NSX-T Data Center REST API
Associated URIs:
| API Description | API Path |
|---|---|
Return the List of interfaces for all bare metal servers.Returns information about all bare metal server interfaces. Tags will be populated only if the tags are added on the bare metal server interface. Tags will not be listed in case tags are removed or are not added. |
GET /api/v1/fabric/baremetal-server-interfaces
|
Return the list of all bare metal serversReturns information about all bare metal servers. Tags will be populated only if the tags are added on the bare metal server. Tags will not be listed in case tags are removed or are not added. |
GET /api/v1/fabric/baremetal-servers
|
Return the list of container application instanceReturns information about all container application instance. |
GET /api/v1/fabric/container-application-instances
|
Return a container application instanceReturns information about a specific container application instance. |
GET /api/v1/fabric/container-application-instances/{container-application-instance-id}
|
Return the List of Container ApplicationsReturns information about all Container Applications. |
GET /api/v1/fabric/container-applications
|
Return a Container Application within a container projectReturns information about a specific Container Application within a project. |
GET /api/v1/fabric/container-applications/{container-application-id}
|
Return the list of container cluster nodesReturns information about all container cluster nodes. |
GET /api/v1/fabric/container-cluster-nodes
|
Return a container cluster nodeReturns information about a specific container cluster node. |
GET /api/v1/fabric/container-cluster-nodes/{container-cluster-node-id}
|
Return the List of Container ClustersReturns information about all Container Clusters. |
GET /api/v1/fabric/container-clusters
|
Return a container clusterReturns information about a specific container cluster |
GET /api/v1/fabric/container-clusters/{container-cluster-id}
|
Returns an egress detailsReturns information about a specific egress. |
GET /api/v1/fabric/container-egress/{egress-id}
|
Return the List of Container EgressReturns information about all egress. |
GET /api/v1/fabric/container-egresses
|
Returns an container gatewayReturns information about a specific container gateway. |
GET /api/v1/fabric/container-gateway/{gateway-id}
|
Return the List of container gatewayReturns information about all container gateways. |
GET /api/v1/fabric/container-gateways
|
Return the List of Container Ingress PoliciesReturns information about all ingress policies. |
GET /api/v1/fabric/container-ingress-policies
|
Returns an ingress policy specReturns information about a specific ingress policy. |
GET /api/v1/fabric/container-ingress-policies/{ingress-policy-id}
|
Returns an container ip poolReturns information about a specific container ip pool. |
GET /api/v1/fabric/container-ip-pool/{ip-pool-id}
|
Return the List of Container ip poolReturns information about all container ip pools. |
GET /api/v1/fabric/container-ip-pools
|
Return the List of Container Network PoliciesReturns information about all network policies. |
GET /api/v1/fabric/container-network-policies
|
Return a network policy specReturns information about a specific network policy. |
GET /api/v1/fabric/container-network-policies/{network-policy-id}
|
Return the list of container projectsReturns information about all container projects |
GET /api/v1/fabric/container-projects
|
Return a container projectReturns information about a specific project |
GET /api/v1/fabric/container-projects/{container-project-id}
|
Return the List of Virtual Network Interfaces (VIFs)Returns information about all VIFs. A virtual network interface aggregates network interfaces into a logical interface unit that is indistinuishable from a physical network interface. |
GET /api/v1/fabric/vifs
|
Return the List of Virtual MachinesReturns information about all virtual machines. If you have not added NSX tags on the VM or removed all the NSX tags that were earlier added to the VM, then tags property is not returned in the API response. |
GET /api/v1/fabric/virtual-machines
|
Perform action on specified virtual machine e.g. update tagsPerform action on a specific virtual machine. External id of the virtual machine needs to be provided in the request body. Some of the actions that can be performed are update tags, add tags, remove tags. To add tags to existing list of tag, use action parameter add_tags. To remove tags from existing list of tag, use action parameter remove_tags. To replace existing tags with new tags, use action parameter update_tags. To clear all tags, provide an empty list and action parameter as update_tags. The vmw-async: True HTTP header cannot be used with this API. |
POST /api/v1/fabric/virtual-machines?action=update_tags
|
Perform action on specified virtual machine e.g. update tagsPerform action on a specific virtual machine. External id of the virtual machine needs to be provided in the request body. Some of the actions that can be performed are update tags, add tags, remove tags. To add tags to existing list of tag, use action parameter add_tags. To remove tags from existing list of tag, use action parameter remove_tags. To replace existing tags with new tags, use action parameter update_tags. To clear all tags, provide an empty list and action parameter as update_tags. The vmw-async: True HTTP header cannot be used with this API. |
