NSX-T Data Center REST API

Associated URIs:

API Description	API Path
Get groups for which the given Cloud Native Service Instance is a member Get policy groups for which the given Cloud Native Service Instance is a member.	GET /policy/api/v1/infra/cloud-native-service-group-associations GET /policy/api/v1/global-infra/cloud-native-service-group-associations
List Groups for a domain List Groups for a domain. Groups can be filtered using member_types query parameter, which returns the groups that contains the specified member types. Multiple member types can be provided as comma separated values. The API also return groups having member type that are subset of provided member_types.	GET /policy/api/v1/infra/domains/{domain-id}/groups GET /policy/api/v1/global-infra/domains/{domain-id}/groups GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups
Delete Group Delete the group with group_id under domain domain_id. The force query parameter supported on the API is deprecated. Usage of the force query parameter does not alter the behaviour of the API. The API just ignores the force parameter.	DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id} DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}
Read group Read group	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id} GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}
Patch a group If a group with the group-id is not already present, create a new group. If it already exists, patch the group. Group created with Kubernetes membership criteria includes only Antrea reported inventory as its members. Once created, Groups with Identity (Directory) Group members should be updated with the new Distinguished Name in case it is changed on AD Server. Maximum of 500 malicious IP Groups (i.e Group with criteria having IPAddress equals All MALICIOUS_IP) should be created.	PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id} PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}
Create or update a group If a group with the group-id is not already present, create a new group. If it already exists, update the group. Avoid creating groups with multiple MACAddressExpression and IPAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression and IPAddressExpression along with other expressions. To group IPAddresses or MACAddresses, use nested groups instead of multiple IPAddressExpressions/MACAddressExpression. Group created with Kubernetes membership criteria includes only Antrea reported inventory as its members. Once created, Groups with Identity (Directory) Group members should be updated with the new Distinguished Name in case it is changed on AD Server. Maximum of 500 malicious IP Groups (i.e Group with criteria having IPAddress equals All MALICIOUS_IP) should be created.	PUT /policy/api/v1/infra/domains/{domain-id}/groups/{group-id} PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}
Get associated kubernetes clusters for given group Get list of clusters associated to this Group. This API is applicable for Groups containing kubernetes resources. For Groups containing other member types an empty list is returned.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/associated-kubernetes-clusters
Delete Group External ID Expression Delete Group External ID Expression	DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id} DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
Patch a group external ID expression If a group ExternalIDexpression with the expression-id is not already present, create a new ExternalIDexpresison. If it already exists, replace the existing ExternalIDexpression.	PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id} PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
Add or Remove external id based members from/to a Group It will add or remove the specified members having external ID for a given expression of a group.	POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id} POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
Delete Group IPAddressExpression Delete Group IPAddressExpression	DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id} DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
Patch a group IP Address expression If a group IPAddressExpression with the expression-id is not already present, create a new IPAddressExpression. If it already exists, replace the existing IPAddressExpression.	PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id} PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
Add or Remove IP Addresses from/to a Group It will add or remove the specified IP Addresses from a given expression of a group.	POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id} POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
Delete Group MACAddressExpression Delete Group MACAddressExpression	DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id} DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
Patch a group MAC Address expression If a group MACAddressExpression with the expression-id is not already present, create a new MACAddressExpression. If it already exists, replace the existing MACAddressExpression.	PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id} PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
Add or Remove MAC Addresses from/to a Group It will add or remove the specified MAC Addresses from a given expression of a group.	POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id} POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
Get member types for a given Group It retrieves member types for a given group. In case of nested groups, it calculates member types of child groups as well. Considers member type for members added via static members and dynamic membership criteria.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/member-types GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/member-types GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/member-types
Get antrea egresses that belong to this Group Get antrea egresses that belong to this Group. This API is applicable for Groups containing AntreaEgress member type. For Groups containing other member types an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/antrea-egresses
Get antrea ippools that belong to this Group Get antrea ippools that belong to this Group. This API is applicable for Groups containing AntreaIPPool member type. For Groups containing other member types an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/antrea-ip-pools
Get Effective Cloud Native Service Instances that belong to this group. Returns Effective Cloud Native Service Instances that belong to this group. This API is applicable only for Groups containing CloudNativeServiceInstance member type. For Groups containing other member types,it returns an empty list.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/cloud-native-service-instances GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/cloud-native-service-instances
Get consolidated effective IPAddress translated from this group across site Returns the consolidated effective IP address members of the specified Group. This is applicable in the case of a federated environment. The response includes a site-wise list of static and dynamically translated effective IP address members. If the group evaluation on a site is empty, the response will contain the site-id with empty list. If a group is a reference group on a site, then its consolidated effective IP response will contain the effective IPs from other sites, and the response will contain an empty list of IPs for the sites where is it a reference group. This API is applicable only for Global Groups that contain (either directly or via nesting) VirtualMachine, VIF, Segment, SegmentPort, or IPSet member types. Please use the cursor value in the response to fetch the next page. If there is no cursor value in the response, it indicates that it is the last page of results for the query.	GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/consolidated-effective-ip-addresses
Get Discovered Port Groups that belong to this Group Get Discovered Port Groups that belong to this Group	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/dvpg GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/dvpg
Get discovered ports that belong to this Group Get discovered ports that belong to this Group	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/dvports GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/dvports
Get Effective Identity Groups that belong to this group. Returns Effective Identiy Groups that belong to this group. This API is applicable only for Groups containing IdentityGroup member type. For Groups containing other member types,it returns an empty list.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/identity-groups
Get IP addresses that belong to this Group Get IP addresses that belong to this Group. This API is applicable for Groups containing either VirtualMachine, VIF, Segment ,Segment Port or IP Address member type.For Groups containing other member types,an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses
Get Effective IPGroups that belong to this group. Returns effective IPGroups that belong to this group. This API is applicable only for Groups containing IPSet member type. For Groups containing other member types,it returns an empty list.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/ip-groups GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/ip-groups GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/ip-groups
Get kubernetes gateways that belong to this Group Get kubernetes gateways that belong to this Group. This API is applicable for Groups containing KubernetesGateway member type. For Groups containing other member types an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-gateways
Get kubernetes ingress policies that belong to this Group Get kubernetes ingress policies that belong to this Group. This API is applicable for Groups containing KubernetesIngress member type. For Groups containing other member types an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-ingresses
Get kubernetes nodes that belong to this Group Get kubernetes nodes that belong to this Group. This API is applicable for Groups containing KubernetesNode member type with key as IP_ADDRESSES. For Groups containing other member types an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-node-ips
Get kubernetes node pod cidrs that belong to this Group Get kubernetes node pod cidrs that belong to this Group. This API is applicable for Groups containing KubernetesNode member type with key as POD_CIDRS. For Groups containing other member types an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-node-pod-cidrs
Get kubernetes services that belong to this Group Get kubernetes services that belong to this Group. This API is applicable for Groups containing KubernetesService member type. For Groups containing other member types an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-services
Get logical ports that belong to this Group Get logical ports that belong to this Group This API is applicable for Groups containing either VirtualMachine, VIF, Segment or Segment Port member type.For Groups containing other member types,an empty list is returned.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/logical-ports GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/logical-ports GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/logical-ports
Get logical switches that belong to this Group Get logical switches that belong to this Group. This API is applicable for Groups containing Segment member type. For Groups containing other member types, an empty list is returned.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/logical-switches GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/logical-switches GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/logical-switches
Get Effective Physical Server Members that belong to this group. Returns Effective Physical Server Members that belong to this group. This API is applicable only for Groups containing Physical Server member type. For Groups containing other member types,it returns an empty list.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/physical-servers GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/physical-servers
Get pods that belong to this Group Get pods that belong to this Group. This API is applicable for Groups containing either Pod, Cluster, Namespace, Service member type. For Groups containing other member types an empty list is returned	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/pods GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/pods GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/pods
Get segment ports that belong to this Group Get segment ports that belong to this Group	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/segment-ports GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/segment-ports GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/segment-ports
Get segments that belong to this Group Get segments that belong to this Group	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/segments GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/segments GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/segments
Get effective transport node members that belong to this group Get effective transport node members that belong to this Group. This API is applicable only for Groups containing TransportNode member type. For Groups containing other member types,an empty list is returned.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/transport-nodes
Get Virtual Network Interface instances that belong to this Group Get Virtual Network Interface instances that belong to this Group. This API is applicable for Groups containing VirtualNetworkInterface and VirtualMachine member types. For Groups containing other member types,an empty list is returned.target_id in response is external_id of VirtualNetworkInterface or VirtualMachine.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/vifs GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/vifs GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/vifs
Get Virtual machines that belong to this Group Get Virtual machines that belong to this Group. This API is applicable for Groups containing VirtualMachine,member type. For Groups containing other member types,an empty list is returned.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines
Delete Group Path Expression Delete Group Path Expression	DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id} DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
Patch a group path expression If a group path_expression with the expression-id is not already present, create a new pathexpresison. If it already exists, replace the existing pathexpression.	PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id} PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
Add or Remove path based members from/to a Group It will add or remove the specified members having path for a given expression of a group.	POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id} POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
Get effective VMs for the Group Get the effective VM membership for the Group. This API also gives some VM details such as VM name, IDs and the current state of the VMs.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/statistics/virtual-machines (Deprecated) GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/statistics/virtual-machines (Deprecated)
Get tags used to define conditions inside a Group Get tags used to define conditions inside a Group. Also includes tags inside nested groups.	GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/tags GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/tags GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/tags
Get groups for which the given object is a member Get policy groups for which the given object is a member. In Federation environment, if the given object is a global entity (eg: global segment) and if the entity is not stretched to the site specified in the enforcement_point_path parameter,then the following is returned:- 1)If the entity is a member of any global group and that group is stretched to the enforcement_point_path site,then the API returns an empty list. 2)If the entity is not a member of any global group,this API returns an 'invalid path' error message. 3)If both the entity and its corresponding groups are stretched to the enforcement_point_path site , then the API returns the groups list.	GET /policy/api/v1/infra/group-associations GET /policy/api/v1/global-infra/group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/group-associations
Get groups for which the given Identity Group is a member Get policy groups for which the given Identity Group is a member.	GET /policy/api/v1/infra/identity-group-associations
Get groups for which the given IP address is a member Get policy groups for which the given IP address is a member.	GET /policy/api/v1/infra/ip-address-group-associations GET /policy/api/v1/global-infra/ip-address-group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/ip-address-group-associations
Get groups for which the given Physical Server is a member Get policy groups for which the given Physical Server is a member.	GET /policy/api/v1/infra/physical-server-group-associations GET /policy/api/v1/global-infra/physical-server-group-associations
Get groups for which the given pod is a member Get policy groups for which the given pod is a member.	GET /policy/api/v1/infra/pod-group-associations GET /policy/api/v1/global-infra/pod-group-associations
Get groups for which the given VM is a member Get policy groups for which the given VM is a member.	GET /policy/api/v1/infra/virtual-machine-group-associations GET /policy/api/v1/global-infra/virtual-machine-group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/virtual-machine-group-associations
Get groups for which the given VIF is a member Get policy groups for which the given VIF is a member.	GET /policy/api/v1/infra/virtual-network-interface-group-associations GET /policy/api/v1/global-infra/virtual-network-interface-group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/virtual-network-interface-group-associations

