to apply filter",
"type": "string"
},
"unit_ip": {
"readonly": false,
"required": false,
"title": "IP of upgrade units to be filtered",
"type": "string"
},
"unit_name": {
"readonly": false,
"required": false,
"title": "Unit name to be filtered for the group",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitGroupInfo (type)
{
"additionalProperties": false,
"id": "UpgradeUnitGroupInfo",
"module_id": "Upgrade",
"properties": {
"display_name": {
"readonly": true,
"required": true,
"title": "Name of the group",
"type": "string"
},
"id": {
"description": "Identifier of group",
"readonly": true,
"required": true,
"title": "UUID of group",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitGroupListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeUnitGroupListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": false,
"title": "Component type based on which upgrade unit groups to be filtered",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"summary": {
"default": false,
"readonly": false,
"required": false,
"title": "Flag indicating whether to return summary",
"type": "boolean"
},
"sync": {
"default": false,
"description": "If true, synchronize with the management plane before returning upgrade unit groups",
"required": false,
"title": "Synchronize before returning upgrade unit groups",
"type": "boolean"
}
},
"type": "object"
}
UpgradeUnitGroupListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeUnitGroupListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeUnitGroup
},
"required": true,
"title": "Paged Collection of Upgrade unit groups",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitGroupStatus (type)
{
"additionalProperties": false,
"id": "UpgradeUnitGroupStatus",
"module_id": "Upgrade",
"properties": {
"failed_count": {
"readonly": true,
"required": false,
"title": "Number of nodes in the upgrade unit group that failed upgrade",
"type": "int"
},
"group_id": {
"description": "Identifier for upgrade unit group",
"readonly": true,
"required": true,
"title": "UUID of upgrade unit group",
"type": "string"
},
"group_name": {
"description": "Name of the upgrade unit group",
"readonly": true,
"required": true,
"title": "Upgrade unit group Name",
"type": "string"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Upgrade status of upgrade unit group",
"type": "string"
},
"upgrade_unit_count": {
"readonly": true,
"required": true,
"title": "Number of upgrade units in the group",
"type": "int"
}
},
"type": "object"
}
UpgradeUnitGroupStatusListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeUnitGroupStatusListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeUnitGroupStatus
},
"readonly": true,
"required": true,
"title": "Paged collection of upgrade status for upgrade unit groups",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitList (type)
{
"additionalProperties": false,
"id": "UpgradeUnitList",
"module_id": "Upgrade",
"properties": {
"list": {
"items": {
"$ref": "UpgradeUnit
},
"required": true,
"title": "Collection of Upgrade units",
"type": "array"
}
},
"type": "object"
}
UpgradeUnitListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeUnitListRequestParameters",
"module_id": "Upgrade",
"properties": {
"component_type": {
"readonly": false,
"required": false,
"title": "Component type based on which upgrade units to be filtered",
"type": "string"
},
"current_version": {
"readonly": false,
"required": false,
"title": "Current version of upgrade unit based on which upgrade units to be filtered",
"type": "string"
},
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"group_id": {
"readonly": false,
"required": false,
"title": "UUID of group based on which upgrade units to be filtered",
"type": "string"
},
"has_warnings": {
"default": false,
"readonly": false,
"required": false,
"title": "Flag to indicate whether to return only upgrade units with warnings",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"metadata": {
"readonly": false,
"required": false,
"title": "Metadata about upgrade unit to filter on",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"upgrade_unit_type": {
"readonly": false,
"required": false,
"title": "Upgrade unit type based on which upgrade units to be filtered",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeUnitListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeUnit
},
"required": true,
"title": "Paged Collection of Upgrade units",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitStatus (type)
{
"additionalProperties": false,
"id": "UpgradeUnitStatus",
"module_id": "Upgrade",
"properties": {
"display_name": {
"readonly": true,
"required": true,
"title": "Name of upgrade unit",
"type": "string"
},
"error_details": {
"items": {
"$ref": "ErrorClass
},
"readonly": true,
"required": false,
"title": "List of detailed errors with error code that occurred during upgrade of this upgrade unit",
"type": "array"
},
"errors": {
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "List of errors occurred during upgrade of this upgrade unit",
"type": "array"
},
"id": {
"description": "Identifier of upgrade unit",
"readonly": true,
"required": true,
"title": "UUID of upgrade unit",
"type": "string"
},
"metadata": {
"items": {
"$ref": "KeyValuePair
},
"readonly": true,
"required": false,
"title": "Metadata about upgrade unit",
"type": "array"
},
"percent_complete": {
"readonly": true,
"required": true,
"title": "Indicator of upgrade progress in percentage",
"type": "number"
},
"status": {
"enum": [
"SUCCESS",
"FAILED",
"IN_PROGRESS",
"NOT_STARTED",
"PAUSING",
"PAUSED"
],
"readonly": true,
"required": true,
"title": "Status of upgrade unit",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitStatusListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeUnitStatusListResult",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeUnitStatus
},
"required": true,
"title": "Paged Collection of upgrade units status",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitTypeStats (type)
{
"additionalProperties": false,
"id": "UpgradeUnitTypeStats",
"module_id": "Upgrade",
"properties": {
"node_count": {
"readonly": true,
"required": true,
"title": "Number of nodes",
"type": "int"
},
"node_with_issues_count": {
"readonly": true,
"required": false,
"title": "Number of nodes with issues that may cause upgrade failure",
"type": "int"
},
"type": {
"readonly": true,
"required": true,
"title": "Type of upgrade unit",
"type": "string"
},
"upgrade_unit_subtype": {
"enum": [
"RESOURCE",
"ACTION"
],
"readonly": true,
"required": false,
"title": "UpgradeUnit sub type",
"type": "string"
},
"version": {
"readonly": true,
"required": true,
"title": "Version of the upgrade unit",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitTypeStatsList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "UpgradeUnitTypeStatsList",
"module_id": "Upgrade",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "UpgradeUnitTypeStats
},
"readonly": true,
"required": false,
"title": "List of upgrade unit type stats",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
UpgradeUnitsStatsRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "UpgradeUnitsStatsRequestParameters",
"module_id": "Upgrade",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"sync": {
"default": false,
"description": "If true, synchronize with the management plane before returning upgrade unit stats",
"required": false,
"title": "Synchronize before returning upgrade unit stats",
"type": "boolean"
}
},
"type": "object"
}
UploadFileRequestParameters (type)
{
"additionalProperties": false,
"description": "This holds the requests parameters required to multipart-upload a file.",
"extends": {
"$ref": "NoRestRequestParameters
},
"id": "UploadFileRequestParameters",
"module_id": "PolicyCertificate",
"properties": {
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"file": {
"required": true,
"title": "File to be uploaded",
"type": "multipart_file"
}
},
"title": "Import file request parameters",
"type": "object"
}
UploadTlsCrlRequestParameters (type)
{
"additionalProperties": false,
"description": "Holds the requests parameters required to multipart-upload a TlsCrl objecta",
"extends": {
"$ref": "UploadFileRequestParameters
},
"id": "UploadTlsCrlRequestParameters",
"module_id": "PolicyCertificate",
"properties": {
"crl_type": {
"default": "X509",
"description": "The type of the CRL. It can be \"OneCRL\" or \"X509\" (default).",
"enum": [
"OneCRL",
"X509"
],
"required": false,
"title": "Type of CRL",
"type": "string"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"file": {
"required": true,
"title": "File to be uploaded",
"type": "multipart_file"
}
},
"title": "Upload TlsCrl request parameters",
"type": "object"
}
UrlAlias (type)
{
"additionalProperties": false,
"description": "Short name or alias of a url. It is used to represent the url.",
"id": "UrlAlias",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"alias": {
"description": "Short name or alias of url, if any. If not specified, the url can be referenced by its index in the array of urls of the datasource instance as $<index> (for example, $0).",
"maxLength": 255,
"title": "Url Alias Name",
"type": "string"
},
"keystore_info": {
"$ref": "KeyStoreInfo,
"description": "Key Store information for the URLAlias.Use this property if key store information is different for each url alias.",
"title": "Key Store Info for the URLAlias"
},
"query": {
"description": "Search query to be applied, if any. If query string is not provided, it will be ignored.",
"maxLength": 1024,
"title": "Search query of the search api, if any",
"type": "string"
},
"request_body": {
"description": "A raw request body in the form json format for a given url. This request body will be submitted along with request while giving a post api call.",
"titile": "A request body object for the given url",
"type": "object"
},
"request_headers": {
"description": "A raw request header in the form json format for a given url. This request header will be submitted along with request while giving a api call.",
"titile": "A request header object for the given url",
"type": "object"
},
"request_method": {
"default": "Get",
"description": "Type of the http method (Get, Post) to be used while invoking the given url through dashboard datasource framework.",
"enum": [
"Get",
"Post"
],
"title": "Type of http method",
"type": "string"
},
"url": {
"description": "Url to fetch data from.",
"maxLength": 1024,
"required": true,
"title": "Url",
"type": "string"
}
},
"title": "Url Alias",
"type": "object"
}
UserInfo (type)
{
"id": "UserInfo",
"module_id": "AAA",
"properties": {
"roles": {
"items": {
"$ref": "NsxRole
},
"readonly": true,
"required": true,
"title": "Permissions",
"type": "array"
},
"roles_for_paths": {
"description": "The roles that are associated with the user, limiting them to a path. In case the path is null, the roles apply everywhere i.e. it is same as the deprecated property roles.",
"items": {
"$ref": "RolesForPath
},
"readonly": false,
"required": false,
"title": "Roles for Paths",
"type": "array"
},
"user_name": {
"readonly": true,
"required": true,
"title": "User Name",
"type": "string"
}
},
"title": "Authenticated User Info",
"type": "object"
}
UserRequestParameters (type)
{
"description": "Request parameters for user APIs like the /aaa/user-info/* APIs",
"id": "UserRequestParameters",
"module_id": "AAA",
"properties": {
"provide_flat_listing": {
"default": false,
"required": false,
"title": "Whether the output provides flat listing of all roles at each level or not",
"type": "boolean"
},
"root_path": {
"required": false,
"title": "Prefix path of the context",
"type": "string"
}
},
"title": "Request parameters for user APIs.",
"type": "object"
}
UsernamePasswordLoginCredential (type)
{
"additionalProperties": false,
"extends": {
"$ref": "LoginCredential
},
"id": "UsernamePasswordLoginCredential",
"module_id": "Types",
"polymorphic-type-descriptor": {
"type-identifier": "UsernamePasswordLoginCredential"
},
"properties": {
"credential_type": {
"description": "Possible values are 'UsernamePasswordLoginCredential', 'VerifiableAsymmetricLoginCredential', 'SessionLoginCredential'.",
"required": true,
"title": "Login credential, for example username-password-thumbprint, certificate or session based, etc",
"type": "string"
},
"password": {
"required": false,
"sensitive": true,
"title": "The authentication password for login",
"type": "secure_string"
},
"thumbprint": {
"required": false,
"title": "Thumbprint of the login server",
"type": "string"