POST /api/v1/fabric/virtual-machines?action=add_tags
|
Perform action on specified virtual machine e.g. update tagsPerform action on a specific virtual machine. External id of the virtual machine needs to be provided in the request body. Some of the actions that can be performed are update tags, add tags, remove tags. To add tags to existing list of tag, use action parameter add_tags. To remove tags from existing list of tag, use action parameter remove_tags. To replace existing tags with new tags, use action parameter update_tags. To clear all tags, provide an empty list and action parameter as update_tags. The vmw-async: True HTTP header cannot be used with this API. |
POST /api/v1/fabric/virtual-machines?action=remove_tags
|
Return the list of tools and agents installed in VMs.This API returns the list of tools and agents installed in VMs. |
GET /api/v1/fabric/virtual-machines/tools-info
|
Return the List of Virtual SwitchesReturns information about all Distributed virtual switches based on the request parameters. |
GET /api/v1/fabric/virtual-switches
|
Apply tags on bare metal server interfaceAllows an admin to apply multiple tags to a bare metal server interface. This operation does not store the intent on the policy side. This operation will replace the existing tags on the bare metal server interface with the ones that have been passed. If the application of tag fails, then an error is reported. The admin will have to retry the operation again. Policy framework does not perform a retry. Failure could occur due to multiple reasons. For e.g constraints like max tags limit exceeded, etc. |
POST /policy/api/v1/infra/baremetal-server-interfaces/tags
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/baremetal-server-interfaces/tags |
Apply tags on bare metal serverAllows an admin to apply multiple tags to a bare metal server. This operation does not store the intent on the policy side. This operation will replace the existing tags on the bare metal server with the ones that have been passed. If the application of tag fails, then an error is reported. The admin will have to retry the operation again. Policy framework does not perform a retry. Failure could occur due to multiple reasons. For e.g constraints like max tags limit exceeded, etc. |
POST /policy/api/v1/infra/baremetal-servers/tags
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/baremetal-servers/tags |
Get groups for which the given bare metal server (BMS) is a memberGet policy groups for which the given bare metal server (BMS) is a member. |
GET /policy/api/v1/infra/bms-group-associations
GET /policy/api/v1/global-infra/bms-group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/bms-group-associations |
Get groups for which the given bare metal server interface (BMSI) is a memberGet policy groups for which the given bare metal server interface (BMSI) is a member. |
GET /policy/api/v1/infra/bmsi-group-associations
GET /policy/api/v1/global-infra/bmsi-group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/bmsi-group-associations |
Get groups for which the given Cloud Native Service Instance is a memberGet policy groups for which the given Cloud Native Service Instance is a member. |
GET /policy/api/v1/infra/cloud-native-service-group-associations
GET /policy/api/v1/global-infra/cloud-native-service-group-associations |
Get PolicyContextProfilesGet all PolicyContextProfiles |
GET /policy/api/v1/infra/context-profiles
GET /policy/api/v1/global-infra/context-profiles GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles |
Delete Policy Context ProfileDeletes the specified Policy Context Profile. If the Policy Context Profile is consumed in a firewall rule, it won't get deleted. |
DELETE /policy/api/v1/infra/context-profiles/{context-profile-id}
DELETE /policy/api/v1/global-infra/context-profiles/{context-profile-id} DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id} |
Get PolicyContextProfileGet a single PolicyContextProfile by id |
GET /policy/api/v1/infra/context-profiles/{context-profile-id}
GET /policy/api/v1/global-infra/context-profiles/{context-profile-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id} |
Create PolicyContextProfileCreates/Updates a PolicyContextProfile, which encapsulates attribute and sub-attributes of network services. Rules for using attributes and sub-attributes in single PolicyContextProfile 1. One type of attribute can't have multiple occurrences. ( Eg. - Attribute type APP_ID can be used only once per PolicyContextProfile.) 2. For specifying multiple values for an attribute, provide them in an array. 3. If sub-attribtes are mentioned for an attribute, then only single value is allowed for that attribute. 4. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes 5. Do not create context profile with "custom_attributes" id |
PATCH /policy/api/v1/infra/context-profiles/{context-profile-id}
PATCH /policy/api/v1/global-infra/context-profiles/{context-profile-id} PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id} |