Additional Links

Group Members

Groups

NSX-T Data Center REST API

Associated URIs:

Get groups for which the given Cloud Native Service Instance is a member

List Groups for a domain

Delete Group

Read group

Patch a group

Create or update a group

Get associated kubernetes clusters for given group

Delete Group External ID Expression

Patch a group external ID expression

Add or Remove external id based members from/to a Group

Delete Group IPAddressExpression

Patch a group IP Address expression

Add or Remove IP Addresses from/to a Group

Delete Group MACAddressExpression

Patch a group MAC Address expression

Add or Remove MAC Addresses from/to a Group

Get member types for a given Group

Get antrea egresses that belong to this Group

Get antrea ippools that belong to this Group

Get Effective Cloud Native Service Instances that belong to this group.

Get consolidated effective IPAddress translated from this group across site

Get Discovered Port Groups that belong to this Group

Get discovered ports that belong to this Group

Get Effective Identity Groups that belong to this group.

Get IP addresses that belong to this Group

Get Effective IPGroups that belong to this group.

Get kubernetes gateways that belong to this Group

Get kubernetes ingress policies that belong to this Group

Get kubernetes nodes that belong to this Group

Get kubernetes node pod cidrs that belong to this Group

Get kubernetes services that belong to this Group

Get logical ports that belong to this Group

Get logical switches that belong to this Group

Get Effective Physical Server Members that belong to this group.

Get pods that belong to this Group

Get segment ports that belong to this Group

Get segments that belong to this Group

Get effective transport node members that belong to this group

Get Virtual Network Interface instances that belong to this Group

Get Virtual machines that belong to this Group

Delete Group Path Expression

Patch a group path expression

Add or Remove path based members from/to a Group

Get effective VMs for the Group

Get tags used to define conditions inside a Group

Get groups for which the given object is a member

Get groups for which the given Identity Group is a member

Get groups for which the given IP address is a member

Get groups for which the given Physical Server is a member

Get groups for which the given pod is a member

Get groups for which the given VM is a member

Get groups for which the given VIF is a member