},
"username": {
"required": false,
"title": "The username for login",
"type": "string"
}
},
"title": "A login credential specifying a username and password",
"type": "object"
}
VIFGroupAssociationRequestParams (type)
{
"additionalProperties": false,
"description": "List request parameters containing virtual network interface external ID and enforcement point path",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "VIFGroupAssociationRequestParams",
"module_id": "PolicyGroupRealization",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"vif_external_id": {
"required": true,
"title": "Virtual network interface external ID",
"type": "string"
}
},
"title": "List request parameters containing virtual network interface external ID and enforcement point path",
"type": "object"
}
VMDeploymentProgressState (type)
{
"description": "Deployment progress state of node VM. This Object contains name of current deployment step and overall progress percentage.",
"id": "VMDeploymentProgressState",
"module_id": "HostPrepServiceFabric",
"properties": {
"current_step_title": {
"description": "Name of the current running step of deployment",
"readonly": true,
"required": false,
"title": "Name of the current step",
"type": "string"
},
"progress": {
"description": "Overall progress percentage of deployment completed",
"readonly": true,
"required": false,
"title": "Progress percentage",
"type": "integer"
}
},
"title": "Deployment progress of node VM",
"type": "object"
}
VMGroupAssociationRequestParams (type)
{
"additionalProperties": false,
"description": "List request parameters containing virtual machine external ID and enforcement point path",
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "VMGroupAssociationRequestParams",
"module_id": "PolicyGroupRealization",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"enforcement_point_path": {
"description": "The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered",
"required": false,
"title": "String Path of the enforcement point",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
},
"vm_external_id": {
"required": true,
"title": "Virtual machine external ID",
"type": "string"
}
},
"title": "List request parameters containing virtual machine external ID and enforcement point path",
"type": "object"
}
VMTagReplicationPolicy (type)
{
"additionalProperties": false,
"description": "A policy to replicate tags from once site to other sites.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "VMTagReplicationPolicy",
"module_id": "VMTagReplicationPolicy",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"groups": {
"description": "Paths of groups (VM tag-based, VM name-based, etc.) that translates into VMs to be replicated from protected site to recovery sites. If no group is specified, none of the VM tag will be replicated from protected site to recovery sites.",
"items": {
"type": "string"
},
"title": "Paths of groups",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"VMTagReplicationPolicy"
],
"relationshipType": "VM_TAG_REPLICATION_POLICY_GROUP_RELATIONSHIP",
"rightType": [
"Group"
]
}
]
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"protected_site": {
"description": "A path of protected site, from where tags of selected VMs will be replicated to recovery sites.",
"required": true,
"title": "A path of protected site",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"VMTagReplicationPolicy"
],
"relationshipType": "VM_TAG_REPLICATION_POLICY_PROTECTED_SITE_RELATIONSHIP",
"rightType": [
"Site"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"recovery_sites": {
"description": "Paths of recovery sites, where tags of selected VMs will be replicated to, from protected site.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "Paths of recovery sites",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"VMTagReplicationPolicy"
],
"relationshipType": "VM_TAG_REPLICATION_POLICY_RECOVERY_SITE_RELATIONSHIP",
"rightType": [
"Site"
]
}
]
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"replication_type": {
"default": "OTHER",
"description": "Specifies type of replication used in DR (Disaster Recovery) failover.",
"enum": [
"VSPHERE_REPLICATION",
"STORAGE_ARRAY_REPLICATION",
"OTHER"
],
"readonly": false,
"required": false,
"title": "Replication type used in DR failover",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tag_delay_delete_time": {
"description": "This specifies delay in minutes which is used for deletion of tags of virtual machines on recovery site. If a VM is deleted on protected site and has not appeared on recovery site (e.g. this can happen primarily when array based storage replication is used with SRM and DR failover is run while protected site is reachable), the tags will be retained for this much amount of time on recovery site. VM appears within this much time on recovery site, then tags will get applied on recovery site. If replication type is VSPHERE_REPLICATION or OTHER, then its default value is 0 minutes. If replication type is STORAGE_ARRAY_REPLICATION, then its default value is 30 minutes. If this value is not specified, then default value according to replication type will be applicable. The time for virtual machines to appear on recovery site after those are deleted from primary site in case of storage replication depends on count of virtual machines configured to failover, storage array performance and ESXi host.",
"maximum": 4320,
"minimum": 0,
"readonly": false,
"required": false,
"title": "Specifies delay time to be used for tags of virtual machine",
"type": "integer"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
},
"vm_match_criteria": {
"default": "MATCH_NSX_ATTACHMENT_ID",
"description": "Matching criteria used for associating VMs from protected site to VMs on recovery sites. - MATCH_NSX_ATTACHMENT_ID : Associate VMs from the protected site and recovery sites based on NSX attachment ID. - MATCH_BIOS_UUID_NAME : Associate VMs from the protected site and recovery sites based on (VM BIOS UUID + VM Name).",
"enum": [
"MATCH_NSX_ATTACHMENT_ID",
"MATCH_BIOS_UUID_NAME"
],
"required": false,
"title": "Matching criteria used for associating VMs",
"type": "string"
}
},
"title": "A policy to replicate tags from once site to other",
"type": "object"
}
VMTagReplicationPolicyListRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "PolicyListRequestParameters
},
"id": "VMTagReplicationPolicyListRequestParameters",
"module_id": "VMTagReplicationPolicy",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"include_mark_for_delete_objects": {
"default": false,
"description": "If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.",
"required": false,
"title": "Include objects that are marked for deletion in results",
"type": "boolean"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "VM tag replication policy list request parameters",
"type": "object"
}
VMTagReplicationPolicyListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "VMTagReplicationPolicyListResult",
"module_id": "VMTagReplicationPolicy",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of the VM tag replication policies in the results array",
"type": "integer"
},
"results": {
"items": {
"$ref": "VMTagReplicationPolicy
},
"readonly": true,
"title": "Collection of VM tag replication policies",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
ValidateCertificateParameters (type)
{
"additionalProperties": false,
"id": "ValidateCertificateParameters",
"module_id": "CertificateManager",
"properties": {
"usage": {
"$ref": "CertificateUsageType,
"description": "Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER",
"required": false,
"title": "Certificate Usage Type"
}
},
"type": "object"
}
ValueConstraintExpression (type)
{
"additionalProperties": false,
"description": "Represents the leaf level value constraint to constrain specified attribute value to the set of values to be allowed/not-allowed. Example - sourceGroups allowed to have only with list of groups. { \"operator\":\"INCLUDES\", \"values\":[\"/infra/services/HTTP\", \"/infra/services/HTTPS\"] }",
"extends": {
"$ref": "ConstraintExpression
},
"id": "ValueConstraintExpression",
"module_id": "PolicyConstraints",
"polymorphic-type-descriptor": {
"type-identifier": "ValueConstraintExpression"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"operator": {
"enum": [
"INCLUDES",
"EXCLUDES",
"EQUALS"
],
"required": true,
"title": "Operation to check for value list for resource attribute of constraint.",
"type": "string"
},
"resource_type": {
"enum": [
"ValueConstraintExpression",
"RelatedAttributeConditionalExpression",
"EntityInstanceCountConstraintExpression",
"FieldSanityConstraintExpression"
],
"required": true,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"values": {
"deprecated": true,
"description": "List of values.",
"items": {
"type": "string"
},
"required": false,
"title": "Array of values to perform operation.",
"type": "array"
},
"values_with_type": {
"$ref": "ConstraintValue,
"description": "List of values.",
"required": false,
"title": "Array of values to perform operation."
}
},
"title": "Represents the leaf level value constraint.",
"type": "object"
}
Vdl2Counters (type)
{
"id": "Vdl2Counters",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"arp_proxy_req_fail_drops": {
"description": "Count of ARPs failed to send on uplinks for CCP unaware bindings",
"readonly": true,
"required": false,
"type": "integer"
},
"arp_proxy_req_suppress": {
"description": "Count of ARPs suppression attempted at Leaf Input IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"arp_proxy_resp": {
"description": "Count of successful IP-MAC binding message from CCP for ARP suppression",
"readonly": true,
"required": false,
"type": "integer"
},
"arp_proxy_resp_drops": {
"description": "Count of ARP response failed for each ARP suppressed packets",
"readonly": true,
"required": false,
"type": "integer"
},
"arp_proxy_resp_filtered": {
"description": "Count of ARP responses skipped for each successful IP-MAC response from CCP",
"readonly": true,
"required": false,
"type": "integer"
},
"arp_proxy_resp_unknown": {
"description": "Count of unknown IP-MAC binding message from CCP for ARP suppression",
"readonly": true,
"required": false,
"type": "integer"
},
"leaf_rx": {
"description": "Count of packets received at VDL2LeafInput IOChain of a switchport",
"readonly": true,
"required": false,
"type": "integer"
},
"leaf_rx_drops": {
"description": "Total drops at VDL2LeafInput IOChain of a switchport",
"readonly": true,
"required": false,
"type": "integer"
},
"leaf_rx_ref_port_not_found_drops": {
"description": "VDL2LeafInput drops as trunk port is not in logical switch",
"readonly": true,
"required": false,
"type": "integer"
},
"leaf_rx_system_err_drops": {
"description": "VDL2LeafInput drops on an LS due to system errors",
"readonly": true,
"required": false,
"type": "integer"
},
"leaf_tx": {
"description": "Count of packets processed at VDL2LeafOutput IOChain of a switchport",
"readonly": true,
"required": false,
"type": "integer"
},
"leaf_tx_drops": {
"description": "Total drops at VDL2LeafOutput IOChain of a switchport",
"readonly": true,
"required": false,
"type": "integer"
},
"mac_tbl_lookup_flood": {
"description": "Count of unicast packets flooded onto remote VTEPs due to MAC table full",
"readonly": true,
"required": false,
"type": "integer"
},
"mac_tbl_lookup_full": {
"description": "Number of VM MAC query to CCP failure due to MAC table full",
"readonly": true,
"required": false,
"type": "integer"
},
"mac_tbl_update_full": {
"description": "Number of packet's SMAC learning failed at uplink due to MAC table full",
"readonly": true,
"required": false,
"type": "integer"
},
"mcast_proxy_rx_drops": {
"description": "Count of BUM replicated packets dropped at MTEP TN at uplink input IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"mcast_proxy_tx_drops": {
"description": "Count of BUM packets dropped at uplink output IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"nd_proxy_req_fail_drops": {
"description": "Count of ND packets failed to send on uplinks for CCP unaware bindings",
"readonly": true,
"required": false,
"type": "integer"
},
"nd_proxy_req_suppress": {
"description": "Count of NDs suppression attempted at Leaf Input IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"nd_proxy_resp": {
"description": "Count of successful IP-MAC binding message from CCP for ND suppression",
"readonly": true,
"required": false,
"type": "integer"
},
"nd_proxy_resp_drops": {