Create PolicyContextProfileCreates/Updates a PolicyContextProfile, which encapsulates attribute and sub-attributes of network services. Rules for using attributes and sub-attributes in single PolicyContextProfile 1. One type of attribute can't have multiple occurrences. ( Eg. - Attribute type APP_ID can be used only once per PolicyContextProfile.) 2. For specifying multiple values for an attribute, provide them in an array. 3. If sub-attribtes are mentioned for an attribute, then only single value is allowed for that attribute. 4. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes 5. Do not create context profile with "custom_attributes" id |
PUT /policy/api/v1/infra/context-profiles/{context-profile-id}
PUT /policy/api/v1/global-infra/context-profiles/{context-profile-id} PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/{context-profile-id} |
List Context Profile supported attribute typesReturns supported attribute type strings for Context Profile. |
GET /policy/api/v1/infra/context-profiles/attribute-types
|
List Policy Context Profile supported attributes and sub-attributesReturns supported attribute and sub-attributes for specified attribute key with their supported values, if provided in query/request parameter, else will fetch all supported attributes and sub-attributes for all supported attribute keys. Alternatively, to get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes |
GET /policy/api/v1/infra/context-profiles/attributes
GET /policy/api/v1/global-infra/context-profiles/attributes GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/attributes |
Update custom object attribute value list for given attribute keyThis API updates custom attribute value list for given key. |
PATCH /policy/api/v1/infra/context-profiles/custom-attributes
(Deprecated)
PATCH /policy/api/v1/global-infra/context-profiles/custom-attributes (Deprecated) PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes (Deprecated) |
Adds/Removes custom attribute values from listThis API adds/removes custom attribute values from list for a given attribute key. |
POST /policy/api/v1/infra/context-profiles/custom-attributes
(Deprecated)
POST /policy/api/v1/global-infra/context-profiles/custom-attributes (Deprecated) POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes (Deprecated) |
Retrieves custom attribute values for given attribute keyThis API lists all the custom attribute values defined in the system for the attribute_key mentioned as part of the url. |
GET /policy/api/v1/infra/context-profiles/custom-attributes/default
GET /policy/api/v1/global-infra/context-profiles/custom-attributes/default GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default |
Update custom attribute value list for given attribute key.This API updates custom attribute value list for given key in the request. This replaces the existing list with the list provided in the request |
PATCH /policy/api/v1/infra/context-profiles/custom-attributes/default
PATCH /policy/api/v1/global-infra/context-profiles/custom-attributes/default PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default |
Adds/Removes custom attribute values from listThis API adds/removes custom attribute values from list for a given attribute key. The values in the request will be added or removed from the existing list. |
POST /policy/api/v1/infra/context-profiles/custom-attributes/default
POST /policy/api/v1/global-infra/context-profiles/custom-attributes/default POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/context-profiles/custom-attributes/default |
List Groups for a domainList Groups for a domain. Groups can be filtered using member_types query parameter, which returns the groups that contains the specified member types. Multiple member types can be provided as comma separated values. The API also return groups having member type that are subset of provided member_types. |
GET /policy/api/v1/infra/domains/{domain-id}/groups
GET /policy/api/v1/global-infra/domains/{domain-id}/groups GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups |
Delete GroupDelete the group with group_id under domain domain_id. The force query parameter supported on the API is deprecated. Usage of the force query parameter does not alter the behaviour of the API. The API just ignores the force parameter. |
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id} |
Read groupRead group |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id} |
Patch a groupIf a group with the group-id is not already present, create a new group. If it already exists, patch the group. Group created with Kubernetes membership criteria includes only Antrea reported inventory as its members. Once created, Groups with Identity (Directory) Group members should be updated with the new Distinguished Name in case it is changed on AD Server. Maximum of 500 malicious IP Groups (i.e Group with criteria having IPAddress equals All MALICIOUS_IP) should be created. |
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id} |
Create or update a groupIf a group with the group-id is not already present, create a new group. If it already exists, update the group. Avoid creating groups with multiple MACAddressExpression and IPAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression and IPAddressExpression along with other expressions. To group IPAddresses or MACAddresses, use nested groups instead of multiple IPAddressExpressions/MACAddressExpression. Group created with Kubernetes membership criteria includes only Antrea reported inventory as its members. Once created, Groups with Identity (Directory) Group members should be updated with the new Distinguished Name in case it is changed on AD Server. Maximum of 500 malicious IP Groups (i.e Group with criteria having IPAddress equals All MALICIOUS_IP) should be created. |