"description": "Count of ND response failed for each ND suppressed packets",
"readonly": true,
"required": false,
"type": "integer"
},
"nd_proxy_resp_filtered": {
"description": "Count of ND responses skipped for each successful IP-MAC response from CCP",
"readonly": true,
"required": false,
"type": "integer"
},
"nd_proxy_resp_unknown": {
"description": "Count of unknown IP-MAC binding message from CCP for ND suppression",
"readonly": true,
"required": false,
"type": "integer"
},
"nested_tn_mcast_proxy_diff_vlan_tx_drops": {
"description": "Count of BUM replicated packet drops destined to nested TN",
"readonly": true,
"required": false,
"type": "integer"
},
"nested_tn_mcast_proxy_same_vlan_tx_drops": {
"description": "Count of BUM replicated packet drops destined to nested TN",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx": {
"description": "Count of packets received at uplink port from underlay network",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx_drops": {
"description": "Count of packets from underlay that are dropped at uplink input IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx_filtered": {
"description": "Packets received at uplink filtered at uplink IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx_guest_vlan_drops": {
"description": "Drop at uplink input IOChain due to failure to remove guest VLAN tag",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx_invalid_encap_drops": {
"description": "Count of packets dropped at uplink input IOChain due to incorrect Encap",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx_mcast_invalid_dr_uplink_drops": {
"description": "Count of IP multicast packets dropped at unexpected DR uplink",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx_skip_mac_learn": {
"description": "Count of packets for which MAC learn was skipped at uplink input IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx_system_err_drops": {
"description": "Drop at uplink input IOChain due to system errors",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_rx_wrong_dest_drops": {
"description": "Drop at uplink port input IOChain due to incorrect destination VTEP IP",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx": {
"description": "Count of packets transmitted through uplink port towards underlay network",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_drops": {
"description": "Total DVS sent packet drops at uplink output IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_flood_rate_limit": {
"description": "Count of rate limited unknown unicast packets at uplink output IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_ignore": {
"description": "Count of DVS sent packets ignored at uplink output IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_invalid_frame_drops": {
"description": "Count of invalid packets dropped at uplink IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_invalid_state_drops": {
"description": "Packet drops at uplink IOChain due to incorrect uplink VLAN configuration",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_nested_tn_repl_drops": {
"description": "Count of packets to nested TN dropped at uplink output IOChain",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_non_unicast": {
"description": "Count of broadcast,multicast packets replicated to remote VTEPs",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_teaming_drops": {
"description": "Count of packets dropped at uplink IOChain due to uplink teaming failure",
"readonly": true,
"required": false,
"type": "integer"
},
"uplink_tx_ucast_flood": {
"description": "Count of unknown unicast packets at uplink output IOChain",
"readonly": true,
"required": false,
"type": "integer"
}
},
"type": "object"
}
VdrbCounters (type)
{
"id": "VdrbCounters",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"arp_hold_pkt_drops": {
"description": "The drops of packet(IPv4) pending on ARP resolution",
"readonly": true,
"required": false,
"type": "integer"
},
"consumed_icmpv4": {
"description": "ICMP packets(IPv4) destinated to VDR and consumed by VDR",
"readonly": true,
"required": false,
"type": "integer"
},
"consumed_icmpv6": {
"description": "ICMP packets(IPv6) destinated to VDR and consumed by VDR",
"readonly": true,
"required": false,
"type": "integer"
},
"drop_route_ipv4_drops": {
"description": "Packet(IPv4) matching drop routes",
"readonly": true,
"required": false,
"type": "integer"
},
"drop_route_ipv6_drops": {
"description": "Packet(IPv6) matching drop routes",
"readonly": true,
"required": false,
"type": "integer"
},
"no_nbr_ipv4": {
"description": "No IPv4 ARP entry found",
"readonly": true,
"required": false,
"type": "integer"
},
"no_nbr_ipv6": {
"description": "No IPv6 Neighbor entry found",
"readonly": true,
"required": false,
"type": "integer"
},
"no_route_ipv4_drops": {
"description": "No IPv4 routes",
"readonly": true,
"required": false,
"type": "integer"
},
"no_route_ipv6_drops": {
"description": "No IPv6 routes",
"readonly": true,
"required": false,
"type": "integer"
},
"ns_hold_pkt_drops": {
"description": "The drops of packet(IPv6) pending on neighbor resolution",
"readonly": true,
"required": false,
"type": "integer"
},
"pkt_attr_error_drops": {
"description": "Packets which failed attribute operation",
"readonly": true,
"required": false,
"type": "integer"
},
"relayed_dhcpv4_req": {
"description": "Relayed DHCPv4 requests",
"readonly": true,
"required": false,
"type": "integer"
},
"relayed_dhcpv4_rsp": {
"description": "Relayed DHCPv4 responses",
"readonly": true,
"required": false,
"type": "integer"
},
"relayed_dhcpv6_req": {
"description": "Relayed DHCPv6 requests",
"readonly": true,
"required": false,
"type": "integer"
},
"relayed_dhcpv6_rsp": {
"description": "Relayed DHCPv6 responses",
"readonly": true,
"required": false,
"type": "integer"
},
"rpf_ipv4_drops": {
"description": "Reverse path forwarding drops of packet(IPv4)",
"readonly": true,
"required": false,
"type": "integer"
},
"rpf_ipv6_drops": {
"description": "Reverse path forwarding drops of packet(IPv6)",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_arp_req": {
"description": "Arp Reqests received",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv4": {
"description": "Packets(IPv4) received on VDR",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv6": {
"description": "Packets(IPv6) received on VDR",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_pkt_parsing_error_drops": {
"description": "Packets failed to be parsed",
"readonly": true,
"required": false,
"type": "integer"
},
"ttl_ipv4_drops": {
"description": "Packet(IPv4) drops due to low TTL",
"readonly": true,
"required": false,
"type": "integer"
},
"ttl_ipv6_drops": {
"description": "Packet(IPv6) drops due to low TTL",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_arp_rsp": {
"description": "Arp Responses sent",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_dispatch_queue_too_long_drops": {
"description": "Packets being tail dropped in the txDispatchQueue",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv4": {
"description": "Packets(IPv4) sent from VDR",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv6": {
"description": "Packets(IPv6) sent from VDR",
"readonly": true,
"required": false,
"type": "integer"
}
},
"type": "object"
}
VerifiableAsymmetricLoginCredential (type)
{
"additionalProperties": false,
"extends": {
"$ref": "LoginCredential
},
"id": "VerifiableAsymmetricLoginCredential",
"module_id": "Types",
"polymorphic-type-descriptor": {
"type-identifier": "VerifiableAsymmetricLoginCredential"
},
"properties": {
"asymmetric_credential": {
"required": false,
"sensitive": true,
"title": "Asymmetric login credential",
"type": "secure_string"
},
"credential_key": {
"required": false,
"sensitive": true,
"title": "Credential key",
"type": "secure_string"
},
"credential_type": {
"description": "Possible values are 'UsernamePasswordLoginCredential', 'VerifiableAsymmetricLoginCredential', 'SessionLoginCredential'.",
"required": true,
"title": "Login credential, for example username-password-thumbprint, certificate or session based, etc",
"type": "string"
},
"credential_verifier": {
"required": false,
"sensitive": true,
"title": "Credential verifier",
"type": "secure_string"
}
},
"type": "object"
}
VerifyScimUserOrGroupExistsResult (type)
{
"additionalProperties": false,
"id": "VerifyScimUserOrGroupExistsResult",
"module_id": "CertificateManager",
"nsx_feature": "OIDC",
"properties": {
"exists": {
"title": "True if the user/group exists",
"type": "boolean"
}
},
"title": "Verify user/group exists result",
"type": "object"
}
VerifyScimUserOrGroupParameters (type)
{
"additionalProperties": false,
"id": "VerifyScimUserOrGroupParameters",
"module_id": "CertificateManager",
"nsx_feature": "OIDC",
"properties": {
"name": {
"required": true,
"title": "User or group name to search for",
"type": "string"
}
},
"title": "SCIM user/group existence query parameters",
"type": "object"
}
VersionList (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ManagedResource
},
"id": "VersionList",
"module_id": "VersionWhitelist",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"acceptable_versions": {
"items": {
"type": "string"
},
"required": true,
"title": "List of component versions",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
}
},
"type": "object"
}
VidmInfo (type)
{
"id": "VidmInfo",
"module_id": "AAA",
"properties": {
"display_name": {
"readonly": true,
"required": true,
"title": "User's Full Name Or User Group's Display Name",
"type": "string"
},
"name": {
"readonly": true,
"required": true,
"title": "Username Or Groupname",
"type": "string"
},
"type": {
"enum": [
"remote_user",
"remote_group"
],
"readonly": true,
"required": true,
"title": "Type",
"type": "string"
}
},
"title": "Vidm Info",
"type": "object"
}
VidmInfoListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "VidmInfoListResult",
"module_id": "AAA",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "VidmInfo
},
"required": true,
"title": "List results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
VidmInfoSearchRequestParameters (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListRequestParameters
},
"id": "VidmInfoSearchRequestParameters",
"module_id": "AAA",
"properties": {
"cursor": {
"readonly": false,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"included_fields": {
"description": "Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.",
"title": "Comma separated list of fields that should be included in query result",
"type": "string"
},
"page_size": {
"default": 1000,
"maximum": 1000,
"minimum": 0,
"title": "Maximum number of results to return in this page (server may return fewer)",
"type": "integer"
},
"search_string": {
"description": "This is a substring search that is case insensitive.",
"required": true,
"title": "Search string to search for.\n",
"type": "string"
},
"sort_ascending": {
"type": "boolean"
},
"sort_by": {
"title": "Field by which records are sorted",
"type": "string"
}
},
"title": "Vidm information search request parameters",
"type": "object"
}
View (type)
{
"additionalProperties": false,
"description": "Describes the configuration of a view to be displayed on the dashboard.",
"extends": {
"$ref": "ManagedResource
},
"id": "View",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget.",
"maxLength": 255,
"required": true,
"title": "Widget Title",
"type": "string"
},
"exclude_roles": {
"description": "Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified.",
"maxLength": 1024,
"title": "Roles to which the shared view is not visible",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"include_roles": {
"description": "Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles.",
"maxLength": 1024,
"title": "Roles to which the shared view is visible",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"shared": {
"default": false,
"description": "Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users.",
"title": "Share the view with other users",
"type": "boolean"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"default": 10000,
"description": "Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order.",
"title": "Weightage or placement of the view",
"type": "int"
},
"widgets": {
"description": "Array of widgets that are part of the view.",
"items": {
"$ref": "WidgetItem
},
"minItems": 0,
"required": true,
"title": "Widgets",
"type": "array"
}
},
"title": "Dashboard View",
"type": "object"
}
ViewList (type)
{
"additionalProperties": false,
"description": "Represents a list of views.",
"id": "ViewList",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"views": {
"description": "Array of views",
"items": {
"$ref": "View
},
"readonly": true,
"required": true,
"title": "Array of views",
"type": "array"
}
},
"title": "List of Views",
"type": "object"
}
ViewQueryParameters (type)
{
"additionalProperties": false,
"id": "ViewQueryParameters",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"tag": {
"description": "The tag for which associated views to be queried. For tags specified on views, scope is automatically set to 'nsx-dashboard' and hence scope is ignored for searching views based on tag.",
"readonly": true,
"title": "The tag for which associated views to be queried.",
"type": "string"
},
"view_ids": {
"description": "Comma separated ids of views to be queried.",
"maxLength": 8192,
"readonly": true,
"title": "Ids of the Views",
"type": "string"
},
"widget_id": {
"description": "Id of widget to be queried for all the views it is part of.",
"maxLength": 255,
"readonly": true,
"title": "Id of widget configuration",
"type": "string"
}
},
"title": "Parameters for querying views",
"type": "object"
}
VirtualEndpoint (type)
{
"additionalProperties": false,
"description": "A VirtualEndpoint represents an IP (or nexthop) which is outside SDDC. It represents a redirection target for RedirectionPolicy.",
"extends": {
"$ref": "BaseEndpoint
},
"id": "VirtualEndpoint",
"module_id": "PolicyServiceInsertion",
"polymorphic-type-descriptor": {
"type-identifier": "VirtualEndpoint"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"enum": [
"VirtualEndpoint",
"ServiceInstanceEndpoint"
],
"required": true,
"type": "string"
},
"service_names": {
"description": "One VirtualEndpoint will be created per service name.",
"items": {
"type": "string"
},
"maxItems": 1,
"minItems": 1,
"readonly": false,
"required": true,
"title": "Services for which this endpoint to be created",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"target_ips": {
"description": "IPs where either inbound or outbound traffic is to be redirected.",
"items": {
"$ref": "IPInfo
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "IP addresses to redirect the traffic to",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "This endpoint is strictly of the type Virtual",
"type": "object"
}
VirtualNetworkInterface (type)
{
"additionalProperties": false,
"extends": {
"$ref": "DiscoveredResource
},
"id": "VirtualNetworkInterface",
"module_id": "Inventory",
"properties": {
"_last_sync_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"device_key": {
"required": true,
"title": "Device key of the virtual network interface.",
"type": "string"
},
"device_name": {
"required": false,
"title": "Device name of the virtual network interface.",
"type": "string"
},
"display_name": {
"can_sort": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"external_id": {
"required": true,
"title": "External Id of the virtual network inferface.",
"type": "string"
},
"host_id": {
"required": true,
"title": "Id of the host on which the vm exists.",
"type": "string"
},
"ip_address_info": {
"items": {
"$ref": "IpAddressInfo
},
"required": false,
"title": "IP Addresses of the the virtual network interface, from various sources.",
"type": "array"
},
"lport_attachment_id": {
"required": false,
"title": "LPort Attachment Id of the virtual network interface.",
"type": "string"
},
"mac_address": {
"required": true,
"title": "MAC address of the virtual network interface.",
"type": "string"
},
"owner_vm_id": {
"required": true,
"title": "Id of the vm to which this virtual network interface belongs.",
"type": "string"
},
"owner_vm_type": {
"enum": [
"EDGE",
"SERVICE",
"REGULAR"
],
"readonly": true,
"required": false,
"title": "Owner virtual machine type; Edge, Service VM or other.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"required": true,
"type": "string"
},
"scope": {
"description": "Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC.",
"items": {
"$ref": "DiscoveredResourceScope
},
"readonly": false,
"required": false,
"title": "List of scopes for discovered resource",
"type": "array"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"uptv2_enabled": {
"description": "Specifies if UPTv2 (Universal Pass-through version 2) compatibility is enabled for the virtual network interface or not.",
"readonly": true,
"required": false,
"title": "Flag to indicate if UPT is enabled",
"type": "boolean"
},
"vm_local_id_on_host": {
"required": true,
"title": "Id of the vm unique within the host.",
"type": "string"
}
},
"type": "object"
}
VirtualNetworkInterfaceListResult (type)
{
"additionalProperties": false,
"extends": {
"$ref": "ListResult
},
"id": "VirtualNetworkInterfaceListResult",
"module_id": "Inventory",
"properties": {
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"cursor": {
"readonly": true,
"title": "Opaque cursor to be used for getting next page of records (supplied by current result page)",
"type": "string"
},
"result_count": {
"readonly": true,
"title": "Count of results found (across all pages), set only on first page",
"type": "integer"
},
"results": {
"items": {
"$ref": "VirtualNetworkInterface
},
"required": true,
"title": "VirtualNetworkInterface list results",
"type": "array"
},
"sort_ascending": {
"readonly": true,
"title": "If true, results are sorted in ascending order",
"type": "boolean"
},
"sort_by": {
"readonly": true,
"title": "Field by which records are sorted",
"type": "string"
}
},
"type": "object"
}
VlanID (type)
{
"id": "VlanID",
"maximum": 4094,
"minimum": 0,
"module_id": "Types",
"title": "Virtual Local Area Network Identifier",
"type": "integer"
}
VlanVniRangePair (type)
{
"additionalProperties": false,
"description": "Vlan-Vni mapping pair resource in EvpnTenantConfig for ROUTE-SERVER Evpn mode",
"id": "VlanVniRangePair",
"module_id": "PolicyConnectivity",
"properties": {
"vlans": {
"description": "List of VLAN ids and VLAN ranges (specified with '-').",
"required": true,
"title": "List of VLAN ids",
"type": "string"
},
"vnis": {
"description": "List of VNI ids and VNI ranges (specified with '-'). The vni id is used for VXLAN transmission for a given tenant Vlan ID in ROUTE-SERVER Evpn.",
"required": true,
"title": "List of VNI ids",
"type": "string"
}
},
"title": "Vlan Vni pair resource",
"type": "object"
}
VniPoolConfig (type)
{
"additionalProperties": false,
"description": "Vni Pool Configuration.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "VniPoolConfig",
"module_id": "PolicyConnectivity",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"end": {
"maximum": 16777215,
"minimum": 75001,
"required": true,
"title": "End value of VNI Pool range",
"type": "int"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"start": {
"maximum": 16777215,
"minimum": 75001,
"required": true,
"title": "Start value of VNI Pool range",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Vni Pool Config",
"type": "object"
}
Vpc (type)
{
"additionalProperties": false,
"description": "'Vpc' provides self-service and allows the application users to configure subnets and other services.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "Vpc",
"module_id": "PolicyVpc",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"activate_default_dfw_rules": {
"description": "By default, VPC is created with default distributed firewall rules, this flag allows to deactivate those default rules . If not set, the default rules are enabled. The system will expect the API user to pass this flag as \"false\" when the system is not entitled to distributed firewall.",
"nsx_feature": "LicenseDistinctCheck",
"required": false,
"title": "Activate the default DFW rules for the VPC",
"type": "boolean"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"default_gateway_path": {
"description": "This represents the path of a Tier0 or Tier0 VRF or label. This must be a subset of Tier0s/VRFs defined at the project level. It serves as default gateway for VPC. In case of Label, it should have reference of Tier0 or Tier0 VRF path.",
"required": false,
"title": "PolicyPath of Tier0 or Tier0 VRF gateway or label path referencing to Tier0 or Tier0 VRF.",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_GATEWAY_RELATIONSHIP",
"rightType": [
"Tier0"
]
},
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_GATEWAY_LABEL_RELATIONSHIP",
"rightType": [
"Label"
]
}
]
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_config": {
"$ref": "DhcpConfig,
"description": "DHCP configuration to be applied on all connected subnets if the IP address type is IPv4.",
"required": false,
"title": "DHCP configs"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"external_ipv4_blocks": {
"description": "IP block used for allocating CIDR blocks for public subnets. IP block must be subset of Project IPv4 blocks.",
"items": {
"type": "string"
},
"maxItems": 5,
"required": false,
"title": "PolicyPath of external IPv4 block",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_EXTERNAL_IPV4BLOCK_RELATIONSHIP",
"rightType": [
"IpAddressBlock"
]
}
]
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_address_type": {
"default": "IPV4",
"description": "This defines the IP address type that will be allocated for subnets. In the case of IPv4, all the subnets will be allocated IP addresses from the IpV4 private/external pool.",
"enum": [
"IPV4"
],
"required": true,
"title": "IP address type",
"type": "string"
},
"ipv6_profile_paths": {
"description": "Configuration IPv6 NDRA and DAD profiles. Either or both NDRA and/or DAD profiles can be configured. If not specified, default profiles will be applied.",
"items": {
"type": "string"
},
"maxItems": 2,
"required": false,
"title": "IPv6 NDRA and DAD profiles configuration",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_NDRA_PROFILE_RELATIONSHIP",
"rightType": [
"Ipv6NdraProfile"
]
},
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_DAD_PROFILE_RELATIONSHIP",
"rightType": [
"Ipv6DadProfile"
]
}
]
},
"load_balancer_vpc_endpoint": {
"$ref": "LoadBalancerVPCEndpoint,
"required": false
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"private_ipv4_blocks": {
"additionalProperties": false,
"description": "IP block used for allocating CIDR blocks for private subnets. IP block must be defined by the Project admin.",
"items": {
"type": "string"
},
"maxItems": 5,
"required": false,
"title": "PolicyPath of private ip block",
"type": "array",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_PRIVATE_IPV4BLOCK_RELATIONSHIP",
"rightType": [
"IpAddressBlock"
]
}
]
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"service_gateway": {
"$ref": "ServiceGateway,
"required": false
},
"short_id": {
"description": "Defaults to id if id is less than equal to 8 characters or defaults to random generated id if not set.",
"maxLength": 8,
"title": "Identifier to use when displaying vpc context in logs",
"type": "string"
},
"site_infos": {
"description": "Information related to sites applicable for given VPC. The edge cluster path must belong to the same site. This will be a subset of the span of connected Tier0/VRF. Only 1 Edge cluster can be configured in site_infos.",
"items": {
"$ref": "SiteInfo
},
"maxItems": 1,
"required": false,
"title": "Collection of Site information.",
"type": "array"
},
"subnet_profiles": {
"$ref": "SubnetProfiles,
"description": "Subnet profiles will be used to create subnet profile binding and it will be applied to subnets. Subnet profiles need to be pre-created at the project level. If not specified, default profiles will be used.",
"required": false,
"title": "Subnet profiles"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy VPC",
"type": "object"
}
VpcIpAddressAllocation (type)
{
"additionalProperties": false,
"description": "Allocation parameters for the IP address (e.g. specific IP address) can be specified.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "VpcIpAddressAllocation",
"module_id": "PolicyVpcSubnetIpam",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"allocation_ip": {
"$ref": "IPAddress,
"description": "Single IP Address that is allocated from external ip block or IPv6 block based on IP address type. If not specified, any available IP will be allocated from respective IP block. If specified, it has to be within range of respective IP blocks. If IP is already in use then validation error will be thrown.",
"required": false,
"title": "IP address allocated from ip block."