PUT /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id} |
Get associated kubernetes clusters for given groupGet list of clusters associated to this Group. This API is applicable for Groups containing kubernetes resources. For Groups containing other member types an empty list is returned. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/associated-kubernetes-clusters
|
Delete Group External ID ExpressionDelete Group External ID Expression |
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id} |
Patch a group external ID expressionIf a group ExternalIDexpression with the expression-id is not already present, create a new ExternalIDexpresison. If it already exists, replace the existing ExternalIDexpression. |
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id} |
Add or Remove external id based members from/to a GroupIt will add or remove the specified members having external ID for a given expression of a group. |
POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id} |
Delete Group IPAddressExpressionDelete Group IPAddressExpression |
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id} |
Patch a group IP Address expressionIf a group IPAddressExpression with the expression-id is not already present, create a new IPAddressExpression. If it already exists, replace the existing IPAddressExpression. |
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id} |
Add or Remove IP Addresses from/to a GroupIt will add or remove the specified IP Addresses from a given expression of a group. |
POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id} |
Delete Group MACAddressExpressionDelete Group MACAddressExpression |
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id} |
Patch a group MAC Address expressionIf a group MACAddressExpression with the expression-id is not already present, create a new MACAddressExpression. If it already exists, replace the existing MACAddressExpression. |
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id} |
Add or Remove MAC Addresses from/to a GroupIt will add or remove the specified MAC Addresses from a given expression of a group. |
POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id} |
Get member types for a given GroupIt retrieves member types for a given group. In case of nested groups, it calculates member types of child groups as well. Considers member type for members added via static members and dynamic membership criteria. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/member-types
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/member-types GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/member-types |
Get antrea egresses that belong to this GroupGet antrea egresses that belong to this Group. This API is applicable for Groups containing AntreaEgress member type. For Groups containing other member types an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/antrea-egresses
|
Get antrea ippools that belong to this GroupGet antrea ippools that belong to this Group. This API is applicable for Groups containing AntreaIPPool member type. For Groups containing other member types an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/antrea-ip-pools
|
Get Effective Bare Metal Servers(BMS) that belong to this group.Returns Effective Bare metal servers(BMS) that belong to this group. This API is applicable only for Groups containing BMS member type. For Groups containing other member types,it returns an empty list. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/bms
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/bms |
Get Effective Bare Metal Server Interfaces(BMSI) that belong to this group.Returns Effective Bare metal server interfaces (BMSI) that belong to this group. This API is applicable only for Groups containing BMSI member type. For Groups containing other member types,it returns an empty list. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/bmsi
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/bmsi |
Get Effective Cloud Native Service Instances that belong to this group.Returns Effective Cloud Native Service Instances that belong to this group. This API is applicable only for Groups containing CloudNativeServiceInstance member type. For Groups containing other member types,it returns an empty list. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/cloud-native-service-instances
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/cloud-native-service-instances |
Get consolidated effective IPAddress translated from this group across siteReturns the consolidated effective IP address members of the specified Group. This is applicable in the case of a federated environment. The response includes a site-wise list of static and dynamically translated effective IP address members. If the group evaluation on a site is empty, the response will contain the site-id with empty list. If a group is a reference group on a site, then its consolidated effective IP response will contain the effective IPs from other sites, and the response will contain an empty list of IPs for the sites where is it a reference group. This API is applicable only for Global Groups that contain (either directly or via nesting) VirtualMachine, VIF, Segment, SegmentPort, or IPSet member types. Please use the cursor value in the response to fetch the next page. If there is no cursor value in the response, it indicates that it is the last page of results for the query. |