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_address_block_visibility": {
"default": "EXTERNAL",
"description": "Represents visibility of IP address block. This field is not applicable if IPAddressType at VPC is IPv6.",
"enum": [
"EXTERNAL",
"PRIVATE"
],
"title": "IP Address Block Visibility",
"type": "string"
},
"ip_address_type": {
"default": "IPV4",
"description": "This defines the type of IP address block that will be used to allocate IP. This field is applicable only if IP addressType at VPC is DUAL. In case of IPv4, external blocks will be used, and in case of IPv6, IPv6 blocks will be used.",
"enum": [
"IPV4",
"IPV6"
],
"title": "IP address type",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Parameters for IP allocation",
"type": "object"
}
VpcSubnet (type)
{
"additionalProperties": false,
"description": "VPC Subnet provides self-service and allows the application users to create networks within the VPC and attach workloads to them.",
"extends": {
"$ref": "PolicyConfigResource
},
"id": "VpcSubnet",
"module_id": "PolicyVpcSubnet",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"access_mode": {
"default": "Private",
"description": "There are three kinds of Access Types supported for an Application. Private - VPC Subnet is accessible only within the application and its IPs are allocated from private IP address pool from VPC configuration unless specified explicitly by user. Public - VPC Subnet is accessible from external networks and its IPs are allocated from public IP address pool from VPC configuration unless specified explicitly by user. Isolated - VPC Subnet is not accessible from other VPC Subnets within the same VPC.",
"enum": [
"Private",
"Public",
"Isolated"
],
"required": false,
"title": "The access type for an VPC Subnet.",
"type": "string"
},
"advanced_config": {
"$ref": "SubnetAdvancedConfig,
"description": "VPC Subnet advanced configuration. This field is supported only for VPC Subnets on NSX local manager.",
"required": false,
"title": "VPC Subnet advanced configuration"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"dhcp_config": {
"$ref": "VpcSubnetDhcpConfig,
"description": "DHCP configuration to be applied on this VPC Subnet if the IP address type is IPv4. If not specified, VPC dhcp configuration will be applied on the VPC Subnet. VPC Subnet DHCP config will take precedence over VPC dhcp config, if available at both places.",
"required": false,
"title": "DHCP configs"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ip_addresses": {
"description": "If not provided, Ip assignment will be done based on VPC CIDRs This represents the VPC Subnet that is associated with tier. If IPv4 CIDR is given, ipv4_subnet_size property is ignored. For IPv6 CIDR, supported prefix length is /64.",
"items": {
"format": "ip-cidr-block",
"type": "string"
},
"maxItems": 2,
"required": false,
"title": "CIDR",
"type": "array"
},
"ipv4_subnet_size": {
"description": "If IP Addresses are not provided, this field will be used to carve out the ips from respective ip block defined in the parent VPC. The default is 64. If ip_addresses field is provided then ipv4_subnet_size field is ignored. This field cannot be modified after creating a VPC Subnet.",
"maximum": 65536,
"minimum": 16,
"required": false,
"title": "Size of the VPC Subnet based upon estimated workload count.",
"type": "int"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy VPC Subnet",
"type": "object"
}
VpcSubnetDhcpConfig (type)
{
"description": "VPC Subnet DHCP config",
"extends": {
"$ref": "DhcpConfig
},
"id": "VpcSubnetDhcpConfig",
"module_id": "PolicyVpcSubnet",
"properties": {
"dhcp_relay_config_path": {
"description": "Policy path of DHCP-relay-config. If configured then all the subnets will be configured with the DHCP relay server. If not specified, then the local DHCP server will be configured for all connected subnets.",
"required": false,
"title": "DHCP relay config path",
"type": "string",
"x-vmw-cross-reference": [
{
"leftType": [
"Vpc"
],
"relationshipType": "VPC_DHCP_RELAY_CONFIG_RELATIONSHIP",
"rightType": [
"DhcpRelayConfig"
]
}
]
},
"dns_client_config": {
"$ref": "DnsClientConfig,
"description": "Dns configuration",
"required": false,
"title": "Dns client configuration"
},
"enable_dhcp": {
"description": "If activated, the DHCP server will be configured based on IP address type. If deactivated then neither DHCP server nor relay shall be configured.",
"required": false,
"title": "Activate or Deactivate DHCP",
"type": "boolean"
},
"static_pool_config": {
"$ref": "StaticPoolConfig,
"description": "Static IP pool configuration.",
"required": false,
"title": "Static IP pool configuration"
}
},
"title": "VPC Subnet DHCP configuration",
"type": "object"
}
VpcSubnetPort (type)
{
"additionalProperties": false,
"description": "VPC Subnet port will create LogicalPort on LogicalSwitch corresponding to the Subnet. Address bindings cannot be removed after realization.",
"extends": {
"$ref": "SegmentPort
},
"id": "VpcSubnetPort",
"module_id": "PolicyVpcSubnet",
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"address_bindings": {
"description": "Static address binding used for the port.",
"items": {
"$ref": "PortAddressBindingEntry
},
"maxItems": 512,
"required": false,
"title": "Address bindings for the port",
"type": "array"
},
"admin_state": {
"default": "UP",
"enum": [
"UP",
"DOWN"
],
"required": false,
"title": "Represents desired state of the segment port",
"type": "string"
},
"attachment": {
"$ref": "PortAttachment,
"description": "Only VIF attachment is supported",
"required": false,
"title": "VIF attachment"
},
"children": {
"description": "Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.",
"items": {
"$ref": "ChildPolicyConfigResource
},
"required": false,
"title": "Subtree for this type within policy tree",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"can_sort": true,
"computed": true,
"description": "Defaults to ID if not set",
"maxLength": 255,
"title": "Identifier to use when displaying entity in logs or GUI",
"type": "string"
},
"extra_configs": {
"description": "This property could be used for vendor specific configuration in key value string pairs. Segment port setting will override segment setting if the same key was set on both segment and segment port.",
"items": {
"$ref": "SegmentExtraConfig
},
"required": false,
"title": "Extra configs on segment port",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"ignored_address_bindings": {
"description": "IP Discovery module uses various mechanisms to discover address bindings being used on each segment port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported.",
"items": {
"$ref": "PortAddressBindingEntry
},
"maxItems": 16,
"minItems": 0,
"required": false,
"title": "Address bindings to be ignored by IP Discovery module",
"type": "array"
},
"init_state": {
"description": "Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation, and cannot be modified. 'RESTORE_VIF' fetches and restores VIF attachment from ESX host.",
"enum": [
"UNBLOCKED_VLAN",
"RESTORE_VIF"
],
"required": false,
"title": "Initial state of this logical ports",
"type": "string"
},
"marked_for_delete": {
"default": false,
"description": "Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.",
"readonly": true,
"required": false,
"title": "Indicates whether the intent object is marked for deletion",
"type": "boolean"
},
"origin_id": {
"description": "ID populated by NSX when NSX on DVPG is used to indicate the source Distributed Virtual Port and the corresponding Distributed Virtual Switch. This ID is populated only for ports attached to discovered segments.",
"readonly": true,
"title": "ID of the distributed virtual port and the distributed virtual switch in the source vCenter",
"type": "string"
},
"origin_site_id": {
"description": "This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for knowing which site owns an object",
"type": "string"
},
"overridden": {
"default": false,
"description": "Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.",
"readonly": true,
"required": false,
"title": "Indicates whether this object is the overridden intent object",
"type": "boolean"
},
"owner_id": {
"description": "This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for the ownership of an object",
"type": "string"
},
"parent_path": {
"description": "Path of its parent",
"readonly": true,
"required": false,
"title": "Path of its parent",
"type": "string"
},
"path": {
"description": "Absolute path of this object",
"readonly": true,
"required": false,
"title": "Absolute path of this object",
"type": "string"
},
"realization_id": {
"description": "This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system for realizing intent",
"type": "string"
},
"relative_path": {
"description": "Path relative from its parent",
"readonly": true,
"required": false,
"title": "Relative path of this object",
"type": "string"
},
"remote_path": {
"description": "This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.",
"readonly": true,
"required": false,
"title": "Path of the object on the remote end.",
"type": "string"
},
"resource_type": {
"description": "The type of this resource.",
"readonly": false,
"type": "string"
},
"source_site_id": {
"description": "This field will refer to the source site on which the segment port is discovered. This field is populated by GM, when it receives corresponding notification from LM.",
"readonly": true,
"title": "source site(LM) id.",
"type": "string"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"unique_id": {
"description": "This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.",
"readonly": true,
"required": false,
"title": "A unique identifier assigned by the system",
"type": "string"
}
},
"title": "Policy port object for VPC Subnet",
"type": "object"
}
VrfEvpnL2VniConfig (type)
{
"id": "VrfEvpnL2VniConfig",
"module_id": "PolicyConnectivity",
"properties": {
"enable_vtep_groups": {
"default": false,
"description": "This is used to enable or disable the creation of vtep groups. Each vtep group is used to group vteps with the same MAC for L2 ECMP usage.",
"required": false,
"title": "Flag to enable or disable the creation of vtep groups",
"type": "boolean"
},
"l2_vni_configs": {
"description": "Define L2 VNI and its related route distinguiser and route targets.",
"items": {
"$ref": "VrfL2VniConfig
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "L2 VNI configurations associated with the VRF",
"type": "array"
}
},
"type": "object"
}
VrfL2VniConfig (type)
{
"id": "VrfL2VniConfig",
"module_id": "PolicyConnectivity",
"properties": {
"l2_vni": {
"description": "L2 VNI associated with the VRF. It must be unique and available from the VNI pool defined for EVPN service.",
"required": true,
"title": "L2 VNI associated with the VRF",
"type": "int"
},
"route_distinguisher": {
"description": "This is a 64 bit number which disambiguates overlapping logical networks, with format in IPAddress:<number> or ASN:<number>.",
"required": true,
"title": "The unique route distinguisher for the virtual routing and forwarding instance",
"type": "string"
},
"route_targets": {
"description": "Route targets.",
"items": {
"$ref": "VrfRouteTargets
},
"maxItems": 1,
"minItems": 1,
"required": true,
"title": "Route targets",
"type": "array"
}
},
"type": "object"
}
VrfRouteTargets (type)
{
"additionalProperties": false,
"description": "Vrf Route Targets for import/export.",
"id": "VrfRouteTargets",
"module_id": "PolicyConnectivity",
"properties": {
"address_family": {
"default": "L2VPN_EVPN",
"description": "Address family.",
"enum": [
"L2VPN_EVPN"
],
"required": false,
"title": "Address family",
"type": "string"
},
"export_route_targets": {
"description": "Export route targets with format in ASN:<number>.",
"items": {
"type": "string"
},
"required": false,
"title": "Export route targets",
"type": "array"
},
"import_route_targets": {
"description": "Import route targets with format in ASN:<number>.",
"items": {
"type": "string"
},
"required": false,
"title": "Import route targets",
"type": "array"
}
},
"title": "Vrf Route Targets",
"type": "object"
}
VrniGlobalCollector (type)
{
"additionalProperties": false,
"description": "vRNI collector collects the system metrics to Vmware vRNI (vRealize Network Insight) platform for network monitoring and analytics.",
"extends": {
"$ref": "GlobalCollectorConfig
},