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/consolidated-effective-ip-addresses
|
Get Discovered Port Groups that belong to this GroupGet Discovered Port Groups that belong to this Group |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/dvpg
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/dvpg |
Get discovered ports that belong to this GroupGet discovered ports that belong to this Group |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/dvports
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/dvports |
Get Effective Identity Groups that belong to this group.Returns Effective Identiy Groups that belong to this group. This API is applicable only for Groups containing IdentityGroup member type. For Groups containing other member types,it returns an empty list. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/identity-groups
|
Get IP addresses that belong to this GroupGet IP addresses that belong to this Group. This API is applicable for Groups containing either VirtualMachine, VIF, Segment ,Segment Port or IP Address member type.For Groups containing other member types,an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses |
Get Effective IPGroups that belong to this group.Returns effective IPGroups that belong to this group. This API is applicable only for Groups containing IPSet member type. For Groups containing other member types,it returns an empty list. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/ip-groups
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/ip-groups GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/ip-groups |
Get kubernetes gateways that belong to this GroupGet kubernetes gateways that belong to this Group. This API is applicable for Groups containing KubernetesGateway member type. For Groups containing other member types an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-gateways
|
Get kubernetes ingress policies that belong to this GroupGet kubernetes ingress policies that belong to this Group. This API is applicable for Groups containing KubernetesIngress member type. For Groups containing other member types an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-ingresses
|
Get kubernetes nodes that belong to this GroupGet kubernetes nodes that belong to this Group. This API is applicable for Groups containing KubernetesNode member type with key as IP_ADDRESSES. For Groups containing other member types an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-node-ips
|
Get kubernetes node pod cidrs that belong to this GroupGet kubernetes node pod cidrs that belong to this Group. This API is applicable for Groups containing KubernetesNode member type with key as POD_CIDRS. For Groups containing other member types an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-node-pod-cidrs
|
Get kubernetes services that belong to this GroupGet kubernetes services that belong to this Group. This API is applicable for Groups containing KubernetesService member type. For Groups containing other member types an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/kubernetes-services
|
Get logical ports that belong to this GroupGet logical ports that belong to this Group This API is applicable for Groups containing either VirtualMachine, VIF, Segment or Segment Port member type.For Groups containing other member types,an empty list is returned. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/logical-ports
(Deprecated)
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/logical-ports (Deprecated) GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/logical-ports (Deprecated) |
Get logical switches that belong to this GroupGet logical switches that belong to this Group. This API is applicable for Groups containing Segment member type. For Groups containing other member types, an empty list is returned. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/logical-switches
(Deprecated)
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/logical-switches (Deprecated) GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/logical-switches (Deprecated) |
Get pods that belong to this GroupGet pods that belong to this Group. This API is applicable for Groups containing either Pod, Cluster, Namespace, Service member type. For Groups containing other member types an empty list is returned |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/pods
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/pods GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/pods |
Get segment ports that belong to this GroupGet segment ports that belong to this Group |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/segment-ports
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/segment-ports GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/segment-ports |
Get segments that belong to this GroupGet segments that belong to this Group |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/segments
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/segments GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/segments |
Get effective transport node members that belong to this groupGet effective transport node members that belong to this Group. This API is applicable only for Groups containing TransportNode member type. For Groups containing other member types,an empty list is returned. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/transport-nodes
|
Get Virtual Network Interface instances that belong to this GroupGet Virtual Network Interface instances that belong to this Group. This API is applicable for Groups containing VirtualNetworkInterface and VirtualMachine member types. For Groups containing other member types,an empty list is returned.target_id in response is external_id of VirtualNetworkInterface or VirtualMachine. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/vifs
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/vifs GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/vifs |
Get Virtual machines that belong to this GroupGet Virtual machines that belong to this Group. This API is applicable for Groups containing VirtualMachine,member type. For Groups containing other member types,an empty list is returned. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines |
Delete Group Path ExpressionDelete Group Path Expression |
DELETE /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id} |
Patch a group path expressionIf a group path_expression with the expression-id is not already present, create a new pathexpresison. If it already exists, replace the existing pathexpression. |
PATCH /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id} |
Add or Remove path based members from/to a GroupIt will add or remove the specified members having path for a given expression of a group. |
POST /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id} |
Get effective VMs for the GroupGet the effective VM membership for the Group. This API also gives some VM details such as VM name, IDs and the current state of the VMs. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/statistics/virtual-machines
(Deprecated)
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/statistics/virtual-machines (Deprecated) |
Get tags used to define conditions inside a GroupGet tags used to define conditions inside a Group. Also includes tags inside nested groups. |
GET /policy/api/v1/infra/domains/{domain-id}/groups/{group-id}/tags
GET /policy/api/v1/global-infra/domains/{domain-id}/groups/{group-id}/tags GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/domains/{domain-id}/groups/{group-id}/tags |
Get groups for which the given object is a memberGet policy groups for which the given object is a member. In Federation environment, if the given object is a global entity (eg: global segment) and if the entity is not stretched to the site specified in the enforcement_point_path parameter,then the following is returned:- 1)If the entity is a member of any global group and that group is stretched to the enforcement_point_path site,then the API returns an empty list. 2)If the entity is not a member of any global group,this API returns an 'invalid path' error message. 3)If both the entity and its corresponding groups are stretched to the enforcement_point_path site , then the API returns the groups list. |
GET /policy/api/v1/infra/group-associations
GET /policy/api/v1/global-infra/group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/group-associations |
Get groups for which the given Identity Group is a memberGet policy groups for which the given Identity Group is a member. |
GET /policy/api/v1/infra/identity-group-associations
|
Get groups for which the given IP address is a memberGet policy groups for which the given IP address is a member. |
GET /policy/api/v1/infra/ip-address-group-associations
GET /policy/api/v1/global-infra/ip-address-group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/ip-address-group-associations |
List l7 access ProfilesAPI will list all l7 access Profiles |
GET /policy/api/v1/infra/l7-access-profiles
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles |
Delete L7 Access ProfileAPI will delete L7 Access Profile |
DELETE /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id} |
Get L7 Access ProfileAPI will get L7 Access Profile |
GET /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id} |
Create or update L7 Access ProfileAPI will create/update L7 Access Profile |
PATCH /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id} |
Update L7 Access ProfileAPI will update L7 Access Profile |
PUT /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id} |
List l7 access profile entriesAPI will list all l7 access profiles entries |
GET /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries |
Delete L7 Access Profile entryAPI will delete L7 Access Profile entry |
DELETE /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id} |
Read L7 Access Profile entryRead Friewall L7 Access Profile entry |
GET /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id} |
Create or update L7 Access Profile entryAPI will create/update L7 Access Profile entry |
PATCH /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id} |
Create L7 Access Profile entryAPI will create L7 Access Profile entry |
PUT /policy/api/v1/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/{l7-access-profile-id}/entries/{l7-access-entry-id} |