"id": "VrniGlobalCollector",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "VRNI"
},
"properties": {
"collector_ip": {
"$ref": "IPAddress,
"description": "IP address for the global collector.",
"required": true,
"title": "IP address for the global collector collector"
},
"collector_port": {
"description": "Port for the global collector.",
"maximum": 65535,
"minimum": 0,
"required": true,
"title": "Port for the global collector",
"type": "int"
},
"collector_type": {
"$ref": "GlobalCollectorType,
"description": "Specify the global collector type.",
"required": true
},
"report_interval": {
"default": 30,
"description": "Report interval for operation data in seconds.",
"maximum": 1800,
"minimum": 1,
"required": true,
"title": "Report interval for operation data in seconds",
"type": "int"
}
},
"title": "NSX global configs for VRNI global collector",
"type": "object"
}
VsipCounters (type)
{
"id": "VsipCounters",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"alg_handler_drops": {
"description": "alg handler error.",
"readonly": true,
"required": false,
"type": "integer"
},
"bad_offset_drops": {
"description": "bad-offset.",
"readonly": true,
"required": false,
"type": "integer"
},
"bad_timestamp_drops": {
"description": "bad-timestamp.",
"readonly": true,
"required": false,
"type": "integer"
},
"congestion_drops": {
"description": "congestion.",
"readonly": true,
"required": false,
"type": "integer"
},
"fragment_drops": {
"description": "fragment.",
"readonly": true,
"required": false,
"type": "integer"
},
"handshake_error_drops": {
"description": "3wh error.",
"readonly": true,
"required": false,
"type": "integer"
},
"icmp_err_pkt_drops": {
"description": "icmp errpkt drop.",
"readonly": true,
"required": false,
"type": "integer"
},
"icmp_error_drops": {
"description": "icmp error.",
"readonly": true,
"required": false,
"type": "integer"
},
"icmp_flood_overlimit_drops": {
"description": "ICMP flood overlimit.",
"readonly": true,
"required": false,
"type": "integer"
},
"ignored_offloaded_fpdrops": {
"description": "Ignored offloaded FP.",
"readonly": true,
"required": false,
"type": "integer"
},
"ignored_offloaded_spdrops": {
"description": "Ignored offloaded SP",
"readonly": true,
"required": false,
"type": "integer"
},
"ip_option_drops": {
"description": "ip-option.",
"readonly": true,
"required": false,
"type": "integer"
},
"l7_alert_drops": {
"description": "L7 alert.",
"readonly": true,
"required": false,
"type": "integer"
},
"l7_attr_error_drops": {
"description": "L7 attr error.",
"readonly": true,
"required": false,
"type": "integer"
},
"l7_pending_misc": {
"description": "L7 pending.",
"readonly": true,
"required": false,
"type": "integer"
},
"lb_reject_drops": {
"description": "LB Reject.",
"readonly": true,
"required": false,
"type": "integer"
},
"match_drop_rule_rx_drops": {
"description": "Rx pkts dropped by hitting drop/reject rule.",
"readonly": true,
"required": false,
"type": "integer"
},
"match_drop_rule_tx_drops": {
"description": "Tx pkts dropped by hitting drop/reject rule.",
"readonly": true,
"required": false,
"type": "integer"
},
"memory_drops": {
"description": "memory.",
"readonly": true,
"required": false,
"type": "integer"
},
"normalize_drops": {
"description": "normalize.",
"readonly": true,
"required": false,
"type": "integer"
},
"other_flood_overlimit_drops": {
"description": "OTHER flood overlimit.",
"readonly": true,
"required": false,
"type": "integer"
},
"pkts_frag_queued_v4_misc": {
"description": "pkts-frag-queued-v4.",
"readonly": true,
"required": false,
"type": "integer"
},
"pkts_frag_queued_v6_misc": {
"description": "pkts-frag-queued-v6.",
"readonly": true,
"required": false,
"type": "integer"
},
"proto_cksum_drops": {
"description": "proto-cksum.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv4_drop_pkts": {
"description": "Received IPv4 drop packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv4_pass_pkts": {
"description": "Received IPv4 pass packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv4_reject_pkts": {
"description": "Received IPv4 reject packets.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv6_drop_pkts": {
"description": "Received IPv6 drop packets.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv6_pass_pkts": {
"description": "Received IPv6 pass packets",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_ipv6_reject_pkts": {
"description": "Received IPv6 reject packets.",
"readonly": true,
"required": false,
"type": "integer"
},
"rx_l2_drop_pkts": {
"description": "Received layer 2 drop packets.",
"readonly": true,
"required": false,
"type": "integer"
},
"seqno_bad_ack_drops": {
"description": "seqno bad ack",
"readonly": true,
"required": false,
"type": "integer"
},
"seqno_gt_max_ack_drops": {
"description": "seqno gt maxack",
"readonly": true,
"required": false,
"type": "integer"
},
"seqno_lt_minack_drops": {
"description": "seqno lt minack",
"readonly": true,
"required": false,
"type": "integer"
},
"seqno_old_ack_drops": {
"description": "seqno old ack",
"readonly": true,
"required": false,
"type": "integer"
},
"seqno_old_retrans_drops": {
"description": "seqno old retrans.",
"readonly": true,
"required": false,
"type": "integer"
},
"seqno_outside_window_drops": {
"description": "seqno outside window.",
"readonly": true,
"required": false,
"type": "integer"
},
"short_drops": {
"description": "short.",
"readonly": true,
"required": false,
"type": "integer"
},
"spoof_guard_drops": {
"description": "spoofguard.",
"readonly": true,
"required": false,
"type": "integer"
},
"src_limit_misc": {
"description": "src-limit.",
"readonly": true,
"required": false,
"type": "integer"
},
"state_insert_drops": {
"description": "state-insert.",
"readonly": true,
"required": false,
"type": "integer"
},
"state_limit_drops": {
"description": "state-limit.",
"readonly": true,
"required": false,
"type": "integer"
},
"state_mismatch_drops": {
"description": "state-mismatch.",
"readonly": true,
"required": false,
"type": "integer"
},
"strict_no_syn_drops": {
"description": "strict no syn.",
"readonly": true,
"required": false,
"type": "integer"
},
"syn_expected_drops": {
"description": "SYN Expected.",
"readonly": true,
"required": false,
"type": "integer"
},
"syn_proxy_drops": {
"description": "synproxy.",
"readonly": true,
"required": false,
"type": "integer"
},
"tcp_flood_overlimit_drops": {
"description": "TCP flood overlimit.",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv4_drop_pkts": {
"description": "Sent IPv4 drop packets",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv4_pass_pkts": {
"description": "Sent IPv4 pass packets",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv4_reject_pkts": {
"description": "Sent IPv4 reject packets.",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv6_drop_pkts": {
"description": "Sent IPv6 drop packets.",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv6_pass_pkts": {
"description": "Sent IPv6 pass packets",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_ipv6_reject_pkts": {
"description": "Sent IPv6 reject packets.",
"readonly": true,
"required": false,
"type": "integer"
},
"tx_l2_drop_pkts": {
"description": "Sent layer 2 drop packets.",
"readonly": true,
"required": false,
"type": "integer"
},
"udp_flood_overlimit_drops": {
"description": "UDP flood overlimit.",
"readonly": true,
"required": false,
"type": "integer"
}
},
"type": "object"
}
VsphereClusterNodeVMDeploymentConfig (type)
{
"description": "The Vsphere deployment configuration determines where to deploy the cluster node VM through a vCenter server. It contains settings that are applied during install time. If using DHCP, the following fields must be left unset - dns_servers, management_port_subnets, and default_gateway_addresses",
"extends": {
"$ref": "ClusterNodeVMDeploymentConfig
},
"id": "VsphereClusterNodeVMDeploymentConfig",
"module_id": "ClusterNodeVMDeployment",
"polymorphic-type-descriptor": {
"type-identifier": "VsphereClusterNodeVMDeploymentConfig"
},
"properties": {
"allow_ssh_root_login": {
"default": false,
"description": "If true, the root user will be allowed to log into the VM. Allowing root SSH logins is not recommended for security reasons.",
"required": false,
"title": "Allow root SSH logins",
"type": "boolean"
},
"compute_id": {
"description": "The cluster node VM will be deployed on the specified cluster or resourcepool for specified VC server.",
"required": true,
"title": "Cluster identifier or resourcepool identifier",
"type": "string"
},
"default_gateway_addresses": {
"description": "The default IPv4 gateway for the VM to be deployed must be specified if all the other VMs it communicates with are not in the same subnet. Do not specify this field and management_port_subnets to use only IPv6. Note: only single IPv4 default gateway address is supported and it must belong to management network. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv4.",
"items": {
"$ref": "IPv4Address
},
"maxItems": 1,
"minItems": 1,
"required": false,
"title": "Default IPv4 gateway for the VM",
"type": "array"
},
"default_ipv6_gateway_addresses": {
"description": "The default IPv6 gateway for the VM to be deployed must be specified if all the other VMs it communicates with are not in the same subnet. Do not specify this field and management_port_ipv6_subnets to use only IPv4. Note: only single IPv6 default gateway address is supported and it must belong to management network. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv6.",
"items": {
"$ref": "IPv6Address
},
"maxItems": 1,
"minItems": 1,
"required": false,
"title": "Default IPv6 gateway for the VM",
"type": "array"
},
"disk_provisioning": {
"$ref": "DiskProvisioning,
"default": "THIN",
"description": "Specifies the disk provisioning type of the VM.",
"required": false,
"title": "Disk provitioning type"
},
"dns_servers": {
"description": "List of DNS servers. If DHCP is used, the default DNS servers associated with the DHCP server will be used instead. Required if using static IP.",
"items": {
"$ref": "IPAddress
},
"minItems": 1,
"required": false,
"title": "DNS servers",
"type": "array"
},
"enable_ssh": {
"default": false,
"description": "If true, the SSH service will automatically be started on the VM. Enabling SSH service is not recommended for security reasons.",
"required": false,
"title": "Enable SSH",
"type": "boolean"
},
"folder_id": {
"description": "Specifies the folder in which the VM should be placed.",
"required": false,
"title": "Folder identifier",
"type": "string"
},
"host_id": {
"description": "The cluster node VM will be deployed on the specified host in the specified VC server within the cluster if host_id is specified. Note: User must ensure that storage and specified networks are accessible by this host.",
"required": false,
"title": "Host identifier",
"type": "string"
},
"hostname": {
"description": "Desired host name/FQDN for the VM to be deployed",
"pattern": "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*?$",
"required": true,
"title": "Host name or FQDN for the VM",
"type": "string"
},
"management_network_id": {
"description": "Distributed portgroup identifier to which the management vnic of cluster node VM will be connected.",
"required": true,
"title": "Portgroup identifier for management network connectivity",
"type": "string"
},
"management_port_ipv6_subnets": {
"description": "IPv6 Address and subnet configuration for the management port. Do not specify this field and default_ipv6_gateway_addresses to use only IPv4. Note: only one IPv6 address is supported for the management port. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv6.",
"items": {
"$ref": "IPSubnet
},
"maxItems": 1,
"minItems": 1,
"required": false,
"title": "IPv6 port subnets for management port",
"type": "array"
},
"management_port_subnets": {
"description": "IPv4 Address and subnet configuration for the management port. Do not specify this field and default_gateway_addresses to use only IPv6. Note: only one IPv4 address is supported for the management port. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv4.",
"items": {
"$ref": "IPSubnet
},
"maxItems": 1,
"minItems": 1,
"required": false,
"title": "IPv4 port subnets for management port",
"type": "array"
},
"ntp_servers": {
"description": "List of NTP servers. To use hostnames, a DNS server must be defined. If not using DHCP, a DNS server should be specified under dns_servers.",