List Policy L7 access profile supported attributes and sub-attributesReturns supported attribute and sub-attributes for specified attribute key with their supported values, if provided in query/request parameter, else will fetch all supported attributes and sub-attributes for all supported attribute keys. |
GET /policy/api/v1/infra/l7-access-profiles/attributes
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/l7-access-profiles/attributes |
Get groups for which the given pod is a memberGet policy groups for which the given pod is a member. |
GET /policy/api/v1/infra/pod-group-associations
GET /policy/api/v1/global-infra/pod-group-associations |
Listing of Virtual machines on the NSX ManagerThis API filters objects of type virtual machines from the specified NSX Manager. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines
(Deprecated)
|
Apply tags on virtual machineAllows an admin to apply multiple tags to a virtual machine. This operation does not store the intent on the policy side. It applies the tag directly on the specified enforcement point. This operation will replace the existing tags on the virtual machine with the ones that have been passed. If the application of tag fails on the enforcement point, then an error is reported. The admin will have to retry the operation again. Policy framework does not perform a retry. Failure could occur due to multiple reasons. For e.g enforcement point is down, Enforcement point could not apply the tag due to constraints like max tags limit exceeded, etc. |
POST /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines?action=update_tags
(Deprecated)
|
Read the details of a virtual machine on the NSX ManagerThis API return optional details about a virtual machines (e.g. user login session) from the specified enforcement point. In case of NSXT, virtual-machine-id would be the value of the external_id of the virtual machine. |
GET /policy/api/v1/infra/realized-state/enforcement-points/{enforcement-point-name}/virtual-machines/{virtual-machine-id}/details
|
Lists all the system excluded virtual machines.Lists all the system virtual machines that are auto excluded in firewall exclude list (example -Partner and Edge VMs etc) |
GET /policy/api/v1/infra/realized-state/system-excluded-virtual-machines
|
Lists all the system virtual machines.Lists all the system virtual machines (example -Partner and Edge VMs etc) |
GET /policy/api/v1/infra/realized-state/system-virtual-machines
|
List all virtual machines which are not part of any groupThis API filters objects of type virtual machine which are not part of any group. This API also gives some VM details such as VM name, IDs and the current state of the VMs. |
GET /policy/api/v1/infra/realized-state/unassociated-virtual-machines
|
List all virtual machinesThis API filters objects of type virtual machine. This API also gives some VM details such as VM name, IDs and the current state of the VMs. |
GET /policy/api/v1/infra/realized-state/virtual-machines
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/virtual-machines |
Apply tags on virtual machineAllows an admin to apply multiple tags to a virtual machine. This operation does not store the intent on the policy side. It applies the tag directly on the specified enforcement point. This operation will replace the existing tags on the virtual machine with the ones that have been passed. If the application of tag fails on the enforcement point, then an error is reported. The admin will have to retry the operation again. Policy framework does not perform a retry. Failure could occur due to multiple reasons. For e.g enforcement point is down, Enforcement point could not apply the tag due to constraints like max tags limit exceeded, etc. NOTE: The "virtual_machine_id" field in the payload will be ignored and the virtual machine ID provided in the URL will be honored. |
POST /policy/api/v1/infra/realized-state/virtual-machines/{virtual-machine-id}/tags
POST /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/realized-state/virtual-machines/{virtual-machine-id}/tags |
List Services for infraPaginated list of Services for infra. |
GET /policy/api/v1/infra/services
GET /policy/api/v1/global-infra/services GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services |
Delete ServiceDelete Service |
DELETE /policy/api/v1/infra/services/{service-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id} |
Read a serviceRead a service |
GET /policy/api/v1/infra/services/{service-id}
GET /policy/api/v1/global-infra/services/{service-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id} |
Patch a ServiceCreate a new service if a service with the given ID does not already exist. Creates new service entries if populated in the service. If a service with the given ID already exists, patch the service including the nested service entries. |
PATCH /policy/api/v1/infra/services/{service-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id} |
Create or update a ServiceCreate a new service if a service with the given ID does not already exist. Creates new service entries if populated in the service. If a service with the given ID already exists, update the service including the nested service entries. This is a full replace. |
PUT /policy/api/v1/infra/services/{service-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id} |
List Service entries for the given servicePaginated list of Service entries for the given service |
GET /policy/api/v1/infra/services/{service-id}/service-entries
GET /policy/api/v1/global-infra/services/{service-id}/service-entries GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries |
Delete Service entryDelete Service entry |
DELETE /policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}
DELETE /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id} |
Service entryService entry |
GET /policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}
GET /policy/api/v1/global-infra/services/{service-id}/service-entries/{service-entry-id} GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id} |
Patch a ServiceEntryIf a service entry with the service-entry-id is not already present, create a new service entry. If it already exists, patch the service entry. |
PATCH /policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}
PATCH /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id} |
Create or update a ServiceEntryIf a service entry with the service-entry-id is not already present, create a new service entry. If it already exists, update the service entry. |
PUT /policy/api/v1/infra/services/{service-id}/service-entries/{service-entry-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/services/{service-id}/service-entries/{service-entry-id} |
List static mime contentsAPI will list all static mime contents |
GET /policy/api/v1/infra/static-mime-contents
|
Delete static Mime contentAPI will delete static mime content |
DELETE /policy/api/v1/infra/static-mime-contents/{static-mime-content-id}
|
Get Static Mime contentAPI will get static mime content |
GET /policy/api/v1/infra/static-mime-contents/{static-mime-content-id}
|
Create or update static mime content idAPI will create/update static mime content id |
PATCH /policy/api/v1/infra/static-mime-contents/{static-mime-content-id}
|
Update static mime content idAPI will create/update static mime content id |
PUT /policy/api/v1/infra/static-mime-contents/{static-mime-content-id}
|
List all unique tags.Returns paginated list of all unique tags. Supports filtering by scope, tag and source from which tags are synced. Supports starts with, ends with, equals and contains operators on scope and tag values. To filter tags by starts with on scope or tag, use '*' as suffix after the value. To filter tags by ends with on scope or tag, use '*' as prefix before the value. To filter tags by contain on scope or tag, use '*' as prefix and suffix on the value. Below special characters in the filter value needs to be escaped with hex values. - Character '&' needs to be escaped as '%26' - Character '[' needs to be escaped as '%5B' - Character ']' needs to be escaped as '%5D' - Character '+' needs to be escaped as '%2B' - Character '#' needs to be escaped as '%23' Sort option for list of unique tags is available only on tag and scope properties. |
GET /policy/api/v1/infra/tags
GET /policy/api/v1/global-infra/tags GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags |
List all objects assigned with matching scope and tag valuesPaginated list of all objects assigned with matching scope and tag values. Objects are represented in form of resource reference. Sort option is available only on target_type and target_display_name properties. |
GET /policy/api/v1/infra/tags/effective-resources
GET /policy/api/v1/global-infra/tags/effective-resources GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/effective-resources |
Get details of tag bulk operation requestGet details of tag bulk operation request with which tag is applied or removed on virtual machines. |
GET /policy/api/v1/infra/tags/tag-operations/{operation-id}
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id} |
Assign or Unassign tag on multiple Virtual Machines.Tag can be assigned or unassigned on multiple objects. Supported object type is restricted to Virtual Machine for now and support for other objects will be added later. Permissions for tag bulk operation would be similar to virtual machine tag permissions. |
PUT /policy/api/v1/infra/tags/tag-operations/{operation-id}
PUT /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id} |
Get status of tag bulk operationGet status of tag bulk operation with details of tag operation on each virtual machine. |
GET /policy/api/v1/infra/tags/tag-operations/{operation-id}/status
GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/tags/tag-operations/{operation-id}/status |
Get groups for which the given VM is a memberGet policy groups for which the given VM is a member. |
GET /policy/api/v1/infra/virtual-machine-group-associations
GET /policy/api/v1/global-infra/virtual-machine-group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/virtual-machine-group-associations |
Get groups for which the given VIF is a memberGet policy groups for which the given VIF is a member. |
GET /policy/api/v1/infra/virtual-network-interface-group-associations
GET /policy/api/v1/global-infra/virtual-network-interface-group-associations GET /policy/api/v1/orgs/{org-id}/projects/{project-id}/infra/virtual-network-interface-group-associations |
List all VM tag replication policiesList all VM tag replication policies. |
GET /policy/api/v1/global-infra/vm-tag-replication-policies
|
Get the VM tag replication policy specified by idGet the VM tag replication policy specified by id. |
GET /policy/api/v1/global-infra/vm-tag-replication-policies/{id}
|
Additional
Links