"items": {
"$ref": "HostnameOrIPAddress
},
"required": false,
"title": "NTP servers",
"type": "array"
},
"placement_type": {
"description": "Specifies the config for the platform through which to deploy the VM",
"enum": [
"VsphereClusterNodeVMDeploymentConfig"
],
"required": true,
"title": "Type of deployment",
"type": "string"
},
"search_domains": {
"description": "List of domain names that are used to complete unqualified host names.",
"items": {
"type": "string"
},
"required": false,
"title": "DNS search domain names",
"type": "array"
},
"storage_id": {
"description": "The cluster node VM will be deployed on the specified datastore in the specified VC server. User must ensure that storage is accessible by the specified cluster/host.",
"required": true,
"title": "Storage/datastore identifier",
"type": "string"
},
"vc_id": {
"description": "The VC-specific identifiers will be resolved on this VC, so all other identifiers specified in the config must belong to this vCenter server.",
"required": true,
"title": "Vsphere compute identifier for identifying VC server",
"type": "string"
}
},
"title": "Deployment config on the Vsphere platform",
"type": "object"
}
VswitchCounters (type)
{
"id": "VswitchCounters",
"module_id": "AggSvcLogicalSwitch",
"properties": {
"forged_transmit_rx_drops": {
"description": "Drops due to forged transmits disabled.",
"required": false,
"type": "integer"
},
"unknown_unicast_rx_uplink_pkts": {
"description": "Unknown unicast flooded packets received from uplink.",
"readonly": true,
"required": false,
"type": "integer"
},
"unknown_unicast_tx_uplink_pkts": {
"description": "Unknown unicast flooded packets sent on the uplink.",
"readonly": true,
"required": false,
"type": "integer"
},
"vlan_tag_mismatch_rx": {
"description": "Drops due to VLAN tag mismatch of packets received by vswitch.",
"readonly": true,
"required": false,
"type": "integer"
},
"vlan_tag_mismatch_rx_mcast": {
"description": "Drops due to VLAN tag mismatch of packets received by vswitch.",
"readonly": true,
"required": false,
"type": "integer"
},
"vlan_tag_mismatch_tx": {
"description": "Drops due to VLAN tag mismatch of packets forwarded by vswitch.",
"readonly": true,
"required": false,
"type": "integer"
},
"vlan_tag_mismatch_tx_mcast": {
"description": "Drops due to VLAN tag mismatch of packets forwarded by vswitch.",
"readonly": true,
"required": false,
"type": "integer"
},
"vni_tag_mismatch_tx": {
"description": "Drops due to VNI tag mismatch of packets forwarded by vswitch.",
"readonly": true,
"required": false,
"type": "integer"
},
"vni_tag_mismatch_tx_mcast": {
"description": "Drops due to VNI tag mismatch of packets forwarded by vswitch.",
"readonly": true,
"required": false,
"type": "integer"
}
},
"type": "object"
}
WaveFrontGlobalCollector (type)
{
"additionalProperties": false,
"description": "Wavefront collector is defined to export the real-time metrics to Vmware Warfront platform for monitoring and streaming analysis. It is only applicable on VMC mode.",
"extends": {
"$ref": "GlobalCollectorConfig
},
"id": "WaveFrontGlobalCollector",
"module_id": "Policy",
"polymorphic-type-descriptor": {
"type-identifier": "WAVE_FRONT"
},
"properties": {
"collector_ip": {
"$ref": "IPAddress,
"description": "IP address for the global collector.",
"required": true,
"title": "IP address for the global collector collector"
},
"collector_port": {
"description": "Port for the global collector.",
"maximum": 65535,
"minimum": 0,
"required": true,
"title": "Port for the global collector",
"type": "int"
},
"collector_type": {
"$ref": "GlobalCollectorType,
"description": "Specify the global collector type.",
"required": true
},
"tracing_port": {
"default": 30001,
"description": "Port for the Wavefront tracing.",
"maximum": 65535,
"minimum": 0,
"required": false,
"title": "Port for the Wavefront tracing",
"type": "int"
}
},
"title": "NSX global configs for WAVE_FRONT global collector",
"type": "object"
}
WeeklyBackupSchedule (type)
{
"extends": {
"$ref": "BackupSchedule
},
"id": "WeeklyBackupSchedule",
"module_id": "BackupConfiguration",
"polymorphic-type-descriptor": {
"type-identifier": "WeeklyBackupSchedule"
},
"properties": {
"days_of_week": {
"items": {
"type": "integer"
},
"maxItems": 7,
"minItems": 1,
"required": true,
"title": "Days of week when backup is taken. 0 - Sunday, 1 - Monday, 2 - Tuesday, 3 - Wednesday ...",
"type": "array",
"uniqueItems": true
},
"hour_of_day": {
"maximum": 23,
"minimum": 0,
"required": true,
"title": "Time of day when backup is taken",
"type": "integer"
},
"minute_of_day": {
"maximum": 59,
"minimum": 0,
"required": true,
"title": "Time of day when backup is taken",
"type": "integer"
},
"resource_type": {
"enum": [
"WeeklyBackupSchedule",
"IntervalBackupSchedule"
],
"required": true,
"title": "Schedule type",
"type": "string"
}
},
"title": "Schedule to specify day of the week and time to take automated backup",
"type": "object"
}
WidgetConfiguration (type)
{
"additionalProperties": false,
"description": "Describes the configuration of a widget to be displayed on the dashboard. WidgetConfiguration is a base type that provides attributes of a widget in-general.",
"extends": {
"$ref": "ManagedResource
},
"id": "WidgetConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"polymorphic-type-descriptor": {
"mode": "enabled"
},
"properties": {
"_create_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of resource creation",
"readonly": true
},
"_create_user": {
"description": "ID of the user who created this resource",
"readonly": true,
"type": "string"
},
"_last_modified_time": {
"$ref": "EpochMsTimestamp,
"can_sort": true,
"description": "Timestamp of last modification",
"readonly": true
},
"_last_modified_user": {
"description": "ID of the user who last modified this resource",
"readonly": true,
"type": "string"
},
"_links": {
"description": "The server will populate this field when returing the resource. Ignored on PUT and POST.",
"items": {
"$ref": "ResourceLink
},
"readonly": true,
"title": "References related to this resource",
"type": "array"
},
"_protection": {
"description": "Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.",
"readonly": true,
"title": "Indicates protection status of this resource",
"type": "string"
},
"_revision": {
"computed": true,
"description": "The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.",
"title": "Generation of this resource config",
"type": "int"
},
"_schema": {
"readonly": true,
"title": "Schema for this resource",
"type": "string"
},
"_self": {
"$ref": "SelfResourceLink,
"readonly": true,
"title": "Link to this resource"
},
"_system_owned": {
"description": "Indicates system owned resource",
"readonly": true,
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.",
"maxLength": 1024,
"title": "Expression for evaluating condition",
"type": "string"
},
"datasources": {
"description": "The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.",
"items": {
"$ref": "Datasource
},
"minItems": 0,
"title": "Array of Datasource Instances with their relative urls",
"type": "array"
},
"default_filter_value": {
"description": "Default filter values to be passed to datasources. This will be used when the report is requested without filter values.",
"items": {
"$ref": "DefaultFilterValue
},
"title": "Default filter value to be passed to datasources",
"type": "array"
},
"description": {
"can_sort": true,
"maxLength": 1024,
"title": "Description of this resource",
"type": "string"
},
"display_name": {
"description": "Title of the widget. If display_name is omitted, the widget will be shown without a title.",
"maxLength": 255,
"title": "Widget Title",
"type": "string"
},
"drilldown_id": {
"description": "Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.",
"maxLength": 255,
"title": "Id of drilldown widget",
"type": "string"
},
"feature_set": {
"$ref": "FeatureSet,
"description": "Features required to view the widget.",
"title": "Features required to view the widget"
},
"filter": {
"deprecated": true,
"description": "Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.",
"title": "Id of filter widget for subscription",
"type": "string"
},
"filter_value_required": {
"default": true,
"description": "Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.",
"title": "Flag to indicate if filter value is necessary",
"type": "boolean"
},
"filters": {
"description": "A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.",
"items": {
"type": "string"
},
"title": "A List of filter ids applied to this widget configuration",
"type": "array"
},
"footer": {
"$ref": "Footer
},
"icons": {
"description": "Icons to be applied at dashboard for widgets and UI elements.",
"items": {
"$ref": "Icon
},
"title": "Icons",
"type": "array"
},
"id": {
"can_sort": true,
"title": "Unique identifier of this resource",
"type": "string"
},
"is_drilldown": {
"default": false,
"description": "Set to true if this widget should be used as a drilldown.",
"title": "Set as a drilldown widget",
"type": "boolean"
},
"legend": {
"$ref": "Legend,
"description": "Legend to be displayed. If legend is not needed, do not include it.",
"title": "Legend for the widget"
},
"plot_configs": {
"description": "List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.",
"items": {
"$ref": "WidgetPlotConfiguration
},
"required": false,
"title": "List of plotting configuration for a given widget.",
"type": "array"
},
"resource_type": {
"description": "Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration and DropdownFilterWidgetConfiguration.",
"enum": [
"LabelValueConfiguration",
"DonutConfiguration",
"MultiWidgetConfiguration",
"ContainerConfiguration",
"StatsConfiguration",
"GridConfiguration",
"GraphConfiguration",
"CustomWidgetConfiguration",
"CustomFilterWidgetConfiguration",
"TimeRangeDropdownFilterWidgetConfiguration",
"DropdownFilterWidgetConfiguration",
"SpacerWidgetConfiguration",
"LegendWidgetConfiguration"
],
"maxLength": 255,
"readonly": true,
"required": true,
"title": "Widget visualization type",
"type": "string"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container. 1 Row span is equal to 20px.",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"shared": {
"deprecated": true,
"description": "Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.",
"title": "Visiblity of widgets to other users",
"type": "boolean"
},
"show_header": {
"description": "If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.",
"title": "This decides to show the container header or not.",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"tags": {
"items": {
"$ref": "Tag
},
"maxItems": 30,
"title": "Opaque identifiers meaningful to the API user",
"type": "array"
},
"weight": {
"deprecated": true,
"description": "Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.",
"title": "Weightage or placement of the widget or container",
"type": "int"
}
},
"title": "Dashboard Widget Configuration",
"type": "object"
}
WidgetConfigurationList (type)
{
"additionalProperties": false,
"description": "Represents a list of widget configurations.",
"id": "WidgetConfigurationList",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"widgetconfigurations": {
"description": "Array of widget configurations",
"items": {
"$ref": "WidgetConfiguration
},
"readonly": true,
"required": true,
"title": "Array of widget configurations",
"type": "array"
}
},
"title": "List of Widget Configurations",
"type": "object"
}
WidgetItem (type)
{
"additionalProperties": false,
"description": "Represents a reference to a widget that is held by a container or a multi-widget or a View.",
"id": "WidgetItem",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"alignment": {
"default": "LEFT",
"description": "Aligns widget either left or right.",
"enum": [
"LEFT",
"RIGHT"
],
"title": "Alignment of widget inside container",
"type": "string"
},
"label": {
"$ref": "Label,
"description": "Applicable for 'DonutConfiguration' and 'StatsConfiguration' reports only. If label is not specified, then it defaults to the label of the donut or stats report.",
"title": "Label of the the report"
},
"rowspan": {
"description": "Represents the vertical span of the widget / container",
"minimum": 1,
"title": "Vertical span",
"type": "int"
},
"separator": {
"default": false,
"description": "If true, separates this widget in a container.",
"title": "A separator after this widget",
"type": "boolean"
},
"span": {
"description": "Represents the horizontal span of the widget / container.",
"maximum": 12,
"minimum": 1,
"title": "Horizontal span",
"type": "int"
},
"weight": {
"default": 10000,
"description": "Determines placement of widget or container relative to other widgets and containers. The lower the weight, the higher it is in the placement order.",
"title": "Weightage or placement of the widget or container",
"type": "int"
},
"widget_id": {
"description": "Id of the widget configuration that is held by a multi-widget or a container or a view.",
"maxLength": 255,
"required": true,
"title": "Id of the widget configuration",
"type": "string"
}
},
"title": "Widget held by MultiWidgetConfiguration or Container or a View",
"type": "object"
}
WidgetPlotConfiguration (type)
{
"additionalProperties": false,
"description": "Base type for widget plot config.",
"id": "WidgetPlotConfiguration",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"allow_maximize": {
"description": "Allow maximize capability for this widget",
"title": "Allow maximize capability for this widget",
"type": "boolean"
},
"condition": {
"description": "If the condition is met then the given chart config is applied to the widget configuration.",
"maxLength": 1024,
"title": "Expression for evaluating condition for this chart config",
"type": "string"
}
},
"title": "Base type for widget plot config",
"type": "object"
}
WidgetQueryParameters (type)
{
"additionalProperties": false,
"id": "WidgetQueryParameters",
"module_id": "NsxDashboard",
"nsx_feature": "NsxDashboardWidgetConfig",
"properties": {
"container": {
"description": "Id of the container whose widget configurations are to be queried.",
"maxLength": 255,
"readonly": true,
"title": "Id of the container",
"type": "string"
},
"widget_ids": {
"description": "Comma separated ids of WidgetConfigurations to be queried.",
"maxLength": 8192,
"readonly": true,
"title": "Ids of the WidgetConfigurations",
"type": "string"
}
},
"title": "Parameters for querying widget configurations",
"type": "object"
}
Ws1bOidcEndpointCreateRequest (type)
{
"id": "Ws1bOidcEndpointCreateRequest",
"module_id": "CertificateManager",
"properties": {
"api_token": {
"description": "A JWT token with sufficient privileges to create an OAuth app on VC/WS1B.",
"required": true,
"sensitive": true,
"title": "API token for VC/WS1B",
"type": "secure_string"
},
"certificate_chain": {
"description": "The public certificate chain for the VC/WS1B, in PEM format.",
"required": true,
"title": "The certificate chain for VC/WS1B",
"type": "string"
},
"nsx_fqdn": {
"description": "The fully qualified domain name of the NSX Manager. This is used when redirecting UI users after authenticating.",
"required": true,
"title": "FQDN of NSX Manager",
"type": "string"
},
"oidc_uri": {
"description": "The OIDC discovery endpoint URL. Information such as the expected issuer and signing keys will be retrieved from this URL.",
"required": true,
"title": "The VC/WS1B OIDC discovery endpoint URL",
"type": "string"
}
},
"type": "object"
}
Ws1bOidcEndpointRemovalRequest (type)
{
"id": "Ws1bOidcEndpointRemovalRequest",
"module_id": "CertificateManager",
"properties": {
"api_token": {
"description": "A JWT token with sufficient privileges to delete an OAuth app on VC/WS1B.",
"required": true,
"sensitive": true,
"title": "API token for VC/WS1B",
"type": "secure_string"
},
"force": {
"default": false,
"description": "By default, if cleanup of the OAuth app on VC/WS1B fails, the operation halts and the OIDC configuration for VC/WS1B on NSX is left in place. If true is passed for the force property, then the NSX OIDC configuration is removed regardless of whether the OAuth app was was successfully removed from VC/WS1B.",
"title": "Force removal of NSX OIDC config",
"type": "boolean"
}
},
"type": "object"
}
Ws1bOidcEndpointRemovalResponse (type)
{
"id": "Ws1bOidcEndpointRemovalResponse",
"module_id": "CertificateManager",
"properties": {
"oauth_client_removal_succeeded": {
"description": "True if the OAuth client on WS1B was successfully removed.",
"readonly": true,
"title": "Result of OAuth client cleanup",
"type": "boolean"
}
},
"type": "object"
}
X509Certificate (type)
{
"additionalProperties": false,
"id": "X509Certificate",
"module_id": "CertificateManager",
"properties": {
"dsa_public_key_g": {
"description": "One of the DSA cryptogaphic algorithm's strength parameters, base.",
"readonly": true,
"required": false,
"type": "string"
},
"dsa_public_key_p": {
"description": "One of the DSA cryptogaphic algorithm's strength parameters, prime.",
"readonly": true,
"required": false,
"type": "string"
},
"dsa_public_key_q": {
"description": "One of the DSA cryptogaphic algorithm's strength parameters, sub-prime.",
"readonly": true,
"required": false,
"type": "string"
},
"dsa_public_key_y": {
"description": "One of the DSA cryptogaphic algorithm's strength parameters.",
"readonly": true,
"required": false,
"type": "string"
},
"ecdsa_curve_name": {
"description": "The Curve name for the ECDSA certificate.",
"readonly": true,
"required": false,
"title": "ECDSA Curve Name",
"type": "string"
},
"ecdsa_ec_field": {
"description": "Represents an elliptic curve (EC) finite field in ECDSA.",
"enum": [
"F2M",
"FP"
],
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve Finite Field",
"type": "string"
},
"ecdsa_ec_field_f2mks": {
"description": "The order of the middle term(s) of the reduction polynomial in elliptic curve (EC) | characteristic 2 finite field.| Contents of this array are copied to protect against subsequent modification in ECDSA.",
"items": {
"type": "integer"
},
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve F2MKS",
"type": "array"
},
"ecdsa_ec_field_f2mm": {
"description": "The first coefficient of this elliptic curve in elliptic curve (EC) | characteristic 2 finite field for ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve F2MM",
"type": "integer"
},
"ecdsa_ec_field_f2mrp": {
"description": "The value whose i-th bit corresponds to the i-th coefficient of the reduction polynomial | in elliptic curve (EC) characteristic 2 finite field for ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve F2MRP",
"type": "string"
},
"ecdsa_ec_field_f2pp": {
"description": "The specified prime for the elliptic curve prime finite field in ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve F2PP",
"type": "string"
},
"ecdsa_pub": {
"description": "The public key information in ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Public key information",
"type": "string"
},
"ecdsa_public_key_a": {
"description": "The first coefficient of this elliptic curve in ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve Public Key A",
"type": "string"
},
"ecdsa_public_key_b": {
"description": "The second coefficient of this elliptic curve in ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve Public Key B",
"type": "string"
},
"ecdsa_public_key_cofactor": {
"description": "The co-factor in ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve Public Key Cofactor",
"type": "integer"
},
"ecdsa_public_key_generator_x": {
"description": "X co-ordinate of G (the generator which is also known as the base point) in ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve Public Key X",
"type": "string"
},
"ecdsa_public_key_generator_y": {
"description": "Y co-ordinate of G (the generator which is also known as the base point) in ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve Public Key Y",
"type": "string"
},
"ecdsa_public_key_order": {
"description": "The order of generator G in ECDSA.",
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve Public Key Order",
"type": "string"
},
"ecdsa_public_key_seed": {
"description": "The bytes used during curve generation for later validation in ECDSA.| Contents of this array are copied to protect against subsequent modification.",
"items": {
"type": "string"
},
"readonly": true,
"required": false,
"title": "ECDSA Elliptic Curve Public Key Seed",
"type": "array"
},
"is_ca": {
"description": "True if this is a CA certificate.",
"readonly": true,
"required": true,
"type": "boolean"
},
"is_valid": {
"description": "True if this certificate is valid.",
"readonly": true,
"required": true,
"type": "boolean"
},
"issuer": {
"description": "The certificate issuers complete distinguished name.",
"readonly": true,
"required": true,
"type": "string"
},
"issuer_cn": {
"description": "The certificate issuer's common name.",
"readonly": true,
"required": false,
"type": "string"
},
"not_after": {
"$ref": "EpochMsTimestamp,
"description": "The time in epoch milliseconds at which the certificate becomes invalid.",
"readonly": true,
"required": true
},
"not_before": {
"$ref": "EpochMsTimestamp,
"description": "The time in epoch milliseconds at which the certificate becomes valid.",
"readonly": true,
"required": true
},
"parsed_pem_encoding": {
"description": "This is the PEM encoding after parsing out any extraneous characters, ensuring any library will accept it.",
"readonly": true,
"required": false,
"title": "PEM encoding after parsing the PEM.",
"type": "string"
},
"public_key_algo": {
"description": "Cryptographic algorithm used by the public key for data encryption.",
"readonly": true,
"required": true,
"title": "Public Key Algorithm",
"type": "string"
},
"public_key_length": {
"description": "Size measured in bits of the public/private keys used in a cryptographic algorithm.",
"readonly": true,
"required": false,
"type": "integer"
},
"rsa_public_key_exponent": {
"description": "An RSA public key is made up of the modulus and the public exponent. Exponent is a power number.",
"readonly": true,
"required": false,
"type": "string"
},
"rsa_public_key_modulus": {
"description": "An RSA public key is made up of the modulus and the public exponent. Modulus is wrap around number.",
"readonly": true,
"required": false,
"type": "string"
},
"serial_number": {
"description": "Certificate's serial number.",
"readonly": true,
"required": true,
"type": "string"
},
"sha_256_thumbprint": {
"description": "The SHA256 thumbprint of the certificate, in hexadecimal notation.",
"readonly": true,
"title": "SHA256 thumbprint, in hex",
"type": "string"
},
"signature": {
"description": "The signature value(the raw signature bits) used for signing and validate the cert.",
"readonly": true,
"required": true,
"type": "string"
},
"signature_algorithm": {
"description": "The algorithm used by the Certificate Authority to sign the certificate.",
"readonly": true,
"required": true,
"type": "string"
},
"subject": {
"description": "The certificate owners complete distinguished name.",
"readonly": true,
"required": true,
"type": "string"
},
"subject_alt_names": {
"$ref": "SubjectAltNames,
"description": "A list of Subject Alternative Names of the certificate",
"readonly": true,
"required": false,
"title": "Subject Alternative Names"
},
"subject_cn": {
"description": "The certificate owner's common name.",
"readonly": true,
"required": false,
"type": "string"
},
"version": {
"description": "Certificate version (default v1).",
"readonly": true,
"required": true,
"type": "string"
}
},
"type": "object"
}
X509Crl (type)
{
"additionalProperties": false,
"id": "X509Crl",
"module_id": "CertificateManager",
"properties": {
"crl_entries": {
"description": "List of X509CrlEntry.",
"items": {
"$ref": "X509CrlEntry
},
"readonly": true,
"required": false,
"type": "array"
},
"issuer": {
"description": "Issuer's distinguished name. (DN)",
"readonly": true,
"required": false,
"type": "string"
},
"next_update": {
"description": "Next update time for the CRL.",
"readonly": true,
"required": false,
"type": "string"
},
"version": {
"description": "CRL's version number either 1 or 2.",
"readonly": true,
"required": false,
"type": "string"
}
},
"title": "A CRL is a time-stamped list identifying revoked certificates.",
"type": "object"
}
X509CrlEntry (type)
{
"additionalProperties": false,
"id": "X509CrlEntry",
"module_id": "CertificateManager",
"properties": {
"revocation_date": {
"description": "Revocation date.",
"readonly": true,
"required": false,
"type": "string"
},
"serial_number": {
"description": "The revoked certificate's serial number.",
"readonly": true,
"required": false,
"type": "string"
}
},
"title": "Each revoked certificate is identified in a CRL by its certificate serial number.",
"type": "object"
}