info: description: VMware NSX-T Data Center Global Policy REST API title: NSX-T Data Center Global Policy API version: 3.0.1.0.0 schemes: - https produces: - application/json securityDefinitions: BasicAuth: description: HTTP Basic Authentication type: basic host: nsxmanager.your.domain security: - BasicAuth: [] swagger: '2.0' basePath: /global-manager/api/v1 version: 3.0.1.0.0 paths: /aaa/effective-permissions: get: consumes: - application/json description: | Returns none if user doesn't have access or feature_name from required request parameter is empty/invalid/doesn't match with object-path provided. operationId: GetPathPermissions parameters: - description: Feature name in: query name: feature_name required: true type: string - description: Exact object Policy path in: query name: object_path required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PathPermissionGroup' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get effective object permissions to object specified by path for current user. tags: - Policy, Authorization, Object, Permissions x-vmw-nsx-module: PolicyAuthz /aaa/ldap-identity-sources: get: consumes: - application/json description: |- Return a list of all configured LDAP identity sources. operationId: ListLdapIdentitySources parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List LDAP identity sources tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources/{ldap-identity-source-id}: delete: consumes: - application/json description: |- Delete an LDAP identity source. Users defined in that source will no longer be able to access NSX. operationId: DeleteLdapIdentitySource parameters: - in: path name: ldap-identity-source-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete an LDAP identity source tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources get: consumes: - application/json description: |- Return details about one LDAP identity source operationId: ReadLdapIdentitySource parameters: - in: path name: ldap-identity-source-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySource' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a single LDAP identity source tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources put: consumes: - application/json description: |- Update the configuration of an existing LDAP identity source. You may wish to verify the new configuration using the POST /aaa/ldap-identity-sources?action=probe API before changing the configuration. operationId: CreateOrUpdateLdapIdentitySource parameters: - in: path name: ldap-identity-source-id required: true type: string - in: body name: LdapIdentitySource required: true schema: $ref: '#/definitions/LdapIdentitySource' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySource' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update an existing LDAP identity source tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources/{ldap-identity-source-id}/search: post: consumes: - application/json description: |- Search the LDAP identity source for users and groups that match the given filter_value. In most cases, the LDAP source performs a case-insensitive search. operationId: SearchLdapIdentitySource parameters: - in: path name: ldap-identity-source-id required: true type: string - description: Search filter value in: query name: filter_value type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySourceSearchResultList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Search the LDAP identity source tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources/{ldap-identity-source-id}?action=probe: post: consumes: - application/json description: |- Attempt to connect to an existing LDAP identity source and report any errors encountered. operationId: ProbeConfiguredLdapIdentitySourceProbe parameters: - in: path name: ldap-identity-source-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySourceProbeResults' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Test the configuration of an existing LDAP identity source tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources?action=fetch_certificate: post: consumes: - application/json description: |- Attempt to connect to an LDAP server and retrieve the server certificate it presents. operationId: FetchIdentitySourceLdapServerCertificateFetch_certificate parameters: - in: body name: IdentitySourceLdapServerEndpoint required: true schema: $ref: '#/definitions/IdentitySourceLdapServerEndpoint' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PeerCertificateChain' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetch the server certificate of an LDAP server tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources?action=probe_identity_source: post: consumes: - application/json description: |- Verify that the configuration of an LDAP identity source is correct before actually creating the source. operationId: ProbeUnconfiguredLdapIdentitySourceProbe_identity_source parameters: - in: body name: LdapIdentitySource required: true schema: $ref: '#/definitions/LdapIdentitySource' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LdapIdentitySourceProbeResults' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Probe an LDAP identity source tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources /aaa/ldap-identity-sources?action=probe_ldap_server: post: consumes: - application/json description: |- Attempt to connect to an LDAP server and ensure that the server can be contacted using the given URL and authentication credentials. operationId: ProbeIdentitySourceLdapServerProbe_ldap_server parameters: - in: body name: IdentitySourceLdapServer required: true schema: $ref: '#/definitions/IdentitySourceLdapServer' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IdentitySourceLdapServerProbeResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Test an LDAP server tags: - System, Administration, Settings, User, Management, Ldap, Identity, Sources x-vmw-nsx-module: LdapIdentitySources /aaa/object-permissions: delete: consumes: - application/json description: |- Delete object-permissions entries operationId: DeleteObjectPermissions parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: false description: Does children of this object inherit this rule in: query name: inheritance_disabled required: false type: boolean - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Path prefix in: query name: path_prefix required: false type: string - description: Role name in: query name: role_name required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete object-permissions entries tags: - Policy, Authorization, Object, Permissions x-vmw-nsx-module: PolicyAuthz get: consumes: - application/json description: |- Get list of Object-level RBAC entries. operationId: GetObjectPermissions parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: false description: Does children of this object inherit this rule in: query name: inheritance_disabled required: false type: boolean - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Path prefix in: query name: path_prefix required: false type: string - description: Role name in: query name: role_name required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ObjectRolePermissionGroupListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get list of Object-level RBAC entries. tags: - Policy, Authorization, Object, Permissions x-vmw-nsx-module: PolicyAuthz patch: consumes: - application/json description: |- Create/update object permission mappings operationId: UpdateObjectPermissions parameters: - in: body name: ObjectRolePermissionGroup required: true schema: $ref: '#/definitions/ObjectRolePermissionGroup' produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create/update object permission mappings tags: - Policy, Authorization, Object, Permissions x-vmw-nsx-module: PolicyAuthz /aaa/registration-token: post: consumes: - application/json description: |- The privileges of the registration token will be the same as the caller. operationId: CreateRegistrationToken produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RegistrationToken' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create registration access token tags: - System, Administration, Settings, User, Management, Access, Token x-vmw-nsx-module: RegistrationTokenEndPoint /aaa/registration-token/{token}: delete: consumes: - application/json description: |- Delete registration access token operationId: DeleteRegistrationToken parameters: - description: |- Registration token in: path name: token required: true type: string produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete registration access token tags: - System, Administration, Settings, User, Management, Access, Token x-vmw-nsx-module: RegistrationTokenEndPoint get: consumes: - application/json description: |- Get registration access token operationId: GetRegistrationToken parameters: - description: |- Registration token in: path name: token required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RegistrationToken' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get registration access token tags: - System, Administration, Settings, User, Management, Access, Token x-vmw-nsx-module: RegistrationTokenEndPoint /aaa/role-bindings: get: consumes: - application/json description: |- Get all users and groups with their roles operationId: GetAllRoleBindings parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Identity source ID in: query name: identity_source_id required: false type: string - description: Identity source type enum: - VIDM - LDAP in: query name: identity_source_type required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: User/Group name in: query name: name required: false type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Role ID in: query name: role required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type enum: - remote_user - remote_group - local_user - principal_identity in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleBindingListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all users and groups with their roles tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA post: consumes: - application/json description: | When assigning a user role, specify the user name with the same case as it appears in vIDM to access the NSX-T user interface. For example, if vIDM has the user name User1@example.com then the name attribute in the API call must be be User1@example.com and cannot be user1@example.com. operationId: CreateRoleBinding parameters: - in: body name: RoleBinding required: true schema: $ref: '#/definitions/RoleBinding' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleBinding' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Assign roles to User or Group tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA /aaa/role-bindings/{binding-id}: delete: consumes: - application/json description: |- Delete user/group's roles assignment operationId: DeleteRoleBinding parameters: - description: |- User/Group's id in: path name: binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete user/group's roles assignment tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA get: consumes: - application/json description: |- Get user/group's role information operationId: GetRoleBinding parameters: - description: |- User/Group's id in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleBinding' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get user/group's role information tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA put: consumes: - application/json description: |- Update User or Group's roles operationId: UpdateRoleBinding parameters: - description: |- User/Group's id in: path name: binding-id required: true type: string - in: body name: RoleBinding required: true schema: $ref: '#/definitions/RoleBinding' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleBinding' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update User or Group's roles tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA /aaa/role-bindings?action=delete_stale_bindings: post: consumes: - application/json description: |- Delete all stale role assignments operationId: DeleteAllStaleRoleBindingsDelete_stale_bindings responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete all stale role assignments tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA /aaa/roles: get: consumes: - application/json description: |- Get information about all roles operationId: GetAllRolesInfo produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get information about all roles tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA /aaa/roles-with-feature-permissions: get: consumes: - application/json description: |- Get information about all roles with features and their permissions operationId: ListRolesInfo parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleWithFeaturesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get information about all roles with features and their permissions tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA /aaa/roles/{role}: get: consumes: - application/json description: |- Get role information operationId: GetRoleInfo parameters: - description: |- Role id in: path name: role required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoleWithFeatures' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get role information tags: - System, Administration, Settings, User, Management, Roles x-vmw-nsx-module: AAA /aaa/user-info: get: consumes: - application/json description: |- Get information about logged-in user. The permissions parameter of the NsxRole has been deprecated. operationId: GetCurrentUserInfo produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/UserInfo' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get information about logged-in user. The permissions parameter of the NsxRole has been deprecated. tags: - System, Administration, Settings, User, Management, Users x-vmw-nsx-module: AAA /aaa/vidm/groups: get: consumes: - application/json description: |- Get all the User Groups where vIDM display name matches the search key case insensitively. The search key is checked to be a substring of display name. This is a non paginated API. operationId: GetGroupVidmSearchResult parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: 'Search string to search for. ' in: query name: search_string required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/VidmInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all the User Groups where vIDM display name matches the search key case insensitively. The search key is checked to be a substring of display name. This is a non paginated API. tags: - System, Administration, Settings, User, Management, Vidm, Configuration x-vmw-nsx-module: AAA /aaa/vidm/search: post: consumes: - application/json description: |- Get all the users and groups from vIDM matching the search key case insensitively. The search key is checked to be a substring of name or given name or family name of user and display name of group. This is a non paginated API. operationId: GetVidmSearchResult parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: 'Search string to search for. ' in: query name: search_string required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/VidmInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all the users and groups from vIDM matching the search key case insensitively. The search key is checked to be a substring of name or given name or family name of user and display name of group. This is a non paginated API. tags: - System, Administration, Settings, User, Management, Vidm, Configuration x-vmw-nsx-module: AAA /aaa/vidm/users: get: consumes: - application/json description: |- Get all the users from vIDM whose userName, givenName or familyName matches the search key case insensitively. The search key is checked to be a substring of name or given name or family name. This is a non paginated API. operationId: GetUserVidmSearchResult parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: 'Search string to search for. ' in: query name: search_string required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/VidmInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all the users from vIDM whose userName, givenName or familyName matches the search key case insensitively. The search key is checked to be a substring of name or given name or family name. This is a non paginated API. tags: - System, Administration, Settings, User, Management, Vidm, Configuration x-vmw-nsx-module: AAA /batch: post: consumes: - application/json description: | Enables you to make multiple API requests using a single request. The batch API takes in an array of logical HTTP requests represented as JSON arrays. Each request has a method (GET, PUT, POST, or DELETE), a relative_url (the portion of the URL after https://<nsx-mgr>/api/), optional headers array (corresponding to HTTP headers) and an optional body (for POST and PUT requests). The batch API returns an array of logical HTTP responses represented as JSON arrays. Each response has a status code, an optional headers array and an optional body (which is a JSON-encoded string). operationId: RegisterBatchRequest parameters: - in: body name: BatchRequest required: true schema: $ref: '#/definitions/BatchRequest' - default: false description: transactional atomicity for the batch of requests embedded in the batch list in: query name: atomic required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BatchResponse' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Register a Collection of API Calls at a Single End Point tags: - System, Administration, Configuration, Nsx, Managers, Api, Services, Api, Request, Batching x-vmw-nsx-module: Batch /cluster/backups/config: get: consumes: - application/json description: | Get a configuration of a file server and timers for automated backup. Fields that contain secrets (password, passphrase) are not returned. operationId: GetBackupConfig produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BackupConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get backup configuration tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Backup x-vmw-nsx-module: BackupConfiguration put: consumes: - application/json description: | Configure file server and timers for automated backup. If secret fields are omitted (password, passphrase) then use the previously set value. operationId: ConfigureBackupConfig parameters: - in: body name: BackupConfiguration required: true schema: $ref: '#/definitions/BackupConfiguration' - default: LOCAL_LOCAL_MANAGER description: Frame type enum: - GLOBAL_MANAGER - LOCAL_MANAGER - LOCAL_LOCAL_MANAGER - NSX_INTELLIGENCE in: query name: frame_type required: false type: string - default: localhost description: Site ID in: query name: site_id required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BackupConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Configure backup tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/backups/history: get: consumes: - application/json description: | Get history of previous backup operations operationId: GetBackupHistory produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BackupOperationHistory' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get backup history tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/backups/overview: get: consumes: - application/json description: | Get a configuration of a file server, timers for automated backup, latest backup status, backups list for a site. Fields that contain secrets (password, passphrase) are not returned. operationId: GetBackupOverview parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: LOCAL_LOCAL_MANAGER description: Frame type enum: - GLOBAL_MANAGER - LOCAL_MANAGER - LOCAL_LOCAL_MANAGER - NSX_INTELLIGENCE in: query name: frame_type required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - default: true description: Need a list of backups in: query name: show_backups_list required: false type: boolean - default: localhost description: Site ID in: query name: site_id required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BackupOverview' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get all backup related information for a site tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/backups/status: get: consumes: - application/json description: | Get status of active backup operations operationId: GetBackupStatus produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CurrentBackupOperationStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get backup status tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/backups?action=retrieve_ssh_fingerprint: post: consumes: - application/json description: | Get SHA256 fingerprint of ECDSA key of remote server. The caller should independently verify that the key is trusted. operationId: GetSshFingerprintOfServerRetrieve_ssh_fingerprint parameters: - in: body name: RemoteServerFingerprintRequest required: true schema: $ref: '#/definitions/RemoteServerFingerprintRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RemoteServerFingerprint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ssh fingerprint of remote(backup) server tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster/restore/backuptimestamps: get: consumes: - application/json description: | Returns timestamps for all backup files that are available on the SFTP server. operationId: ListClusterBackupTimestamps parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterBackupInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List timestamps of all available Cluster Backups. tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore/instruction-resources: get: consumes: - application/json description: | For restore operations requiring user input e.g. performing an action, accepting/rejecting an action, etc. the information to be conveyed to users is provided in this call. operationId: ListRestoreInstructionResources parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Id of the instruction set whose instructions are to be returned in: query name: instruction_id required: true type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ActionableResourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | List resources for a given instruction, to be shown to/executed by users. tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=advance: post: consumes: - application/json description: | Advance any currently suspended restore operation. The operation might have been suspended because (1) the user had suspended it previously, or (2) the operation is waiting for user input, to be provided as a part of the POST request body. This operation is only valid when a GET cluster/restore/status returns a status with value SUSPENDED. Otherwise, a 409 response is returned. operationId: AdvanceClusterRestoreAdvance parameters: - in: body name: AdvanceClusterRestoreRequest required: true schema: $ref: '#/definitions/AdvanceClusterRestoreRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Advance any suspended restore operation tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=cancel: post: consumes: - application/json description: | This operation is only valid when a restore is in suspended state. The UI user can cancel any restore operation when the restore is suspended either due to an error, or for a user input. The API user would need to monitor the progression of a restore by calling periodically "/api/v1/cluster/restore/status" API. The response object (ClusterRestoreStatus), contains a field "endpoints". The API user can cancel the restore process if 'cancel' action is shown in the endpoint field. This operation is only valid when a GET cluster/restore/status returns a status with value SUSPENDED. operationId: CancelClusterRestoreCancel produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Cancel any running restore operation tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=retry: post: consumes: - application/json description: | Retry any currently in-progress, failed restore operation. Only the last step of the multi-step restore operation would have failed,and only that step is retried. This operation is only valid when a GET cluster/restore/status returns a status with value FAILED. Otherwise, a 409 response is returned. operationId: RetryClusterRestoreRetry produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Retry any failed restore operation tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=start: post: consumes: - application/json description: | Start the restore of an NSX cluster, from some previously backed-up configuration. This operation is only valid when a GET cluster/restore/status returns a status with value NOT_STARTED. Otherwise, a 409 response is returned. operationId: InitiateClusterRestoreStart parameters: - in: body name: InitiateClusterRestoreRequest required: true schema: $ref: '#/definitions/InitiateClusterRestoreRequest' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Initiate a restore operation tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Restore x-vmw-nsx-module: ClusterRestore /cluster/restore?action=suspend: post: consumes: - application/json description: | Suspend any currently running restore operation. The restore operation is made up of a number of steps. When this call is issued, any currently running step is allowed to finish (successfully or with errors), and the next step (and therefore the entire restore operation) is suspended until a subsequent resume or cancel call is issued. This operation is only valid when a GET cluster/restore/status returns a status with value RUNNING. Otherwise, a 409 response is returned. operationId: SuspendClusterRestoreSuspend produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ClusterRestoreStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '409': description: Conflict schema: $ref: '#/definitions/ClusterRestoreStatus' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Suspend any running restore operation tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Restore x-vmw-nsx-module: ClusterRestore /cluster?action=backup_to_remote: post: consumes: - application/json description: | Request one-time backup. The backup will be uploaded using the same server configuration as for automatic backup. operationId: RequestOnetimeBackupBackup_to_remote parameters: - default: LOCAL_LOCAL_MANAGER description: Frame type enum: - GLOBAL_MANAGER - LOCAL_MANAGER - LOCAL_LOCAL_MANAGER - NSX_INTELLIGENCE in: query name: frame_type required: false type: string - default: localhost description: Site ID in: query name: site_id required: false type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Request one-time backup tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Backup x-vmw-nsx-module: BackupConfiguration /cluster?action=summarize_inventory_to_remote: post: consumes: - application/json description: | Request one-time inventory summary. The backup will be uploaded using the same server configuration as for an automatic backup. operationId: RequestOnetimeInventorySummarySummarize_inventory_to_remote responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Request one-time inventory summary. tags: - System, Administration, Lifecycle, Management, Backup, Restore, Management, Backup x-vmw-nsx-module: BackupConfiguration /compliance/status: get: consumes: - application/json description: |- Returns the compliance status and details of non compliant configuration operationId: GetPolicyComplianceStatus produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyComplianceStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns the compliance status tags: - Policy, Operations, Compliance x-vmw-nsx-module: PolicyCompliance /configs/management: get: consumes: - application/json description: | Returns the NSX Management nodes global configuration. operationId: ReadManagementConfig produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ManagementConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read NSX Management nodes global configuration. tags: - System, Administration, Configuration, Nsx, Managers, Manager, Configuration x-vmw-nsx-module: ConfigManagement put: consumes: - application/json description: |- Modifies the NSX Management nodes global configuration. operationId: UpdateManagementConfig parameters: - in: body name: ManagementConfig required: true schema: $ref: '#/definitions/ManagementConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ManagementConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update NSX Management nodes global configuration tags: - System, Administration, Configuration, Nsx, Managers, Manager, Configuration x-vmw-nsx-module: ConfigManagement /error-resolver: get: consumes: - application/json description: | Returns a list of metadata for all the error resolvers registered. operationId: ListErrorResolverInfo produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ErrorResolverInfoList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetches a list of metadata for all the registered error resolvers tags: - System, Administration, Monitoring, Error, Resolver x-vmw-nsx-module: ErrorResolver /error-resolver/{error_id}: get: consumes: - application/json description: | Returns some metadata about the given error_id. This includes information of whether there is a resolver present for the given error_id and its associated user input data operationId: GetErrorResolverInfo parameters: - in: path name: error_id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ErrorResolverInfo' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetches metadata about the given error_id tags: - System, Administration, Monitoring, Error, Resolver x-vmw-nsx-module: ErrorResolver /error-resolver?action=resolve_error: post: consumes: - application/json description: | Invokes the corresponding error resolver for the given error(s) present in the payload operationId: ResolveErrorResolve_error parameters: - in: body name: ErrorResolverMetadataList required: true schema: $ref: '#/definitions/ErrorResolverMetadataList' responses: '204': description: No Content '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Resolves the error tags: - System, Administration, Monitoring, Error, Resolver x-vmw-nsx-module: ErrorResolver /eula/accept: post: consumes: - application/json description: | Accept end user license agreement operationId: AcceptEULA produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Accept end user license agreement tags: - System, Administration, Settings, Licenses x-vmw-nsx-module: EULA /eula/acceptance: get: consumes: - application/json description: | Return the acceptance status of end user license agreement operationId: GetEULAAcceptance produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EULAAcceptance' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Return the acceptance status of end user license agreement tags: - System, Administration, Settings, Licenses x-vmw-nsx-module: EULA /eula/content: get: consumes: - application/json description: | Return the content of end user license agreement in the specified format. By default, it's pure string without line break operationId: GetEULAContent parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: End User License Agreement content output format in: query name: value_format type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EULAContent' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Return the content of end user license agreement tags: - System, Administration, Settings, Licenses x-vmw-nsx-module: EULA /fine-tuning/resources: get: consumes: - application/json description: | This API provides field names of attributes in NSX types that are owned by Policy, as opposed to those owned by the enforcement point. For any type on NSX, some of the attributes of that type may be owned and set by Policy when realizing the intent, while some others may be owned and set by the enforcement point itself. This information can be used to disable updates to Policy owned attributes by the advanced networking UI, while allowing tweaking to the attributes owned by the management plane. operationId: ListResourceInfo parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type query in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ResourceInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- For each type of entity what are the attributes owned by policy. tags: - Policy, Operations, Finetuning x-vmw-nsx-module: PolicyFineTuning /global-infra: get: consumes: - application/json description: | Read infra. Returns only the infra related properties. Inner object are not populated. operationId: ReadInfra parameters: - description: Filter string as java regex in: query name: filter required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Infra' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read infra tags: - Policy, Infra, Hierarchical, API x-vmw-nsx-module: Policy patch: consumes: - application/json description: | Patch API at infra level can be used in two flavours 1. Like a regular API to update Infra object 2. Hierarchical API: To create/update/delete entire or part of intent hierarchy Hierarchical API: Provides users a way to create entire or part of intent in single API invocation. Input is expressed in a tree format. Each node in tree can have multiple children of different types. System will resolve the dependecies of nodes within the intent tree and will create the model. Children for any node can be specified using ChildResourceReference or ChildPolicyConfigResource. If a resource is specified using ChildResourceReference then it will not be updated only its children will be updated. If Object is specified using ChildPolicyConfigResource, object along with its children will be updated. Hierarchical API can also be used to delete any sub-branch of entire tree. operationId: PatchInfra parameters: - in: body name: Infra required: true schema: $ref: '#/definitions/Infra' - default: false description: Force revision check in: query name: enforce_revision_check required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the infra including all the nested entities tags: - Policy, Infra, Hierarchical, API x-vmw-nsx-module: Policy put: consumes: - application/json description: |- Update the infra including all the nested entities operationId: UpdateInfra parameters: - in: body name: Infra required: true schema: $ref: '#/definitions/Infra' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Infra' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the infra including all the nested entities tags: - Policy, Infra, Hierarchical, API x-vmw-nsx-module: Policy /global-infra/bfd-profiles: get: consumes: - application/json description: | Paginated list of all BfdProfiles. operationId: ListBfdProfile parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BfdProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List BfdProfiles tags: - Policy, Networking, Networking, Profiles, BFD, Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/bfd-profiles/{bfd-profile-id}: delete: consumes: - application/json description: |- Delete BFD Config and all the entities contained by this BfdProfile. operationId: DeleteBfdProfile parameters: - description: |- BfdProfile ID in: path name: bfd-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete BFD Config and all the entities contained by this BfdProfile tags: - Policy, Networking, Networking, Profiles, BFD, Profiles x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read a BfdProfile. operationId: ReadBfdProfile parameters: - description: |- BfdProfile ID in: path name: bfd-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BfdProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a BfdProfile tags: - Policy, Networking, Networking, Profiles, BFD, Profiles x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a BfdProfile with the bfd-profile-id is not already present, create a new BfdProfile. If it already exists, update the BfdProfile. This operation will fully replace the object. operationId: PatchBfdProfile parameters: - description: |- BfdProfile ID in: path name: bfd-profile-id required: true type: string - in: body name: BfdProfile required: true schema: $ref: '#/definitions/BfdProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BfdProfile tags: - Policy, Networking, Networking, Profiles, BFD, Profiles x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a BfdProfile with the bfd-profile-id is not already present, create a new BfdProfile. If it already exists, update the BfdProfile. This operation will fully replace the object. operationId: UpdateBfdProfile parameters: - description: |- BfdProfile ID in: path name: bfd-profile-id required: true type: string - in: body name: BfdProfile required: true schema: $ref: '#/definitions/BfdProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BfdProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BfdProfile tags: - Policy, Networking, Networking, Profiles, BFD, Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/certificates: get: consumes: - application/json description: | Returns all certificate information viewable by the user, including each certificate's id; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. operationId: ListTlsCertificates parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type of certificate to return enum: - cluster_api_certificate in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCertificateList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return All the User-Facing Components' Certificates tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate /global-infra/certificates/{certificate-id}: delete: consumes: - application/json description: | Removes the specified certificate. The private key associated with the certificate is also deleted. operationId: DeleteTlsCertificate parameters: - description: |- ID of certificate to delete in: path name: certificate-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Certificate for the Given Certificate ID tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate get: consumes: - application/json description: | Returns information for the specified certificate ID, including the certificate's id; resource_type (for example, certificate_self_signed, certificate_ca, or certificate_signed); pem_encoded data; and history of the certificate (who created or modified it and when). For additional information, include the ?details=true modifier at the end of the request URI. operationId: GetTlsCertificate parameters: - description: |- ID of certificate to read in: path name: certificate-id required: true type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCertificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Show Certificate Data for the Given Certificate ID tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate patch: consumes: - application/json description: | Adds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. This patch method does not modify an existing certificate. operationId: PatchTlsCertificate parameters: - in: path name: certificate-id required: true type: string - in: body name: TlsTrustData required: true schema: $ref: '#/definitions/TlsTrustData' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Add a New Certificate tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate put: consumes: - application/json description: | Adds a new private-public certificate and, optionally, a private key that can be applied to one of the user-facing components (appliance management or edge). The certificate and the key should be stored in PEM format. If no private key is provided, the certificate is used as a client certificate in the trust store. A certificate chain will not be expanded into separate certificate instances for reference, but would be pushed to the enforcement point as a single certificate. operationId: AddTlsCertificate parameters: - in: path name: certificate-id required: true type: string - in: body name: TlsTrustData required: true schema: $ref: '#/definitions/TlsTrustData' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCertificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Add a New Certificate tags: - Policy, Infra, Certificates, Certificates x-vmw-nsx-module: PolicyCertificate /global-infra/constraints: get: consumes: - application/json description: |- List tenant constraints. operationId: ListTenantConstraints parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConstraintListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List tenant Constraints. tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints /global-infra/constraints/{constraint-id}: delete: consumes: - application/json description: |- Delete tenant constraint. operationId: DeleteTenantConstraint parameters: - in: path name: constraint-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete tenant Constraint. tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints get: consumes: - application/json description: |- Read tenant constraint. operationId: ReadTenantConstraint parameters: - in: path name: constraint-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Constraint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read tenant Constraint. tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints patch: consumes: - application/json description: | Create tenant constraint if not exists, otherwise update the existing constraint. operationId: PatchTenantConstraint parameters: - in: path name: constraint-id required: true type: string - in: body name: Constraint required: true schema: $ref: '#/definitions/Constraint' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update tenant Constraint tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints put: consumes: - application/json description: | Create tenant constraint if it does not exist, otherwise replace the existing constraint. operationId: CreateOrReplaceTenantConstraint parameters: - in: path name: constraint-id required: true type: string - in: body name: Constraint required: true schema: $ref: '#/definitions/Constraint' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Constraint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update tenant Constraint tags: - Policy, Infra, Constraints x-vmw-nsx-module: PolicyConstraints /global-infra/context-profiles: get: consumes: - application/json description: | Get all PolicyContextProfiles operationId: ListPolicyContextProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyContextProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get PolicyContextProfiles tags: - Policy, Inventory, Context, Profiles x-vmw-nsx-module: PolicyContextProfile /global-infra/context-profiles/attributes: get: consumes: - application/json description: | Returns supported attribute and sub-attributes for specified attribute key with their supported values, if provided in query/request parameter, else will fetch all supported attributes and sub-attributes for all supported attribute keys. Alternatively, to get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes operationId: ListProfileSupportedAttributes parameters: - description: Fetch attributes and sub-attributes for the given attribute key in: query name: attribute_key required: false type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyContextProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Policy Context Profile supported attributes and sub-attributes tags: - Policy, Inventory, Context, Profiles x-vmw-nsx-module: PolicyContextProfile /global-infra/context-profiles/{context-profile-id}: delete: consumes: - application/json description: | Deletes the specified Policy Context Profile. If the Policy Context Profile is consumed in a firewall rule, it won't get deleted. operationId: DeletePolicyContextProfile parameters: - description: |- Policy Context Profile Id in: path name: context-profile-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean - default: false description: Delete the locally overriden global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Policy Context Profile tags: - Policy, Inventory, Context, Profiles x-vmw-nsx-module: PolicyContextProfile get: consumes: - application/json description: | Get a single PolicyContextProfile by id operationId: GetPolicyContextProfile parameters: - in: path name: context-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyContextProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get PolicyContextProfile tags: - Policy, Inventory, Context, Profiles x-vmw-nsx-module: PolicyContextProfile patch: consumes: - application/json description: | Creates/Updates a PolicyContextProfile, which encapsulates attribute and sub-attributes of network services. Rules for using attributes and sub-attributes in single PolicyContextProfile 1. One type of attribute can't have multiple occurrences. ( Eg. - Attribute type APP_ID can be used only once per PolicyContextProfile.) 2. For specifying multiple values for an attribute, provide them in an array. 3. If sub-attribtes are mentioned for an attribute, then only single value is allowed for that attribute. 4. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes operationId: PatchCreateOrUpdatePolicyContextProfile parameters: - in: path name: context-profile-id required: true type: string - in: body name: PolicyContextProfile required: true schema: $ref: '#/definitions/PolicyContextProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create PolicyContextProfile tags: - Policy, Inventory, Context, Profiles x-vmw-nsx-module: PolicyContextProfile put: consumes: - application/json description: | Creates/Updates a PolicyContextProfile, which encapsulates attribute and sub-attributes of network services. Rules for using attributes and sub-attributes in single PolicyContextProfile 1. One type of attribute can't have multiple occurrences. ( Eg. - Attribute type APP_ID can be used only once per PolicyContextProfile.) 2. For specifying multiple values for an attribute, provide them in an array. 3. If sub-attribtes are mentioned for an attribute, then only single value is allowed for that attribute. 4. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes operationId: PutCreateOrUpdatePolicyContextProfile parameters: - in: path name: context-profile-id required: true type: string - in: body name: PolicyContextProfile required: true schema: $ref: '#/definitions/PolicyContextProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyContextProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create PolicyContextProfile tags: - Policy, Inventory, Context, Profiles x-vmw-nsx-module: PolicyContextProfile /global-infra/crls: get: consumes: - application/json description: | Returns information about all CRLs. For additional information, include the ?details=true modifier at the end of the request URI. operationId: ListTlsCrls parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Type of certificate to return enum: - cluster_api_certificate in: query name: type required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCrlListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Return All Added CRLs tags: - Policy, Infra, Certificates, Certification, Revocation, List x-vmw-nsx-module: PolicyCertificate /global-infra/crls/{crl-id}: delete: consumes: - application/json description: |- Deletes an existing CRL. operationId: DeleteTlsCrl parameters: - in: path name: crl-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a CRL tags: - Policy, Infra, Certificates, Certification, Revocation, List x-vmw-nsx-module: PolicyCertificate get: consumes: - application/json description: | Returns information about the specified CRL. For additional information, include the ?details=true modifier at the end of the request URI. operationId: GetTlsCrl parameters: - in: path name: crl-id required: true type: string - default: false description: whether to expand the pem data and show all its details in: query name: details required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCrl' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Show CRL Data for the Given CRL id. tags: - Policy, Infra, Certificates, Certification, Revocation, List x-vmw-nsx-module: PolicyCertificate patch: consumes: - application/json description: | Create or patch a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. operationId: CreateOrPatchTlsCrl parameters: - in: path name: crl-id required: true type: string - in: body name: TlsCrl required: true schema: $ref: '#/definitions/TlsCrl' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or patch a Certificate Revocation List tags: - Policy, Infra, Certificates, Certification, Revocation, List x-vmw-nsx-module: PolicyCertificate put: consumes: - application/json description: | Create or replace a Certificate Revocation List for the given id. The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL must contain PEM data for a single CRL. Revision is required. operationId: CreateOrUpdateTlsCrl parameters: - in: path name: crl-id required: true type: string - in: body name: TlsCrl required: true schema: $ref: '#/definitions/TlsCrl' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsCrl' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or fully replace a Certificate Revocation List tags: - Policy, Infra, Certificates, Certification, Revocation, List x-vmw-nsx-module: PolicyCertificate /global-infra/crls/{crl-id}?action=import: post: consumes: - application/json description: | Adds a new certificate revocation list (CRLs). The CRL is used to verify the client certificate status against the revocation lists published by the CA. For this reason, the administrator needs to add the CRL in certificate repository as well. The CRL can contain a single CRL or multiple CRLs depending on the PEM data. - Single CRL: a single CRL is created with the given id. - Composite CRL: multiple CRLs are generated. Each of the CRL is created with an id generated based on the given id. First CRL is created with crl-id, second with crl-id-1, third with crl-id-2, etc. operationId: CreateTlsCrlImport parameters: - in: path name: crl-id required: true type: string - in: body name: TlsCrl required: true schema: $ref: '#/definitions/TlsCrl' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/TlsCrlListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a new Certificate Revocation List tags: - Policy, Infra, Certificates, Certification, Revocation, List x-vmw-nsx-module: PolicyCertificate /global-infra/dhcp-relay-configs: get: consumes: - application/json description: | Paginated list of all DHCP relay config instances operationId: ListDhcpRelayConfig parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpRelayConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List DHCP relay config instances tags: - Policy, Networking, IP, Management, DHCP, DHCP, Relay, Configs x-vmw-nsx-module: PolicyConnectivity /global-infra/dhcp-relay-configs/{dhcp-relay-config-id}: delete: consumes: - application/json description: |- Delete DHCP relay configuration operationId: DeleteDhcpRelayConfig parameters: - description: |- DHCP relay config ID in: path name: dhcp-relay-config-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DHCP relay configuration tags: - Policy, Networking, IP, Management, DHCP, DHCP, Relay, Configs x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read DHCP relay configuration operationId: ReadDhcpRelayConfig parameters: - description: |- DHCP relay config ID in: path name: dhcp-relay-config-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpRelayConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP relay configuration tags: - Policy, Networking, IP, Management, DHCP, DHCP, Relay, Configs x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If DHCP relay config with the dhcp-relay-config-id is not already present, create a new DHCP relay config instance. If it already exists, update the DHCP relay config instance with specified attributes. operationId: PatchDhcpRelayConfig parameters: - description: |- DHCP relay config ID in: path name: dhcp-relay-config-id required: true type: string - in: body name: DhcpRelayConfig required: true schema: $ref: '#/definitions/DhcpRelayConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP relay configuration tags: - Policy, Networking, IP, Management, DHCP, DHCP, Relay, Configs x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If DHCP relay config with the dhcp-relay-config-id is not already present, create a new DHCP relay config instance. If it already exists, replace the DHCP relay config instance with this object. operationId: CreateOrReplaceDhcpRelayConfig parameters: - description: |- DHCP relay config ID in: path name: dhcp-relay-config-id required: true type: string - in: body name: DhcpRelayConfig required: true schema: $ref: '#/definitions/DhcpRelayConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpRelayConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP relay configuration tags: - Policy, Networking, IP, Management, DHCP, DHCP, Relay, Configs x-vmw-nsx-module: PolicyConnectivity /global-infra/dhcp-server-configs: get: consumes: - application/json description: | Paginated list of all DHCP server config instances operationId: ListDhcpServerConfig parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List DHCP server config instances tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configs x-vmw-nsx-module: PolicyConnectivity /global-infra/dhcp-server-configs/{config-id}/leases: get: consumes: - application/json description: |- Read DHCP server leases operationId: ReadDhcpServerLeases parameters: - in: path name: config-id required: true type: string - description: IP or MAC address in: query name: address required: false type: string - description: String Path of Tier0, Tier1 or Segment in: query name: connectivity_path required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Segment path to retrieve lease information in: query name: segment_path required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Data source type. enum: - realtime - cached in: query name: source required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpLeasesResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server leases tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configurations x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/dhcp-server-configs/{config-id}/state: get: consumes: - application/json description: |- Read DHCP server state operationId: ReadDhcpServerState parameters: - in: path name: config-id required: true type: string - description: String Path of Tier0, Tier1 or Segment in: query name: connectivity_path required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server state tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configurations x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/dhcp-server-configs/{config-id}/stats: get: consumes: - application/json description: |- Read DHCP server statistics operationId: ReadDhcpServerStats parameters: - in: path name: config-id required: true type: string - description: String Path of Tier0, Tier1 or Segment in: query name: connectivity_path required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server statistics tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configurations x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/dhcp-server-configs/{config-id}/status: get: consumes: - application/json description: |- Read DHCP server status operationId: ReadDhcpServerStatus parameters: - in: path name: config-id required: true type: string - description: String Path of Tier0, Tier1 or Segment in: query name: connectivity_path required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server status tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configurations x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/dhcp-server-configs/{dhcp-server-config-id}: delete: consumes: - application/json description: |- Delete DHCP server configuration operationId: DeleteDhcpServerConfig parameters: - description: |- DHCP server config ID in: path name: dhcp-server-config-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DHCP server configuration tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configs x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read DHCP server configuration operationId: ReadDhcpServerConfig parameters: - description: |- DHCP server config ID in: path name: dhcp-server-config-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP server configuration tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configs x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If DHCP server config with the dhcp-server-config-id is not already present, create a new DHCP server config instance. If it already exists, update the DHCP server config instance with specified attributes. Realized entities of this API can be found using the path of Tier-0, Tier1, or Segment where this config is applied on. Modification of edge_cluster_path in DhcpServerConfig will lose all existing DHCP leases. If both the preferred_edge_paths in the DhcpServerConfig are changed in a same PATCH API, e.g. change from [a,b] to [x,y], the current DHCP server leases will be lost, which could cause network connectivity issues. It is recommended to change only one member index in an update call, e.g. from [a, b] to [a,y]. Clearing preferred_edge_paths will not reassign edge nodes from the edge cluster. Instead, the previously-allocated edge nodes will be retained to avoid loss of leases. operationId: PatchDhcpServerConfig parameters: - description: |- DHCP server config ID in: path name: dhcp-server-config-id required: true type: string - in: body name: DhcpServerConfig required: true schema: $ref: '#/definitions/DhcpServerConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP server configuration tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configs x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If DHCP server config with the dhcp-server-config-id is not already present, create a new DHCP server config instance. If it already exists, replace the DHCP server config instance with this object. Realized entities of this API can be found using the path of Tier-0, Tier1, or Segment where this config is applied on. Modification of edge_cluster_path in DhcpServerConfig will lose all existing DHCP leases. If both the preferred_edge_paths in the DhcpServerConfig are changed in a same PUT API, e.g. change from [a,b] to [x,y], the current DHCP server leases will be lost, which could cause network connectivity issues. It is recommended to change only one member index in an update call, e.g. from [a, b] to [a,y]. Clearing preferred_edge_paths will not reassign edge nodes from the edge cluster. Instead, the previously-allocated edge nodes will be retained to avoid loss of leases. operationId: CreateOrReplaceDhcpServerConfig parameters: - description: |- DHCP server config ID in: path name: dhcp-server-config-id required: true type: string - in: body name: DhcpServerConfig required: true schema: $ref: '#/definitions/DhcpServerConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpServerConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP server configuration tags: - Policy, Networking, IP, Management, DHCP, DHCP, Server, Configs x-vmw-nsx-module: PolicyConnectivity /global-infra/dns-forwarder-zones: get: consumes: - application/json description: | Paginated list of all Dns Forwarder Zones operationId: ListPolicyDnsForwarderZone parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarderZoneListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Dns Forwarder Zones tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, DNS, Zones x-vmw-nsx-module: PolicyDnsForwarder /global-infra/dns-forwarder-zones/{dns-forwarder-zone-id}: delete: consumes: - application/json description: |- Delete the DNS Forwarder Zone operationId: DeletePolicyDnsForwarderZone parameters: - description: |- DNS Forwarder Zone ID in: path name: dns-forwarder-zone-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete the DNS Forwarder Zone tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, DNS, Zones x-vmw-nsx-module: PolicyDnsForwarder get: consumes: - application/json description: |- Read the DNS Forwarder Zone operationId: ReadPolicyDnsForwarderZone parameters: - description: |- DNS Forwarder Zone ID in: path name: dns-forwarder-zone-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarderZone' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the DNS Forwarder Zone tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, DNS, Zones x-vmw-nsx-module: PolicyDnsForwarder patch: consumes: - application/json description: |- Create or update the DNS Forwarder Zone operationId: PatchPolicyDnsForwarderZone parameters: - description: |- DNS Forwarder Zone ID in: path name: dns-forwarder-zone-id required: true type: string - in: body name: PolicyDnsForwarderZone required: true schema: $ref: '#/definitions/PolicyDnsForwarderZone' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update the DNS Forwarder Zone tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, DNS, Zones x-vmw-nsx-module: PolicyDnsForwarder put: consumes: - application/json description: |- Create or update the DNS Forwarder Zone operationId: UpdatePolicyDnsForwarderZone parameters: - description: |- DNS Forwarder Zone ID in: path name: dns-forwarder-zone-id required: true type: string - in: body name: PolicyDnsForwarderZone required: true schema: $ref: '#/definitions/PolicyDnsForwarderZone' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarderZone' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update the DNS Forwarder Zone tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, DNS, Zones x-vmw-nsx-module: PolicyDnsForwarder /global-infra/dns-security-profiles: get: consumes: - application/json description: |- List all DNS security profiles operationId: ListDnsSecurityProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all DNS security profiles tags: - Policy, Security, Security, Profiles, DNS, Security, Profiles x-vmw-nsx-module: PolicyProfile /global-infra/dns-security-profiles/{profile-id}: delete: consumes: - application/json description: |- Delete DNS security profile operationId: DeleteDnsSecurityProfile parameters: - in: path name: profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DNS security profile tags: - Policy, Security, Security, Profiles, DNS, Security, Profiles x-vmw-nsx-module: PolicyProfile get: consumes: - application/json description: |- Read the DNS Forwarder for the given tier-0 instance operationId: ReadDnsSecurityProfile parameters: - in: path name: profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the DNS Forwarder for the given tier-0 instance tags: - Policy, Security, Security, Profiles, DNS, Security, Profiles x-vmw-nsx-module: PolicyProfile patch: consumes: - application/json description: |- Create or update DNS security profile operationId: PatchDnsSecurityProfile parameters: - in: path name: profile-id required: true type: string - in: body name: DnsSecurityProfile required: true schema: $ref: '#/definitions/DnsSecurityProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DNS security profile tags: - Policy, Security, Security, Profiles, DNS, Security, Profiles x-vmw-nsx-module: PolicyProfile put: consumes: - application/json description: |- Create or update DNS security profile operationId: UpdateDnsSecurityProfile parameters: - in: path name: profile-id required: true type: string - in: body name: DnsSecurityProfile required: true schema: $ref: '#/definitions/DnsSecurityProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DNS security profile tags: - Policy, Security, Security, Profiles, DNS, Security, Profiles x-vmw-nsx-module: PolicyProfile /global-infra/domains: get: consumes: - application/json description: | Paginated list of all domains for infra. operationId: ListDomainForInfra parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DomainListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List domains for infra tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy /global-infra/domains/firewall-flood-protection-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall Flood Protection Profile Binding Maps across all domains. This API returns the binding maps order by the sequence number. operationId: ListFirewallFloodProtectionBindingsAcrossDomains parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Flood Protection Profile Binding Maps for all domains tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding /global-infra/domains/firewall-session-timer-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall Session Timer Profile Binding Maps across all domains. This API returns the binding maps order by the sequence number. operationId: ListFirewallSessionTimerBindingsAcrossDomains parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Session Timer Profile Binding Maps for all domains tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding /global-infra/domains/{domain-id}: delete: consumes: - application/json description: | Delete the domain along with all the entities contained by this domain. The groups that are a part of this domain are also deleted along with the domain. operationId: DeleteDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Domain and all the entities contained by this domain tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy get: consumes: - application/json description: | Read a domain. operationId: ReadDomainForInfra parameters: - description: |- Domain ID in: path name: domain-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Domain' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read domain tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a domain with the domain-id is not already present, create a new domain. If it already exists, patch the domain operationId: PatchDomainForInfra parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - in: body name: Domain required: true schema: $ref: '#/definitions/Domain' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a domain tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy put: consumes: - application/json description: | If a domain with the domain-id is not already present, create a new domain. If it already exists, update the domain including the nested groups. This is a full replace operationId: UpdateDomainForInfra parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - in: body name: Domain required: true schema: $ref: '#/definitions/Domain' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Domain' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a domain tags: - Policy, Infra, Domains, Domain x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/domain-deployment-maps: get: consumes: - application/json description: | Paginated list of all Domain Deployment Entries for infra. operationId: ListDomainDeploymentMapsForInfra parameters: - in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DomainDeploymentMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Domain Deployment maps for infra tags: - Policy, Infra, Domains, Domain, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/domains/{domain-id}/domain-deployment-maps/{domain-deployment-map-id}: delete: consumes: - application/json description: |- Delete Domain Deployment Map operationId: DeleteDomainDeploymentMap parameters: - in: path name: domain-id required: true type: string - in: path name: domain-deployment-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Domain Deployment Map tags: - Policy, Infra, Domains, Domain, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement get: consumes: - application/json description: | Read a Domain Deployment Map operationId: ReadDomainDeploymentMapForInfra parameters: - in: path name: domain-id required: true type: string - in: path name: domain-deployment-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DomainDeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a DomainDeploymentMap tags: - Policy, Infra, Domains, Domain, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement patch: consumes: - application/json description: | If the passed Domain Deployment Map does not already exist, create a new Domain Deployment Map. If it already exist, patch it. operationId: PatchDomainDeploymentMapForInfra parameters: - in: path name: domain-id required: true type: string - in: path name: domain-deployment-map-id required: true type: string - in: body name: DomainDeploymentMap required: true schema: $ref: '#/definitions/DomainDeploymentMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch Domain Deployment Map under infra tags: - Policy, Infra, Domains, Domain, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement put: consumes: - application/json description: | If the passed Domain Deployment Map does not already exist, create a new Domain Deployment Map. If it already exist, replace it. operationId: CreateOrUpdateDomainDeploymentMapForInfra parameters: - in: path name: domain-id required: true type: string - in: path name: domain-deployment-map-id required: true type: string - in: body name: DomainDeploymentMap required: true schema: $ref: '#/definitions/DomainDeploymentMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DomainDeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a new Domain Deployment Map under infra tags: - Policy, Infra, Domains, Domain, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/domains/{domain-id}/forwarding-policies: get: consumes: - application/json description: | List all forwarding policies for the given domain ordered by precedence. operationId: ListForwardingPolicies parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - default: false description: Include the count of rules in policy in: query name: include_rule_count required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ForwardingPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List forwarding policies for the given domain tags: - Policy, Networking, Network, Services, Forwarding, Policies x-vmw-nsx-module: PolicyForwarding /global-infra/domains/{domain-id}/forwarding-policies/{forwarding-policy-id}: get: consumes: - application/json description: | Read forwarding policy. operationId: ReadForwardingPolicy parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Forwarding map id in: path name: forwarding-policy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ForwardingPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read forwarding policy tags: - Policy, Networking, Network, Services, Forwarding, Policies x-vmw-nsx-module: PolicyForwarding /global-infra/domains/{domain-id}/forwarding-policies/{forwarding-policy-id}/rules: get: consumes: - application/json description: |- List rules operationId: ListForwardingRule parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Forwarding map id in: path name: forwarding-policy-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ForwardingRuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List rules tags: - Policy, Networking, Network, Services, Forwarding, Policies x-vmw-nsx-module: PolicyForwarding /global-infra/domains/{domain-id}/forwarding-policies/{forwarding-policy-id}/rules/{rule-id}: get: consumes: - application/json description: |- Read rule operationId: ReadForwardingRule parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Forwarding map id in: path name: forwarding-policy-id required: true type: string - description: |- Rule id in: path name: rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ForwardingRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read rule tags: - Policy, Networking, Network, Services, Forwarding, Policies x-vmw-nsx-module: PolicyForwarding /global-infra/domains/{domain-id}/gateway-policies: get: consumes: - application/json description: |- List all gateway policies for specified Domain. operationId: ListGatewayPoliciesForDomain parameters: - in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - default: false description: Include the count of rules in policy in: query name: include_rule_count required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List gateway policies tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}: delete: consumes: - application/json description: |- Delete GatewayPolicy operationId: DeleteGatewayPolicy parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete GatewayPolicy tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall get: consumes: - application/json description: | Read gateway policy for a domain. operationId: ReadGatewayPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read gateway policy tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall patch: consumes: - application/json description: | Update the gateway policy for a domain. This is a full replace. All the rules are replaced. operationId: PatchGatewayPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: body name: GatewayPolicy required: true schema: $ref: '#/definitions/GatewayPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update gateway policy tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall put: consumes: - application/json description: | Update the gateway policy for a domain. This is a full replace. All the rules are replaced. operationId: CreateOrReplaceGatewayPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: body name: GatewayPolicy required: true schema: $ref: '#/definitions/GatewayPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update gateway policy tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules: get: consumes: - application/json description: |- List rules operationId: ListGatewayRules parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List rules tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}: delete: consumes: - application/json description: |- Delete rule operationId: DeleteGatewayRule parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete rule tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall get: consumes: - application/json description: |- Read rule operationId: ReadGatewayRule parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read rule tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall patch: consumes: - application/json description: | Update the gateway rule. Create new rule if a rule with the rule-id is not already present. operationId: PatchGatewayRule parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update gateway rule tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall put: consumes: - application/json description: | Update the gateway rule. Create new rule if a rule with the rule-id is not already present. operationId: CreateOrReplaceGatewayRule parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update gateway rule tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}/statistics: get: consumes: - application/json description: | Get statistics of a gateway rule. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. operationId: GetGatewayRuleStatistics parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RuleStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get gateway rule statistics tags: - Policy, Security, North, South, Security, Gateway, Firewall, Statistics x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/rules/{rule-id}?action=revise: post: consumes: - application/json description: | This is used to re-order a gateway rule within a gateway policy. operationId: ReviseGatewayRuleRevise parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' - description: 'The security policy/rule path if operation is ''insert_after'' or ''insert_before'' ' in: query name: anchor_path required: false type: string - default: insert_top description: Operation enum: - insert_top - insert_bottom - insert_after - insert_before in: query name: operation required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Revise the positioning of gateway rule tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}/statistics: get: consumes: - application/json description: | Get statistics of a gateay policy. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. operationId: GetGatewayPolicyStatistics parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicyStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get gateway policy statistics tags: - Policy, Security, North, South, Security, Gateway, Firewall, Statistics x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}?action=revise: post: consumes: - application/json description: | This is used to set a precedence of a gateway policy w.r.t others. operationId: ReviseGatewayPolicyRevise parameters: - in: path name: domain-id required: true type: string - in: path name: gateway-policy-id required: true type: string - in: body name: GatewayPolicy required: true schema: $ref: '#/definitions/GatewayPolicy' - description: 'The security policy/rule path if operation is ''insert_after'' or ''insert_before'' ' in: query name: anchor_path required: false type: string - default: insert_top description: Operation enum: - insert_top - insert_bottom - insert_after - insert_before in: query name: operation required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Revise the positioning of gateway policy tags: - Policy, Security, North, South, Security, Gateway, Firewall, Rules x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/domains/{domain-id}/groups: get: consumes: - application/json description: | List Groups for a domain. Groups can be filtered using member_types query parameter, which returns the groups that contains the specified member types. Multiple member types can be provided as comma separated values. The API also return groups having member type that are subset of provided member_types. operationId: ListGroupForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Comma Seperated Member types in: query name: member_types required: false type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Groups for a domain tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}: delete: consumes: - application/json description: |- Delete Group operationId: DeleteGroup parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - default: false description: Do not delete if the group subtree has any entities in: query name: fail_if_subtree_exists type: boolean - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy get: consumes: - application/json description: |- Read group operationId: ReadGroupForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Group' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group with the group-id is not already present, create a new group. If it already exists, patch the group. operationId: PatchGroupForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - in: body name: Group required: true schema: $ref: '#/definitions/Group' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy put: consumes: - application/json description: | If a group with the group-id is not already present, create a new group. If it already exists, update the group. Avoid creating groups with multiple MACAddressExpression and IPAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression and IPAddressExpression along with other expressions. To group IPAddresses or MACAddresses, use nested groups instead of multiple IPAddressExpressions/MACAddressExpression. operationId: UpdateGroupForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - in: body name: Group required: true schema: $ref: '#/definitions/Group' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Group' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/dns-security-profile-binding-maps: get: consumes: - application/json description: |- API will get DNS security profile binding map operationId: ListDnsSecurityProfileBindings parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DNS security profile binding map tags: - Policy, Security, Security, Profiles, DNS, Security, Profile, Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/dns-security-profile-binding-maps/{dns-security-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete DNS security profile binding map operationId: DeleteDnsSecurityProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- DNS security profile binding map ID in: path name: dns-security-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DNS security profile binding map tags: - Policy, Security, Security, Profiles, DNS, Security, Profile, Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding get: consumes: - application/json description: |- API will get DNS security profile binding map operationId: GetDnsSecurityProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- DNS security profile binding map ID in: path name: dns-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DNS security profile binding map tags: - Policy, Security, Security, Profiles, DNS, Security, Profile, Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding patch: consumes: - application/json description: |- API will create or update DNS security profile binding map operationId: PatchDnsSecurityProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- DNS security profile binding map ID in: path name: dns-security-profile-binding-map-id required: true type: string - in: body name: DnsSecurityProfileBindingMap required: true schema: $ref: '#/definitions/DnsSecurityProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DNS security profile binding map tags: - Policy, Security, Security, Profiles, DNS, Security, Profile, Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding put: consumes: - application/json description: |- API will update DNS security profile binding map operationId: UpdateDnsSecurityProfileBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- DNS security profile binding map ID in: path name: dns-security-profile-binding-map-id required: true type: string - in: body name: DnsSecurityProfileBindingMap required: true schema: $ref: '#/definitions/DnsSecurityProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DnsSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update DNS security profile binding map tags: - Policy, Security, Security, Profiles, DNS, Security, Profile, Bindings x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/external-id-expressions/{expression-id}: delete: consumes: - application/json description: |- Delete Group External ID Expression operationId: DeleteGroupExternalIDExpression parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- ExternalIDExpression ID in: path name: expression-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group External ID Expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group ExternalIDexpression with the expression-id is not already present, create a new ExternalIDexpresison. If it already exists, replace the existing ExternalIDexpression. operationId: PatchGroupExternalIDExpressionForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- ExternalIDExpression ID in: path name: expression-id required: true type: string - in: body name: ExternalIDExpression required: true schema: $ref: '#/definitions/ExternalIDExpression' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group external ID expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy post: consumes: - application/json description: | It will add or remove the specified members having external ID for a given expression of a group. operationId: AddorRemoveGroupExternalIDMembers parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: expression-id required: true type: string - in: body name: GroupMemberList required: true schema: $ref: '#/definitions/GroupMemberList' - description: Add or Remove group members. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Add or Remove external id based members from/to a Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/firewall-flood-protection-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall Flood Protection Profile Binding Maps in current group id. operationId: ListPolicyFirewallFloodProtectionBindings parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Flood Protection Profile Binding Maps tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/firewall-flood-protection-profile-binding-maps/{firewall-flood-protection-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Firewall Flood Protection Profile Binding operationId: DeletePolicyFirewallFloodProtectionBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Flood Protection Profile Binding Map ID in: path name: firewall-flood-protection-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Firewall Flood Protection Profile Binding tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding get: consumes: - application/json description: | API will get Firewall Flood Protection Profile Binding Map operationId: GetPolicyFirewallFloodProtectionBinding parameters: - description: |- Domain-ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Flood Protection Profile Binding Map ID in: path name: firewall-flood-protection-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Firewall Flood Protection Profile Binding Map tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding patch: consumes: - application/json description: |- API will create or update Firewall Flood Protection profile binding map operationId: PatchPolicyFirewallFloodProtectionProfileBindingMap parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Flood Protection Profile Binding Map ID in: path name: firewall-flood-protection-profile-binding-map-id required: true type: string - in: body name: PolicyFirewallFloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Firewall Flood Protection Profile Binding Map tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding put: consumes: - application/json description: |- API will update Firewall Flood Protection Profile Binding Map operationId: UpdatePolicyFirewallFloodProtectionBinding parameters: - description: |- DomainID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Flood Protection Profile Binding Map ID in: path name: firewall-flood-protection-profile-binding-map-id required: true type: string - in: body name: PolicyFirewallFloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Firewall Flood Protection Profile Binding Map tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/firewall-session-timer-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall Session Timer Profile Binding Maps in current group id. operationId: ListPolicyFirewallSessionTimerBindings parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Session Timer Profile Binding Maps tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/firewall-session-timer-profile-binding-maps/{firewall-session-timer-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Firewall Session Timer Profile Binding operationId: DeletePolicyFirewallSessionTimerBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Session Timer Profile Binding Map ID in: path name: firewall-session-timer-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Firewall Session Timer Profile Binding tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding get: consumes: - application/json description: | API will get Firewall Session Timer Profile Binding Map operationId: GetPolicyFirewallSessionTimerBinding parameters: - description: |- Domain-ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Session Timer Profile Binding Map ID in: path name: firewall-session-timer-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Firewall Session Timer Profile Binding Map tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding patch: consumes: - application/json description: |- API will create or update Firewall Session Timer profile binding map operationId: PatchPolicyFirewallSessionTimerProfileBindingMap parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Session Timer Profile Binding Map ID in: path name: firewall-session-timer-profile-binding-map-id required: true type: string - in: body name: PolicyFirewallSessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Firewall Session Timer Profile Binding Map tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding put: consumes: - application/json description: |- API will update Firewall Session Timer Profile Binding Map operationId: UpdatePolicyFirewallSessionTimerBinding parameters: - description: |- DomainID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Firewall Session Timer Profile Binding Map ID in: path name: firewall-session-timer-profile-binding-map-id required: true type: string - in: body name: PolicyFirewallSessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Firewall Session Timer Profile Binding Map tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Bindings x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/group-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Group Monitoring Profile Binding Maps in current group id. operationId: ListGroupMonitoringBindings parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Group Monitoring Profile Binding Maps tags: - Policy, Security, Security, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/domains/{domain-id}/groups/{group-id}/group-monitoring-profile-binding-maps/{group-monitoring-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Group Monitoring Profile Binding operationId: DeleteGroupMonitoringBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group Monitoring Profile Binding Map ID in: path name: group-monitoring-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group Monitoring Profile Binding tags: - Policy, Security, Security, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding get: consumes: - application/json description: | API will get Group Monitoring Profile Binding Map operationId: GetGroupMonitoringBinding parameters: - description: |- Domain-ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group Monitoring Profile Binding Map ID in: path name: group-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Group Monitoring Profile Binding Map tags: - Policy, Security, Security, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding patch: consumes: - application/json description: |- API will create group monitoring profile binding map operationId: PatchGroupMonitoringBinding parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group Monitoring Profile Binding Map ID in: path name: group-monitoring-profile-binding-map-id required: true type: string - in: body name: GroupMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/GroupMonitoringProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Group Monitoring Profile Binding Map tags: - Policy, Security, Security, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding put: consumes: - application/json description: |- API will update Group Monitoring Profile Binding Map operationId: UpdateGroupMonitoringBinding parameters: - description: |- DomainID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- Group Monitoring Profile Binding Map ID in: path name: group-monitoring-profile-binding-map-id required: true type: string - in: body name: GroupMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/GroupMonitoringProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Group Monitoring Profile Binding Map tags: - Policy, Security, Security, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/domains/{domain-id}/groups/{group-id}/ip-address-expressions/{expression-id}: delete: consumes: - application/json description: |- Delete Group IPAddressExpression operationId: DeleteGroupIPAddressExpression parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- IPAddressExpression ID in: path name: expression-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group IPAddressExpression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group IPAddressExpression with the expression-id is not already present, create a new IPAddressExpression. If it already exists, replace the existing IPAddressExpression. operationId: PatchGroupIPAddressExpressionForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- IPAddressExpression ID in: path name: expression-id required: true type: string - in: body name: IPAddressExpression required: true schema: $ref: '#/definitions/IPAddressExpression' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group IP Address expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy post: consumes: - application/json description: | It will add or remove the specified IP Addresses from a given expression of a group. operationId: AddorRemoveGroupIPAddresses parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: expression-id required: true type: string - in: body name: IPAddressList required: true schema: $ref: '#/definitions/IPAddressList' - description: Add or Remove group members. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Add or Remove IP Addresses from/to a Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/mac-address-expressions/{expression-id}: delete: consumes: - application/json description: |- Delete Group MACAddressExpression operationId: DeleteGroupMACAddressExpression parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- MACAddressExpression ID in: path name: expression-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group MACAddressExpression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group MACAddressExpression with the expression-id is not already present, create a new MACAddressExpression. If it already exists, replace the existing MACAddressExpression. operationId: PatchGroupMACAddressExpressionForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- MACAddressExpression ID in: path name: expression-id required: true type: string - in: body name: MACAddressExpression required: true schema: $ref: '#/definitions/MACAddressExpression' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group MAC Address expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy post: consumes: - application/json description: | It will add or remove the specified MAC Addresses from a given expression of a group. operationId: AddorRemoveGroupMACAddresses parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: expression-id required: true type: string - in: body name: MACAddressList required: true schema: $ref: '#/definitions/MACAddressList' - description: Add or Remove group members. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Add or Remove MAC Addresses from/to a Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/member-types: get: consumes: - application/json description: | It retrieves member types for a given group. In case of nested groups, it calculates member types of child groups as well. Considers member type for members added via static members and dynamic membership criteria. operationId: GetMemberTypesForGroup parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupMemberTypeListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get member types for a given Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/members/consolidated-effective-ip-addresses: get: consumes: - application/json description: | Returns consolidated effective ip address members of the specified NSGroup. Applicable in case of federated environment. The response contains site-wise list of consolidated effective IP address members. In the response, for the local-site, the list will contain static and dynamicaly translated IPs. For the remote sites, the list will contain only the dynamically translated IPs. The static IPs will not be seen in the response of this API. Hence, user can refer to the local-site Ip response in the API results or the group definition to see the static IP membership of the Group. This API is applicable only for Global Groups containing (directly or via nesting) either VirtualMachine, VIF, Segment, SegmentPort or IPSet member type. Use the cursor value in the response to fetch the next page. If there is no cursor value for a response, it implies the last page in the results for the query. operationId: GetConsolidatedEffectiveIPMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: 'UUID of the site from which the effective IP addresses are to be fetched ' in: query name: site_id required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConsolidatedEffectiveIPAddressMemberListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get consolidated effective IPAddress translated from this group across site tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/ip-addresses: get: consumes: - application/json description: | Get IP addresses that belong to this Group. This API is applicable for Groups containing either VirtualMachine, VIF, Segment ,Segment Port or IP Address member type.For Groups containing other member types,an empty list is returned operationId: GetGroupIPMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupIPMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IP addresses that belong to this Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/logical-ports: get: consumes: - application/json description: | Get logical ports that belong to this Group This API is applicable for Groups containing either VirtualMachine, VIF, Segment or Segment Port member type.For Groups containing other member types,an empty list is returned. operationId: GetGroupLPMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get logical ports that belong to this Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/logical-switches: get: consumes: - application/json description: | Get logical switches that belong to this Group. This API is applicable for Groups containing Segment member type. For Groups containing other member types, an empty list is returned. operationId: GetGroupLSMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get logical switches that belong to this Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/segment-ports: get: consumes: - application/json description: | Get segment ports that belong to this Group operationId: GetGroupSegmentPortMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment ports that belong to this Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/segments: get: consumes: - application/json description: | Get segments that belong to this Group operationId: GetGroupSegmentMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyGroupMembersListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segments that belong to this Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/vifs: get: consumes: - application/json description: | Get Virtual Network Interface instances that belong to this Group. This API is applicable for Groups containing VirtualNetworkInterface and VirtualMachine member types. For Groups containing other member types,an empty list is returned.target_id in response is external_id of VirtualNetworkInterface or VirtualMachine. operationId: GetGroupVIFMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/VirtualNetworkInterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Virtual Network Interface instances that belong to this Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/members/virtual-machines: get: consumes: - application/json description: | Get Virtual machines that belong to this Group. This API is applicable for Groups containing VirtualMachine,member type. For Groups containing other member types,an empty list is returned. operationId: GetGroupVMMembers parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RealizedVirtualMachineListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Virtual machines that belong to this Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/groups/{group-id}/path-expressions/{expression-id}: delete: consumes: - application/json description: |- Delete Group Path Expression operationId: DeleteGroupPathExpression parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- PathExpression ID in: path name: expression-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Group Path Expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a group path_expression with the expression-id is not already present, create a new pathexpresison. If it already exists, replace the existing pathexpression. operationId: PatchGroupPathExpressionForDomain parameters: - description: |- Domain ID in: path name: domain-id required: true type: string - description: |- Group ID in: path name: group-id required: true type: string - description: |- PathExpression ID in: path name: expression-id required: true type: string - in: body name: PathExpression required: true schema: $ref: '#/definitions/PathExpression' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a group path expression tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy post: consumes: - application/json description: | It will add or remove the specified members having path for a given expression of a group. operationId: AddorRemoveGroupPathMembers parameters: - in: path name: domain-id required: true type: string - in: path name: group-id required: true type: string - in: path name: expression-id required: true type: string - in: body name: GroupMemberList required: true schema: $ref: '#/definitions/GroupMemberList' - description: Add or Remove group members. enum: - add - remove in: query name: action required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Add or Remove path based members from/to a Group tags: - Policy, Inventory, Groups, Groups x-vmw-nsx-module: Policy /global-infra/domains/{domain-id}/groups/{group-id}/tags: get: consumes: - application/json description: | Get tags used to define conditions inside a Group. Also includes tags inside nested groups. operationId: GetGroupTags parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Group Id in: path name: group-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GroupTagsList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tags used to define conditions inside a Group tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/domains/{domain-id}/security-policies: get: consumes: - application/json description: | List all security policies for a domain. operationId: ListSecurityPoliciesForDomain parameters: - in: path name: domain-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - default: false description: Include the count of rules in policy in: query name: include_rule_count required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List security policies tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}: delete: consumes: - application/json description: | Deletes the security policy along with all the rules operationId: DeleteSecurityPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Deletes a security policy from this domain tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy get: consumes: - application/json description: | Read security policy for a domain. operationId: ReadSecurityPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read security policy tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy patch: consumes: - application/json description: | Patch the security policy for a domain. If a security policy for the given security-policy-id is not present, the object will get created and if it is present it will be updated. This is a full replace operationId: PatchSecurityPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: body name: SecurityPolicy required: true schema: $ref: '#/definitions/SecurityPolicy' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch security policy tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy put: consumes: - application/json description: | Create or Update the security policy for a domain. This is a full replace. All the rules are replaced. operationId: UpdateSecurityPolicyForDomain parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: body name: SecurityPolicy required: true schema: $ref: '#/definitions/SecurityPolicy' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Update security policy tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules: get: consumes: - application/json description: |- List rules operationId: ListSecurityRules parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List rules tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}: delete: consumes: - application/json description: |- Delete rule operationId: DeleteSecurityRule parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete rule tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy get: consumes: - application/json description: |- Read rule operationId: ReadSecurityRule parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read rule tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy patch: consumes: - application/json description: | Patch the rule. If Rule corresponding to the the given rule-id is not present, the object will get created and if it is present it will be updated. This is a full replace operationId: PatchSecurityRule parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a rule tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy put: consumes: - application/json description: | Update the rule. Create new rule if a rule with the rule-id is not already present. operationId: UpdateSecurityRule parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a rule tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}/statistics: get: consumes: - application/json description: | Get statistics of a rule. - no enforcement point path specified: Stats will be evaluated on each enforcement point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. operationId: GetRuleStatistics parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Security policy id in: path name: security-policy-id required: true type: string - description: |- Rule id in: path name: rule-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RuleStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get rule statistics tags: - Policy, Security, East, West, Security, Distributed, Firewall, Statistics x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}?action=revise: post: consumes: - application/json description: | This is used to re-order a rule within a security policy. operationId: ReviseSecurityRuleRevise parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: path name: rule-id required: true type: string - in: body name: Rule required: true schema: $ref: '#/definitions/Rule' - description: 'The security policy/rule path if operation is ''insert_after'' or ''insert_before'' ' in: query name: anchor_path required: false type: string - default: insert_top description: Operation enum: - insert_top - insert_bottom - insert_after - insert_before in: query name: operation required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Rule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Revise the positioning of rule tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}/statistics: get: consumes: - application/json description: | Get statistics of a security policy. - no enforcement point path specified: Stats will be evaluated on each enforcement point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. operationId: GetSecurityPolicyStatistics parameters: - description: |- Domain id in: path name: domain-id required: true type: string - description: |- Security policy id in: path name: security-policy-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicyStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get security policy statistics tags: - Policy, Security, East, West, Security, Distributed, Firewall, Statistics x-vmw-nsx-module: DfwSecurityPolicy /global-infra/domains/{domain-id}/security-policies/{security-policy-id}?action=revise: post: consumes: - application/json description: | This is used to set a precedence of a security policy w.r.t others. operationId: ReviseSecurityPoliciesRevise parameters: - in: path name: domain-id required: true type: string - in: path name: security-policy-id required: true type: string - in: body name: SecurityPolicy required: true schema: $ref: '#/definitions/SecurityPolicy' - description: 'The security policy/rule path if operation is ''insert_after'' or ''insert_before'' ' in: query name: anchor_path required: false type: string - default: insert_top description: Operation enum: - insert_top - insert_bottom - insert_after - insert_before in: query name: operation required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SecurityPolicy' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Revise the positioning of security policies tags: - Policy, Security, East, West, Security, Distributed, Firewall, Rules x-vmw-nsx-module: DfwSecurityPolicy /global-infra/federation-config: get: consumes: - application/json description: |- Read a federation config from Global Manager. operationId: ReadFederationConfig produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FederationConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read federation config tags: - Federation, Infra, Federation, Configuration x-vmw-nsx-module: PolicySiteGM /global-infra/firewall-schedulers: get: consumes: - application/json description: | Get all PolicyFirewallSchedulers operationId: ListPolicyFirewallSchedulers parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSchedulerListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get PolicyFirewallSchedulers tags: - Policy, Security, East, West, Security, Distributed, Firewall, Settings, Firewall, Scheduler x-vmw-nsx-module: PolicyFirewallScheduler /global-infra/firewall-schedulers/{firewall-scheduler-id}: delete: consumes: - application/json description: | Deletes the specified PolicyFirewallScheduler. If scheduler is consumed in a security policy, it won't get deleted. operationId: DeletePolicyFirewallScheduler parameters: - in: path name: firewall-scheduler-id required: true type: string - default: false description: 'Force delete the resource even if it is being used somewhere ' in: query name: force type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Policy Firewall Scheduler tags: - Policy, Security, East, West, Security, Distributed, Firewall, Settings, Firewall, Scheduler x-vmw-nsx-module: PolicyFirewallScheduler get: consumes: - application/json description: | Get a PolicyFirewallScheduler by id operationId: GetPolicyFirewallScheduler parameters: - in: path name: firewall-scheduler-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallScheduler' '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get PolicyFirewallScheduler tags: - Policy, Security, East, West, Security, Distributed, Firewall, Settings, Firewall, Scheduler x-vmw-nsx-module: PolicyFirewallScheduler patch: consumes: - application/json description: | Creates/Updates a PolicyFirewallScheduler, which can be set at security policy. Note that at least one property out of "days", "start_date", "time_interval", "end_date" is required if "recurring" field is true. Also "start_time" and "end_time" should not be present. And if "recurring" field is false then "start_date" and "end_date" is mandatory, "start_time" and "end_time" is optional. Also the fields "days" and "time_interval" should not be present. operationId: PatchPolicyFirewallScheduler parameters: - in: path name: firewall-scheduler-id required: true type: string - in: body name: PolicyFirewallScheduler required: true schema: $ref: '#/definitions/PolicyFirewallScheduler' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Update PolicyFirewallScheduler tags: - Policy, Security, East, West, Security, Distributed, Firewall, Settings, Firewall, Scheduler x-vmw-nsx-module: PolicyFirewallScheduler put: consumes: - application/json description: | Updates a PolicyFirewallScheduler, which can be set at security policy. Note that at least one property out of "days", "start_date", "time_interval", "end_date" is required if "recurring" field is true. Also "start_time" and "end_time" should not be present. And if "recurring" field is false then "start_date" and "end_date" is mandatory, "start_time" and "end_time" is optional. Also the fields "days" and "time_interval" should not be present. operationId: UpdatePolicyFirewallScheduler parameters: - in: path name: firewall-scheduler-id required: true type: string - in: body name: PolicyFirewallScheduler required: true schema: $ref: '#/definitions/PolicyFirewallScheduler' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallScheduler' '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Update PolicyFirewallScheduler tags: - Policy, Security, East, West, Security, Distributed, Firewall, Settings, Firewall, Scheduler x-vmw-nsx-module: PolicyFirewallScheduler /global-infra/firewall-session-timer-profiles: get: consumes: - application/json description: |- API will list all Firewall Session Timer Profiles operationId: ListPolicyFirewallSessionTimerProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall Session Timer Profiles tags: - Policy, Security, Security, Profiles, Session, Timer, Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile /global-infra/firewall-session-timer-profiles/{firewall-session-timer-profile-id}: delete: consumes: - application/json description: |- API will delete Firewall Session Timer Profile operationId: DeletePolicyFirewallSessionTimerProfile parameters: - description: |- Firewall Session Timer Profile ID in: path name: firewall-session-timer-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Firewall Session Timer Profile tags: - Policy, Security, Security, Profiles, Session, Timer, Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile get: consumes: - application/json description: |- API will get Firewall Session Timer Profile operationId: GetPolicyFirewallSessionTimerProfile parameters: - description: |- Firewall Session Timer Profile ID in: path name: firewall-session-timer-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Firewall Session Timer Profile tags: - Policy, Security, Security, Profiles, Session, Timer, Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile patch: consumes: - application/json description: |- API will create/update Firewall Session Timer Profile operationId: PatchPolicyFirewallSessionTimerProfile parameters: - description: |- Firewall Session Timer Profile ID in: path name: firewall-session-timer-profile-id required: true type: string - in: body name: PolicyFirewallSessionTimerProfile required: true schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Firewall Session Timer Profile tags: - Policy, Security, Security, Profiles, Session, Timer, Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile put: consumes: - application/json description: |- API will update Firewall Session Timer Profile operationId: UpdatePolicyFirewallSessionTimerProfile parameters: - description: |- Firewall Session Timer Profile ID in: path name: firewall-session-timer-profile-id required: true type: string - in: body name: PolicyFirewallSessionTimerProfile required: true schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Firewall Session Timer Profile tags: - Policy, Security, Security, Profiles, Session, Timer, Profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile /global-infra/flood-protection-profiles: get: consumes: - application/json description: |- API will list all Flood Protection Profiles operationId: ListFloodProtectionProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Flood Protection Profiles tags: - Policy, Security, Security, Profiles, Flood, Protection, Profiles x-vmw-nsx-module: PolicyProfile /global-infra/flood-protection-profiles/{flood-protection-profile-id}: delete: consumes: - application/json description: |- API will delete Flood Protection Profile operationId: DeleteFloodProtectionProfile parameters: - description: |- Flood Protection Profile ID in: path name: flood-protection-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile tags: - Policy, Security, Security, Profiles, Flood, Protection, Profiles x-vmw-nsx-module: PolicyProfile get: consumes: - application/json description: |- API will get Flood Protection Profile operationId: GetFloodProtectionProfile parameters: - description: |- Flood Protection Profile ID in: path name: flood-protection-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile tags: - Policy, Security, Security, Profiles, Flood, Protection, Profiles x-vmw-nsx-module: PolicyProfile patch: consumes: - application/json description: |- API will create/update Flood Protection Profile operationId: PatchFloodProtectionProfile parameters: - description: |- Firewall Flood Protection Profile ID in: path name: flood-protection-profile-id required: true type: string - in: body name: FloodProtectionProfile required: true schema: $ref: '#/definitions/FloodProtectionProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile tags: - Policy, Security, Security, Profiles, Flood, Protection, Profiles x-vmw-nsx-module: PolicyProfile put: consumes: - application/json description: |- API will update Firewall Flood Protection Profile operationId: UpdateFloodProtectionProfile parameters: - description: |- Flood Protection Profile ID in: path name: flood-protection-profile-id required: true type: string - in: body name: FloodProtectionProfile required: true schema: $ref: '#/definitions/FloodProtectionProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Firewall Flood Protection Profile tags: - Policy, Security, Security, Profiles, Flood, Protection, Profiles x-vmw-nsx-module: PolicyProfile /global-infra/flood-protection-profiles/{flood-protection-profile-id}/bindings: get: consumes: - application/json description: |- API will list all Flood Protection Profiles bindings. operationId: ListFloodProtectionProfileBindings parameters: - in: path name: flood-protection-profile-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Flood Protection Profiles tags: - Policy, Security, Security, Profiles, Flood, Protection, Profiles x-vmw-nsx-module: PolicyProfile /global-infra/full-sync-states: get: consumes: - application/json description: |- List full sync state. operationId: ListFullSyncStates parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FullSyncStateListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List full sync states tags: - Federation, Local, Manager, Full, Synchronization x-vmw-nsx-module: PolicyFullSync /global-infra/full-sync-states/{full-sync-id}: get: consumes: - application/json description: |- Get full sync state. operationId: GetFullSyncStates parameters: - in: path name: full-sync-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FullSyncState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get full sync state tags: - Federation, Local, Manager, Full, Synchronization x-vmw-nsx-module: PolicyFullSync /global-infra/gateway-qos-profiles: get: consumes: - application/json description: | Paginated list of all gateway QoS profle instances operationId: ListGatewayQosProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayQosProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all gateway QoS profiles tags: - Policy, Networking, Networking, Profiles, Gateway, QOS, Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/gateway-qos-profiles/{qos-profile-id}: delete: consumes: - application/json description: |- Delete QoS profile operationId: DeleteGatewayQosProfile parameters: - in: path name: qos-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete gateway QoS profile tags: - Policy, Networking, Networking, Profiles, Gateway, QOS, Profiles x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read gateway QoS profile operationId: ReadGatewayQosProfile parameters: - in: path name: qos-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayQosProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read gateway QoS profile tags: - Policy, Networking, Networking, Profiles, Gateway, QOS, Profiles x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If profile with the qos-profile-id is not already present, create a new gateway QoS profile instance. If it already exists, update the gateway QoS profile instance with specified attributes. operationId: PatchGatewayQosProfile parameters: - in: path name: qos-profile-id required: true type: string - in: body name: GatewayQosProfile required: true schema: $ref: '#/definitions/GatewayQosProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Gateway QoS profile tags: - Policy, Networking, Networking, Profiles, Gateway, QOS, Profiles x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If profile with the qos-profile-id is not already present, create a new gateway QoS profile instance. If it already exists, replace the gateway QoS profile instance with this object. operationId: CreateOrReplaceGatewayQosProfile parameters: - in: path name: qos-profile-id required: true type: string - in: body name: GatewayQosProfile required: true schema: $ref: '#/definitions/GatewayQosProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayQosProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Gateway QoS profile tags: - Policy, Networking, Networking, Profiles, Gateway, QOS, Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/global-manager-config: patch: consumes: - application/json description: | Create or patch a Global Manager Config operationId: PatchGlobalManagerConfig parameters: - in: body name: GlobalManagerConfig required: true schema: $ref: '#/definitions/GlobalManagerConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or patch Global Manager Config tags: - Policy, Infra, Federation x-vmw-nsx-module: PolicySiteGM put: consumes: - application/json description: | Create or fully replace a Global Manager Config. Revision is optional for creation and required for update. operationId: CreateOrUpdateGlobalManagerConfig parameters: - in: body name: GlobalManagerConfig required: true schema: $ref: '#/definitions/GlobalManagerConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManagerConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or fully replace Global Manager Config tags: - Policy, Infra, Federation x-vmw-nsx-module: PolicySiteGM /global-infra/global-manager-config?action=show-sensitive-data: get: consumes: - application/json description: | Read a Global Manager config along with sensitive data. For example - rtep_config.ibgp_password operationId: ReadGlobalManagerConfigWithSensitiveDataShow-sensitive-data produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManagerConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Global Manager config along with sensitive data tags: - Policy, Infra, Federation x-vmw-nsx-module: PolicySiteGM /global-infra/global-managers: get: consumes: - application/json description: | List Global Managers under Infra. operationId: ListInfraGlobalManagers parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManagerListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Global Managers tags: - Federation, Infra, Global, Managers x-vmw-nsx-module: PolicySiteGM post: consumes: - application/json description: | Switch over from Active to Standby Global Manager. This operation will fail if there is no Standby Global Manager. operationId: SwitchOverToStandBy parameters: - description: Indicates whether it is managed switchover or due to failure enum: - managed_switchover - active_failed in: query name: action required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManager' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Switch over from Active to Standby Global Manager tags: - Federation, Infra, Global, Managers x-vmw-nsx-module: PolicySiteGM /global-infra/global-managers/{global-manager-id}: delete: consumes: - application/json description: | Delete a particular global manager under Infra. Global Manager id 'self' is reserved and can be used for referring to local logged in Global Manager. Example - /infra/global-managers/self operationId: DeleteInfraGlobalManager parameters: - in: path name: global-manager-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a Global Manager under Infra tags: - Federation, Infra, Global, Managers x-vmw-nsx-module: PolicySiteGM get: consumes: - application/json description: | Retrieve information about a particular configured global manager. Global Manager id 'self' is reserved and can be used for referring to local logged in Global Manager. Example - /infra/global-managers/self operationId: ReadInfraGlobalManager parameters: - in: path name: global-manager-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManager' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Global Manager tags: - Federation, Infra, Global, Managers x-vmw-nsx-module: PolicySiteGM patch: consumes: - application/json description: | Create or patch a Global Manager under Infra. Global Manager id 'self' is reserved and can be used for referring to local logged in Global Manager. Example - /infra/global-managers/self operationId: PatchInfraGlobalManager parameters: - in: path name: global-manager-id required: true type: string - in: body name: GlobalManager required: true schema: $ref: '#/definitions/GlobalManager' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or patch a Global Manager tags: - Federation, Infra, Global, Managers x-vmw-nsx-module: PolicySiteGM put: consumes: - application/json description: | Create or fully replace Global Manager under Infra. Revision is optional for creation and required for update. Global Manager id 'self' is reserved and can be used for referring to local logged in Global Manager. Example - /infra/global-managers/self operationId: CreateOrUpdateInfraGlobalManager parameters: - in: path name: global-manager-id required: true type: string - in: body name: GlobalManager required: true schema: $ref: '#/definitions/GlobalManager' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GlobalManager' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or fully replace a Global Manager under infra tags: - Federation, Infra, Global, Managers x-vmw-nsx-module: PolicySiteGM /global-infra/group-associations: get: consumes: - application/json description: | Get policy groups for which the given object is a member. In Federation environment, if the given object is a global entity and if that entity is not stretched to the site specified in the enforcement_point_path parameter, then this API returns an empty list. operationId: GetGroupsForObject parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: String path of the intent object in: query name: intent_path required: true type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceForEPListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get groups for which the given object is a member tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/group-service-associations: get: consumes: - application/json description: | The API returns all the services associated with the given Group. It also returns the services associated with the parent groups of the given group. operationId: GetPolicyGroupServiceAssociations parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Path of the entity in: query name: intent_path required: true type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the list of services where the given group is consumed. tags: - Policy x-vmw-nsx-module: PolicyGroupRealization /global-infra/ip-address-group-associations: get: consumes: - application/json description: | Get policy groups for which the given IP address is a member. operationId: GetGroupsForIPAddress parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPAddress in: query name: ip_address required: true type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceForEPListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get groups for which the given IP address is a member tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/ip-discovery-profiles: get: consumes: - application/json description: | API will list all IP Discovery Profiles active in current discovery profile id. operationId: GetIPDiscoveryProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPDiscoveryProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IP Discovery Profiles tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, IP, Discovery, Profiles x-vmw-nsx-module: PolicyIpDiscovery /global-infra/ip-discovery-profiles/{ip-discovery-profile-id}: delete: consumes: - application/json description: | API will delete IP Discovery profile. operationId: DeleteIPDiscoveryProfile parameters: - description: |- IP Discovery Profile ID in: path name: ip-discovery-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IP Discovery Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, IP, Discovery, Profiles x-vmw-nsx-module: PolicyIpDiscovery get: consumes: - application/json description: | API will get IP Discovery profile. operationId: GetIPDiscoveryProfile parameters: - description: |- IP Discovery Profile ID in: path name: ip-discovery-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPDiscoveryProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IP Discovery Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, IP, Discovery, Profiles x-vmw-nsx-module: PolicyIpDiscovery patch: consumes: - application/json description: | API will create IP Discovery profile. operationId: CreateIPDiscoveryProfile parameters: - description: |- IP Discovery Profile ID in: path name: ip-discovery-profile-id required: true type: string - in: body name: IPDiscoveryProfile required: true schema: $ref: '#/definitions/IPDiscoveryProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create IP Discovery Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, IP, Discovery, Profiles x-vmw-nsx-module: PolicyIpDiscovery put: consumes: - application/json description: | API will update IP Discovery profile. operationId: UpdateIPDiscoveryProfile parameters: - description: |- IP Discovery Profile ID in: path name: ip-discovery-profile-id required: true type: string - in: body name: IPDiscoveryProfile required: true schema: $ref: '#/definitions/IPDiscoveryProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPDiscoveryProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update IP Discovery Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, IP, Discovery, Profiles x-vmw-nsx-module: PolicyIpDiscovery /global-infra/ipfix-dfw-collector-profiles: get: consumes: - application/json description: | API will provide list of all IPFIX dfw collector profiles and their details. operationId: ListIPFIXDFWCollectorProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWCollectorProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IPFIX Collector profiles. tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXDFW /global-infra/ipfix-dfw-collector-profiles/{ipfix-dfw-collector-profile-id}: delete: consumes: - application/json description: | API deletes IPFIX dfw collector profile. Flow forwarding to collector will be stopped. operationId: DeleteIPFIXDFWCollectorProfile parameters: - description: |- IPFIX dfw collector Profile id in: path name: ipfix-dfw-collector-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPFIX dfw Collector profile tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXDFW get: consumes: - application/json description: | API will return details of IPFIX dfw collector profile. If profile does not exist, it will return 404. operationId: ReadIPFIXDFWCollectorProfile parameters: - description: |- IPFIX dfw collector profile id in: path name: ipfix-dfw-collector-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWCollectorProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IPFIX dfw Collector profile tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXDFW patch: consumes: - application/json description: | Create a new IPFIX dfw collector profile if the IPFIX dfw collector profile with given id does not already exist. If the IPFIX dfw collector profile with the given id already exists, patch with the existing IPFIX dfw collector profile. operationId: PatchIPFIXDFWCollectorProfile parameters: - in: path name: ipfix-dfw-collector-profile-id required: true type: string - in: body name: IPFIXDFWCollectorProfile required: true schema: $ref: '#/definitions/IPFIXDFWCollectorProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- IPFIX dfw collector profile id tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXDFW put: consumes: - application/json description: | Create or Replace IPFIX dfw collector profile. IPFIX data will be sent to IPFIX collector port. operationId: CreateOrReplaceIPFIXDFWCollectorProfile parameters: - description: |- IPFIX dfw collector profile id in: path name: ipfix-dfw-collector-profile-id required: true type: string - in: body name: IPFIXDFWCollectorProfile required: true schema: $ref: '#/definitions/IPFIXDFWCollectorProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWCollectorProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace IPFIX dfw collector profile tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXDFW /global-infra/ipfix-dfw-profiles: get: consumes: - application/json description: | API provides list IPFIX DFW profiles available on selected logical DFW. operationId: ListIPFIXDFWProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IPFIX DFW Profile tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXDFW /global-infra/ipfix-dfw-profiles/{ipfix-dfw-profile-id}: delete: consumes: - application/json description: | API deletes IPFIX DFW Profile. Selected IPFIX Collectors will stop receiving flows. operationId: DeleteIPFIXDFWProfile parameters: - description: |- IPFIX DFW Profile ID in: path name: ipfix-dfw-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPFIX DFW Profile tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXDFW get: consumes: - application/json description: | API will return details of IPFIX DFW profile. operationId: ReadIPFIXDFWProfile parameters: - description: |- IPFIX DFW collection id in: path name: ipfix-dfw-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IPFIX DFW Profile tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXDFW patch: consumes: - application/json description: | Create a new IPFIX DFW profile if the IPFIX DFW profile with given id does not already exist. If the IPFIX DFW profile with the given id already exists, patch with the existing IPFIX DFW profile. operationId: PatchIPFIXDFWProfile parameters: - description: |- IPFIX DFW Profile ID in: path name: ipfix-dfw-profile-id required: true type: string - in: body name: IPFIXDFWProfile required: true schema: $ref: '#/definitions/IPFIXDFWProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch IPFIX DFW profile tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXDFW put: consumes: - application/json description: | Create or replace IPFIX DFW profile. Config will start forwarding data to provided IPFIX DFW collector. operationId: CreateOrReplaceIPFIXDFWProfile parameters: - description: |- IPFIX DFW Profile ID in: path name: ipfix-dfw-profile-id required: true type: string - in: body name: IPFIXDFWProfile required: true schema: $ref: '#/definitions/IPFIXDFWProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXDFWProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace IPFIX DFW collection Config. tags: - Policy, Operations, IPFIX, Firewall, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXDFW /global-infra/ipfix-l2-collector-profiles: get: consumes: - application/json description: | API will provide list of all IPFIX collector profiles and their details. operationId: ListIPFIXL2CollectorProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2CollectorProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IPFIX Collector profiles. tags: - Policy, Operations, IPFIX, Switch, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXSwitch /global-infra/ipfix-l2-collector-profiles/{ipfix-l2-collector-profile-id}: delete: consumes: - application/json description: | API deletes IPFIX collector profile. Flow forwarding to collector will be stopped. operationId: DeleteIPFIXL2CollectorProfile parameters: - description: |- IPFIX collector Profile id in: path name: ipfix-l2-collector-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPFIX Collector profile tags: - Policy, Operations, IPFIX, Switch, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXSwitch get: consumes: - application/json description: | API will return details of IPFIX collector profile. operationId: ReadIPFIXL2CollectorProfile parameters: - description: |- IPFIX collector profile id in: path name: ipfix-l2-collector-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2CollectorProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IPFIX Collector profile tags: - Policy, Operations, IPFIX, Switch, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXSwitch patch: consumes: - application/json description: | Create a new IPFIX collector profile if the IPFIX collector profile with given id does not already exist. If the IPFIX collector profile with the given id already exists, patch with the existing IPFIX collector profile. operationId: PatchIPFIXL2CollectorProfile parameters: - description: |- IPFIX collector profile id in: path name: ipfix-l2-collector-profile-id required: true type: string - in: body name: IPFIXL2CollectorProfile required: true schema: $ref: '#/definitions/IPFIXL2CollectorProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch IPFIX collector profile tags: - Policy, Operations, IPFIX, Switch, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXSwitch put: consumes: - application/json description: | Create or Replace IPFIX collector profile. IPFIX data will be sent to IPFIX collector. operationId: CreateOrReplaceIPFIXL2CollectorProfile parameters: - description: |- IPFIX collector profile id in: path name: ipfix-l2-collector-profile-id required: true type: string - in: body name: IPFIXL2CollectorProfile required: true schema: $ref: '#/definitions/IPFIXL2CollectorProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2CollectorProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace IPFIX collector profile tags: - Policy, Operations, IPFIX, Switch, IPFIX, Collectors x-vmw-nsx-module: PolicyIPFIXSwitch /global-infra/ipfix-l2-profiles: get: consumes: - application/json description: | API provides list IPFIX L2 Profiles available on selected logical l2. operationId: ListIPFIXL2Profiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2ProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List IPFIX L2 Profiles tags: - Policy, Operations, IPFIX, Switch, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXSwitch /global-infra/ipfix-l2-profiles/{ipfix-l2-profile-id}: delete: consumes: - application/json description: | API deletes IPFIX L2 Profile. Flow forwarding to selected collector will be stopped. operationId: DeleteIPFIXL2Profile parameters: - description: |- IPFIX L2 Profile ID in: path name: ipfix-l2-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPFIX L2 Profile tags: - Policy, Operations, IPFIX, Switch, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXSwitch get: consumes: - application/json description: | API will return details of IPFIX L2 profile. operationId: ReadIPFIXL2Profile parameters: - description: |- IPFIX L2 profile id in: path name: ipfix-l2-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2Profile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get IPFIX L2 Profile tags: - Policy, Operations, IPFIX, Switch, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXSwitch patch: consumes: - application/json description: | Create a new IPFIX L2 profile if the IPFIX L2 profile with given id does not already exist. If the IPFIX L2 profile with the given id already exists, patch with the existing IPFIX L2 profile. operationId: PatchIPFIXL2Profile parameters: - description: |- IPFIX L2 Profile ID in: path name: ipfix-l2-profile-id required: true type: string - in: body name: IPFIXL2Profile required: true schema: $ref: '#/definitions/IPFIXL2Profile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch IPFIX L2profile tags: - Policy, Operations, IPFIX, Switch, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXSwitch put: consumes: - application/json description: | Create or replace IPFIX L2 Profile. Profile is reusable entity. Single profile can attached multiple bindings e.g group, segment and port. operationId: CreateOrReplaceIPFIXL2Profile parameters: - description: |- IPFIX L2 Profile ID in: path name: ipfix-l2-profile-id required: true type: string - in: body name: IPFIXL2Profile required: true schema: $ref: '#/definitions/IPFIXL2Profile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/IPFIXL2Profile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace IPFIX L2 profile tags: - Policy, Operations, IPFIX, Switch, IPFIX, Profiles x-vmw-nsx-module: PolicyIPFIXSwitch /global-infra/ipv6-dad-profiles: get: consumes: - application/json description: | Paginated list of all IPv6 DAD profile instances operationId: ListIpv6DadProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6DadProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all IPv6 DAD profiles tags: - Policy, Networking, Networking, Profiles, Ipv6, DAD, Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/ipv6-dad-profiles/{dad-profile-id}: delete: consumes: - application/json description: |- Delete IPv6 DAD profile operationId: DeleteIpv6DadProfile parameters: - in: path name: dad-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPv6 DAD profile tags: - Policy, Networking, Networking, Profiles, Ipv6, DAD, Profiles x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read IPv6 DAD profile operationId: ReadIpv6DadProfile parameters: - in: path name: dad-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6DadProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read IPv6 DAD profile tags: - Policy, Networking, Networking, Profiles, Ipv6, DAD, Profiles x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If profile with the dad-profile-id is not already present, create a new IPv6 DAD profile instance. If it already exists, update the IPv6 DAD profile instance with specified attributes. operationId: PatchIpv6DadProfile parameters: - in: path name: dad-profile-id required: true type: string - in: body name: Ipv6DadProfile required: true schema: $ref: '#/definitions/Ipv6DadProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update IPv6 DAD profile tags: - Policy, Networking, Networking, Profiles, Ipv6, DAD, Profiles x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If profile with the dad-profile-id is not already present, create a new IPv6 DAD profile instance. If it already exists, replace the IPv6 DAD profile instance with this object. operationId: CreateOrReplaceIpv6DadProfile parameters: - in: path name: dad-profile-id required: true type: string - in: body name: Ipv6DadProfile required: true schema: $ref: '#/definitions/Ipv6DadProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6DadProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update IPv6 DAD profile tags: - Policy, Networking, Networking, Profiles, Ipv6, DAD, Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/ipv6-ndra-profiles: get: consumes: - application/json description: | Paginated list of all IPv6 NDRA profile instances operationId: ListIpv6NdraProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6NdraProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all IPv6 NDRA profiles tags: - Policy, Networking, Networking, Profiles, Ipv6, NDRA, Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/ipv6-ndra-profiles/{ndra-profile-id}: delete: consumes: - application/json description: |- Delete IPv6 NDRA profile operationId: DeleteIpv6NdraProfile parameters: - in: path name: ndra-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete IPv6 NDRA profile tags: - Policy, Networking, Networking, Profiles, Ipv6, NDRA, Profiles x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read IPv6 NDRA profile operationId: ReadIpv6NdraProfile parameters: - in: path name: ndra-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6NdraProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read IPv6 NDRA profile tags: - Policy, Networking, Networking, Profiles, Ipv6, NDRA, Profiles x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If profile with the ndra-profile-id is not already present, create a new IPv6 NDRA profile instance. If it already exists, update the IPv6 NDRA profile instance with specified attributes. operationId: PatchIpv6NdraProfile parameters: - in: path name: ndra-profile-id required: true type: string - in: body name: Ipv6NdraProfile required: true schema: $ref: '#/definitions/Ipv6NdraProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update IPv6 NDRA profile tags: - Policy, Networking, Networking, Profiles, Ipv6, NDRA, Profiles x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If profile with the ndra-profile-id is not already present, create a new IPv6 NDRA profile instance. If it already exists, replace the IPv6 NDRA profile instance with this object. operationId: CreateOrReplaceIpv6NdraProfile parameters: - in: path name: ndra-profile-id required: true type: string - in: body name: Ipv6NdraProfile required: true schema: $ref: '#/definitions/Ipv6NdraProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Ipv6NdraProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update IPv6 NDRA profile tags: - Policy, Networking, Networking, Profiles, Ipv6, NDRA, Profiles x-vmw-nsx-module: PolicyConnectivity /global-infra/labels: get: consumes: - application/json description: | Paginated list of all labels for infra. operationId: ListPolicyLabelForInfra parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyLabelListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List labels for infra tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel /global-infra/labels/{label-id}: delete: consumes: - application/json description: |- Delete PolicyLabel object operationId: DeletePolicyLabelForInfra parameters: - in: path name: label-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete PolicyLabel object tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel get: consumes: - application/json description: | Read a label. operationId: ReadPolicyLabelForInfra parameters: - in: path name: label-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyLabel' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read lable tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel patch: consumes: - application/json description: | Create label if not exists, otherwise take the partial updates. Note, once the label is created type attribute can not be changed. operationId: UpdatePolicyLabelForInfra parameters: - in: path name: label-id required: true type: string - in: body name: PolicyLabel required: true schema: $ref: '#/definitions/PolicyLabel' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch an existing label object tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel put: consumes: - application/json description: | Create label if not exists, otherwise replaces the existing label. If label already exists then type attribute cannot be changed. operationId: CreateOrReplacePolicyLabelForInfra parameters: - in: path name: label-id required: true type: string - in: body name: PolicyLabel required: true schema: $ref: '#/definitions/PolicyLabel' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyLabel' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or replace label tags: - Policy, Infra, Labels x-vmw-nsx-module: PolicyLabel /global-infra/mac-discovery-profiles: get: consumes: - application/json description: | API will list all Mac Discovery Profiles active in current discovery profile id. operationId: GetMacDiscoveryProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MacDiscoveryProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Mac Discovery Profiles tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, MAC, Discovery, Profiles x-vmw-nsx-module: PolicyMacDiscovery /global-infra/mac-discovery-profiles/{mac-discovery-profile-id}: delete: consumes: - application/json description: | API will delete Mac Discovery profile. operationId: DeleteMacDiscoveryProfile parameters: - description: |- Mac Discovery Profile ID in: path name: mac-discovery-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Mac Discovery Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, MAC, Discovery, Profiles x-vmw-nsx-module: PolicyMacDiscovery get: consumes: - application/json description: | API will get Mac Discovery profile. operationId: GetMacDiscoveryProfile parameters: - description: |- Mac Discovery Profile ID in: path name: mac-discovery-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MacDiscoveryProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Mac Discovery Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, MAC, Discovery, Profiles x-vmw-nsx-module: PolicyMacDiscovery patch: consumes: - application/json description: | API will create Mac Discovery profile. operationId: CreateMacDiscoveryProfile parameters: - description: |- Mac Discovery Profile ID in: path name: mac-discovery-profile-id required: true type: string - in: body name: MacDiscoveryProfile required: true schema: $ref: '#/definitions/MacDiscoveryProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Mac Discovery Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, MAC, Discovery, Profiles x-vmw-nsx-module: PolicyMacDiscovery put: consumes: - application/json description: | API will update Mac Discovery profile. operationId: UpdateMacDiscoveryProfile parameters: - description: |- Mac Discovery Profile ID in: path name: mac-discovery-profile-id required: true type: string - in: body name: MacDiscoveryProfile required: true schema: $ref: '#/definitions/MacDiscoveryProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/MacDiscoveryProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Mac Discovery Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, MAC, Discovery, Profiles x-vmw-nsx-module: PolicyMacDiscovery /global-infra/overridden-resources: get: consumes: - application/json description: |- List overridden resources operationId: ListOverriddenResources parameters: - description: Global resource path in: query name: intent_path required: false type: string - description: Site path in: query name: site_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/OverriddenResourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List overridden resources tags: - Federation, Infra, Federation, Configuration x-vmw-nsx-module: PolicyOverrides /global-infra/port-mirroring-profiles: get: consumes: - application/json description: | API will list all port mirroring profiles group. operationId: ListPortMirroringProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMirroringProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port Mirroring Profiles tags: - Policy, Operations, Port, Mirroring x-vmw-nsx-module: PolicyPortMirroring /global-infra/port-mirroring-profiles/{port-mirroring-profile-id}: delete: consumes: - application/json description: | API will delete port mirroring profile. Mirroring from source to destination ports will be stopped. operationId: DeletePortMirroringProfile parameters: - description: |- Port Mirroring Profile Id in: path name: port-mirroring-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Port Mirroring Profile tags: - Policy, Operations, Port, Mirroring x-vmw-nsx-module: PolicyPortMirroring get: consumes: - application/json description: | API will return details of port mirroring profile. operationId: ReadPortMirroringProfile parameters: - description: |- Port Mirroring Profile Id in: path name: port-mirroring-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMirroringProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Details of Port Mirroring Profile tags: - Policy, Operations, Port, Mirroring x-vmw-nsx-module: PolicyPortMirroring patch: consumes: - application/json description: | Create a new Port Mirroring Profile if the Port Mirroring Profile with given id does not already exist. If the Port Mirroring Profile with the given id already exists, patch with the existing Port Mirroring Profile. Realized entities of this API can be found using the path of monitoring profile binding map that is used to apply this profile. operationId: PatchPortMirroringProfile parameters: - description: |- Port Mirroring Profile Id in: path name: port-mirroring-profile-id required: true type: string - in: body name: PortMirroringProfile required: true schema: $ref: '#/definitions/PortMirroringProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch Port Mirroring Profile. tags: - Policy, Operations, Port, Mirroring x-vmw-nsx-module: PolicyPortMirroring put: consumes: - application/json description: | Create or Replace port mirroring profile. Packets will be mirrored from source group, segment, port to destination group. Realized entities of this API can be found using the path of monitoring profile binding map that is used to apply this profile. operationId: CreateOrReplacePortMirroringProfile parameters: - description: |- Port Mirroring Profiles Id in: path name: port-mirroring-profile-id required: true type: string - in: body name: PortMirroringProfile required: true schema: $ref: '#/definitions/PortMirroringProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMirroringProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace Port Mirroring Profile. tags: - Policy, Operations, Port, Mirroring x-vmw-nsx-module: PolicyPortMirroring /global-infra/qos-profiles: get: consumes: - application/json description: | API will list all QoS profiles. operationId: ListQoSProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/QoSProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List QoS Profiles tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profiles x-vmw-nsx-module: PolicyQoS /global-infra/qos-profiles/{qos-profile-id}: delete: consumes: - application/json description: | API will delete QoS profile. operationId: DeleteQoSProfile parameters: - description: |- QoS profile Id in: path name: qos-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete QoS profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profiles x-vmw-nsx-module: PolicyQoS get: consumes: - application/json description: | API will return details of QoS profile. operationId: ReadQoSProfile parameters: - description: |- QoS profile Id in: path name: qos-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/QoSProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Details of QoS profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profiles x-vmw-nsx-module: PolicyQoS patch: consumes: - application/json description: | Create a new QoS profile if the QoS profile with given id does not already exist. If the QoS profile with the given id already exists, patch with the existing QoS profile. operationId: PatchQoSProfile parameters: - description: |- QoS profile Id in: path name: qos-profile-id required: true type: string - in: body name: QoSProfile required: true schema: $ref: '#/definitions/QoSProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch QoS profile. tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profiles x-vmw-nsx-module: PolicyQoS put: consumes: - application/json description: | Create or Replace QoS profile. operationId: CreateOrReplaceQoSProfile parameters: - description: |- QoS profile Id in: path name: qos-profile-id required: true type: string - in: body name: QoSProfile required: true schema: $ref: '#/definitions/QoSProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/QoSProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or Replace QoS profile. tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profiles x-vmw-nsx-module: PolicyQoS /global-infra/realized-state/alarms: get: consumes: - application/json description: | Paginated list of all alarms. operationId: ListAlarms parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyAlarmResourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List All alarms in the system tags: - Policy, Infra, Realized, State x-vmw-nsx-module: PolicyRealizedState /global-infra/realized-state/realized-entities: get: consumes: - application/json description: | Get list of realized entities associated with intent object, specified by path in query parameter operationId: ListRealizedEntities parameters: - description: String Path of the intent object in: query name: intent_path required: true type: string - description: Policy Path of the site in: query name: site_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GenericPolicyRealizedResourceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get list of realized objects associated with intent object tags: - Policy, Infra, Realized, State x-vmw-nsx-module: PolicyRealizedState /global-infra/realized-state/realized-entity?action=refresh: post: consumes: - application/json description: | Refresh the status and statistics of all realized entities associated with given intent path synchronously. The vmw-async: True HTTP header cannot be used with this API. operationId: RefreshRealizedStateRefresh parameters: - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - description: String Path of the intent object in: query name: intent_path required: true type: string responses: '204': description: No Content '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Refresh all realized entities associated with the intent-path tags: - Policy, Infra, Realized, State x-vmw-nsx-module: PolicyRealizedState /global-infra/realized-state/status: get: consumes: - application/json description: | Get Consolidated Status of an intent object (with or without enforcement specific status details). The request is evaluated as follows: - : the request is evaluated on all enforcement points for the given intent without enforcement point specific details. - : the request is evaluated on all enforcement points for the given intent with enforcement point specific details. operationId: ReadIntentStatus parameters: - default: false description: Include Enforced Status Flag in: query name: include_enforced_status type: boolean - description: Policy Path of the intent object in: query name: intent_path required: true type: string - description: Policy Path of the site from where the realization status needs to be fetched in: query name: site_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ConsolidatedRealizedStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get consolidated status of an intent object tags: - Policy, Infra, Realized, State x-vmw-nsx-module: PolicyRealizedState /global-infra/segment-security-profiles: get: consumes: - application/json description: | API will list all segment security profiles. operationId: ListSegmentSecurityProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List segment security profiles tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profiles x-vmw-nsx-module: PolicySegmentSecurity /global-infra/segment-security-profiles/{segment-security-profile-id}: delete: consumes: - application/json description: | API will delete segment security profile with the given id. operationId: DeleteSegmentSecurityProfile parameters: - description: |- Segment security profile id in: path name: segment-security-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- DELETE segment security profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profiles x-vmw-nsx-module: PolicySegmentSecurity get: consumes: - application/json description: | API will return details of the segment security profile with given id. If the profile does not exist, it will return 404. operationId: GetSegmentSecurityProfile parameters: - description: |- Segment security profile id in: path name: segment-security-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- GET Segment security profile id tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profiles x-vmw-nsx-module: PolicySegmentSecurity patch: consumes: - application/json description: | Create a new segment security profile if the segment security profile with given id does not exist. Otherwise, PATCH the existing segment security profile operationId: PatchSegmentSecurityProfile parameters: - description: |- Segment security profile id in: path name: segment-security-profile-id required: true type: string - in: body name: SegmentSecurityProfile required: true schema: $ref: '#/definitions/SegmentSecurityProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- PATCH segment security profile id tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profiles x-vmw-nsx-module: PolicySegmentSecurity put: consumes: - application/json description: | Create or replace a segment security profile operationId: CreateOrUpdateSegmentSecurityProfile parameters: - description: |- Segment security profile id in: path name: segment-security-profile-id required: true type: string - in: body name: SegmentSecurityProfile required: true schema: $ref: '#/definitions/SegmentSecurityProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- PUT segment security profile id tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profiles x-vmw-nsx-module: PolicySegmentSecurity /global-infra/segments: get: consumes: - application/json description: | Paginated list of all segments under infra. operationId: ListAllInfraSegments parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all segments under infra tags: - Policy, Networking, Connectivity, Segment, Segments x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-discovery-profile-binding-maps: get: consumes: - application/json description: | API will list all Infra Port Discovery Profile Binding Maps in current port id. operationId: ListInfraPortDiscoveryBindings parameters: - in: path name: infra-segment-id required: true type: string - in: path name: infra-port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Infra Port Discovery Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding ? /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-discovery-profile-binding-maps/{port-discovery-profile-binding-map-id} : get: consumes: - application/json description: | API will get Infra Port Discovery Profile Binding Map operationId: GetInfraPortDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Infra Port ID in: path name: infra-port-id required: true type: string - description: |- Port Discovery Profile Binding Map ID in: path name: port-discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Port Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Infra Port Monitoring Profile Binding Maps in current port id. operationId: ListInfraPortMonitoringBindings parameters: - in: path name: infra-segment-id required: true type: string - in: path name: infra-port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Infra Port Monitoring Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/segments/{infra-segment-id}/ports/{infra-port-id}/port-monitoring-profile-binding-maps/{port-monitoring-profile-binding-map-id} : get: consumes: - application/json description: | API will get Infra Port Monitoring Profile Binding Map. operationId: GetInfraPortMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Infra Port ID in: path name: infra-port-id required: true type: string - description: |- Port Monitoring Profile Binding Map ID in: path name: port-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Port Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/segments/{infra-segment-id}/segment-discovery-profile-binding-maps: get: consumes: - application/json description: | API will list all Infra Segment Discovery Profile Binding Maps in current segment id. operationId: ListInfraSegmentDiscoveryBindings parameters: - in: path name: infra-segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Infra Segment Discovery Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding ? /global-infra/segments/{infra-segment-id}/segment-discovery-profile-binding-maps/{segment-discovery-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Segment Discovery Profile Binding Profile operationId: DeleteInfraSegmentDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment Discovery Profile Binding Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding get: consumes: - application/json description: | API will get Infra Segment Discovery Profile Binding Map operationId: GetInfraSegmentDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding patch: consumes: - application/json description: |- API will create Infra Segment Discovery Profile Binding Map operationId: PatchInfraSegmentDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string - in: body name: SegmentDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Infra Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding put: consumes: - application/json description: |- API will update Infra Segment Discovery Profile Binding Map operationId: UpdateInfraSegmentDiscoveryBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string - in: body name: SegmentDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Infra Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/segments/{infra-segment-id}/segment-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Infra Segment Monitoring Profile Binding Maps in current segment id. operationId: ListInfraSegmentMonitoringBindings parameters: - in: path name: infra-segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Infra Segment Monitoring Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/segments/{infra-segment-id}/segment-monitoring-profile-binding-maps/{segment-monitoring-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Infra Segment Monitoring Profile Binding Profile. operationId: DeleteInfraSegmentMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Infra Segment Monitoring Profile Binding Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding get: consumes: - application/json description: | API will get Infra Segment Monitoring Profile Binding Map. operationId: GetInfraSegmentMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Infra Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding patch: consumes: - application/json description: |- API will create infra segment monitoring profile binding map. operationId: PatchInfraSegmentMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string - in: body name: SegmentMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Infra Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding put: consumes: - application/json description: |- API will update Infra Segment Monitoring Profile Binding Map. operationId: UpdateInfraSegmentMonitoringBinding parameters: - description: |- Infra Segment ID in: path name: infra-segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string - in: body name: SegmentMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Infra Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/segments/{segment-id}: delete: consumes: - application/json description: |- Delete infra segment operationId: DeleteInfraSegment parameters: - description: |- Segment ID in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete infra segment tags: - Policy, Networking, Connectivity, Segment, Segments x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read infra segment operationId: ReadInfraSegment parameters: - description: |- Segment ID in: path name: segment-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read infra segment tags: - Policy, Networking, Connectivity, Segment, Segments x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, update the segment with specified attributes. operationId: PatchInfraSegment parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a segment tags: - Policy, Networking, Connectivity, Segment, Segments x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, replace the segment with this object. operationId: CreateOrReplaceInfraSegment parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a infra segment tags: - Policy, Networking, Connectivity, Segment, Segments x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/arp-table: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) for the interface (downlink) attaching segment to tier-0/tier-1 gateway, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetInfraSegmentInterfaceArpTable parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from segment interface (downlink) tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, ARP, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/arp-table?format=csv: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) in CSV format for the interface (downlink) attaching segment to tier-0/tier-1 gateway, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetInfraSegmentInterfaceArpTableCsv parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from segment interface (downlink) in CSV format tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, ARP, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/dhcp-static-binding-configs: get: consumes: - application/json description: | Paginated list of all DHCP static binding instances operationId: ListInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all DHCP static bindings tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/dhcp-static-binding-configs/{binding-id}: delete: consumes: - application/json description: |- Delete DHCP static binding operationId: DeleteInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DHCP static binding tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read DHCP static binding operationId: ReadInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP static binding tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If binding with the binding-id is not already present, create a new DHCP static binding instance. If it already exists, replace the existing DHCP static binding instance with specified attributes. operationId: PatchInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string - in: body name: DhcpStaticBindingConfig required: true schema: $ref: '#/definitions/DhcpStaticBindingConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP static binding tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If binding with the binding-id is not already present, create a new DHCP static binding instance. If it already exists, replace the existing DHCP static binding instance with this object. operationId: CreateOrReplaceInfraSegmentDhcpStaticBinding parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string - in: body name: DhcpStaticBindingConfig required: true schema: $ref: '#/definitions/DhcpStaticBindingConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP static binding tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/dhcp-static-bindings/{binding-id}/state: get: consumes: - application/json description: |- Read DHCP static binding state operationId: ReadInfraSegmentDhcpStaticBindingState parameters: - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP static binding state tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/inter-site-forwarder/site-span-info: get: consumes: - application/json description: | Get infra segment cross site forwarder placement and HA statuss. operationId: GetInfraSegmentCsSpanInfo parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentL2ForwarderSiteSpanInfo' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment cross site forwarder placement and HA status tags: - Policy, Networking, Connectivity, Segment, Intersite, Forwarder x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/inter-site-forwarder/status: get: consumes: - application/json description: | Get infra segment cross site traffic statistics. operationId: GetInfraSegmentCsTrafficStats parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentCrossSiteTrafficStats' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment cross site traffic statistics tags: - Policy, Networking, Connectivity, Segment, Intersite, Forwarder x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segment-id}/ports: get: consumes: - application/json description: | List all the ports for an infra. operationId: ListInfraSegmentPorts parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List infra segment ports tags: - Policy, Networking, Connectivity, Segment, Ports x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/ports/{port-id}: get: consumes: - application/json description: | Get detail information on an infra segment port by giving ID. operationId: GetInfraSegmentPort parameters: - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPort' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment port by ID tags: - Policy, Networking, Connectivity, Segment, Ports x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segment-id}/ports/{port-id}/port-qos-profile-binding-maps: get: consumes: - application/json description: | API will list all Port QoS Profile Binding Maps in current port id. operationId: ListInfraPortQoSBindings parameters: - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortQoSProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port QoS Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/segments/{segment-id}/ports/{port-id}/port-qos-profile-binding-maps/{port-qos-profile-binding-map-id}: get: consumes: - application/json description: | API will get Port QoS Profile Binding Map. operationId: GetInfraPortQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Port ID in: path name: port-id required: true type: string - description: |- Port QoS Profile Binding Map ID in: path name: port-qos-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Port QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/segments/{segment-id}/ports/{port-id}/port-security-profile-binding-maps: get: consumes: - application/json description: | API will list all port security profile binding maps. operationId: ListInfraSegmentPortSecurityProfileBindings parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- port id in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List infra segment port security profile binding maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding ? /global-infra/segments/{segment-id}/ports/{port-id}/port-security-profile-binding-maps/{port-security-profile-binding-map-id} : get: consumes: - application/json description: | API will return details of the port security profile binding map. If the security profile binding map does not exist, it will return 404. operationId: GetInfraSegmentPortSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- port id in: path name: port-id required: true type: string - description: |- port security profile binding map id in: path name: port-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment port security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/segments/{segment-id}/segment-qos-profile-binding-maps: get: consumes: - application/json description: | API will list all Segment QoS Profile Binding Maps in current segment id. operationId: ListInfraSegmentQoSBindings parameters: - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Segment QoS Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/segments/{segment-id}/segment-qos-profile-binding-maps/{segment-qos-profile-binding-map-id}: delete: consumes: - application/json description: |- API will delete Segment QoS Profile Binding Profile. operationId: DeleteInfraSegmentQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment QoS Profile Binding Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding get: consumes: - application/json description: | API will get Segment QoS Profile Binding Map. operationId: GetInfraSegmentQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding patch: consumes: - application/json description: |- API will create segment QoS profile binding map. operationId: PatchInfraSegmentQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string - in: body name: SegmentQoSProfileBindingMap required: true schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding put: consumes: - application/json description: |- API will update Segment QoS Profile Binding Map. operationId: UpdateInfraSegmentQoSBinding parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string - in: body name: SegmentQoSProfileBindingMap required: true schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/segments/{segment-id}/segment-security-profile-binding-maps: get: consumes: - application/json description: | API will list all segment security profile binding maps. operationId: ListInfraSegmentSecurityProfileBindings parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List infra segment security profile binding maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/segments/{segment-id}/segment-security-profile-binding-maps/{segment-security-profile-binding-map-id}: delete: consumes: - application/json description: | API will delete segment security profile binding map. operationId: DeleteInfraSegmentSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete infra segment security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding get: consumes: - application/json description: | API will return details of the segment security profile binding map. If the binding map does not exist, it will return 404. operationId: GetInfraSegmentSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding patch: consumes: - application/json description: | Create a new segment security profile binding map if the given security profile binding map does not exist. Otherwise, patch the existing segment security profile binding map. operationId: PatchInfraSegmentSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string - in: body name: SegmentSecurityProfileBindingMap required: true schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch infra segment security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding put: consumes: - application/json description: | API will create or replace segment security profile binding map. operationId: CreateOrUpdateInfraSegmentSecurityProfileBinding parameters: - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string - in: body name: SegmentSecurityProfileBindingMap required: true schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or replace infra segment security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/segments/{segment-id}?force=true: delete: consumes: - application/json description: |- Force delete bypasses validations during segment deletion. This may result in an inconsistent connectivity. operationId: ForceDeleteInfraSegmentTrue parameters: - in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Force delete infra segment tags: - Policy, Networking, Connectivity, Segment, Segments x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, update the segment with specified attributes. Force parameter is required when workload connectivity is indirectly impacted with the current update. operationId: PatchInfraSegmentWithForceTrue parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a segment tags: - Policy, Networking, Connectivity, Segments x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, replace the segment with this object. Force parameter is required when workload connectivity is indirectly impacted with the current replacement. operationId: CreateOrReplaceInfraSegmentWithForceTrue parameters: - description: |- Segment ID in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a infra segment tags: - Policy, Networking, Connectivity, Segments x-vmw-nsx-module: PolicyConnectivity /global-infra/segments/{segments-id}/ports/{port-id}/statistics: get: consumes: - application/json description: | Get infra segment port statistics information. operationId: GetInfraSegmentPortStatistics parameters: - in: path name: segments-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment port statistics information tags: - Policy, Networking, Connectivity, Segment, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segments-id}/state: get: consumes: - application/json description: | Get infra segment state information. operationId: GetInfraSegmentState parameters: - in: path name: segments-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentConfigurationState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment state information tags: - Policy, Networking, Connectivity, Segment, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/segments/{segments-id}/statistics: get: consumes: - application/json description: | Get infra segment statistics information. operationId: GetInfraSegmentStatistics parameters: - in: path name: segments-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get infra segment statistics information tags: - Policy, Networking, Connectivity, Segment, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/services: get: consumes: - application/json description: | Paginated list of Services for infra. operationId: ListServicesForTenant parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Fetch all default services in: query name: default_service type: boolean - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Services for infra tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy /global-infra/services/{service-id}: delete: consumes: - application/json description: |- Delete Service operationId: DeleteServiceForTenant parameters: - description: |- Service ID in: path name: service-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy get: consumes: - application/json description: |- Read a service operationId: ReadServiceForTenant parameters: - description: |- Service ID in: path name: service-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Service' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy patch: consumes: - application/json description: | Create a new service if a service with the given ID does not already exist. Creates new service entries if populated in the service. If a service with the given ID already exists, patch the service including the nested service entries. operationId: PatchServiceForTenant parameters: - description: |- Service ID in: path name: service-id required: true type: string - in: body name: Service required: true schema: $ref: '#/definitions/Service' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a Service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy put: consumes: - application/json description: | Create a new service if a service with the given ID does not already exist. Creates new service entries if populated in the service. If a service with the given ID already exists, update the service including the nested service entries. This is a full replace. operationId: UpdateServiceForTenant parameters: - description: |- Service ID in: path name: service-id required: true type: string - in: body name: Service required: true schema: $ref: '#/definitions/Service' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Service' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy /global-infra/services/{service-id}/service-entries: get: consumes: - application/json description: | Paginated list of Service entries for the given service operationId: ListServiceEntries parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceEntryListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Service entries for the given service tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy /global-infra/services/{service-id}/service-entries/{service-entry-id}: delete: consumes: - application/json description: |- Delete Service entry operationId: DeleteServiceEntry parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: |- Service entry ID in: path name: service-entry-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Service entry tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy get: consumes: - application/json description: |- Service entry operationId: ReadServiceEntry parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: |- Service entry ID in: path name: service-entry-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceEntry' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Service entry tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy patch: consumes: - application/json description: | If a service entry with the service-entry-id is not already present, create a new service entry. If it already exists, patch the service entry. operationId: PatchServiceEntry parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: |- Service entry ID in: path name: service-entry-id required: true type: string - in: body name: ServiceEntry required: true schema: $ref: '#/definitions/ServiceEntry' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a ServiceEntry tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy put: consumes: - application/json description: | If a service entry with the service-entry-id is not already present, create a new service entry. If it already exists, update the service entry. operationId: UpdateServiceEntry parameters: - description: |- Service ID in: path name: service-id required: true type: string - description: |- Service entry ID in: path name: service-entry-id required: true type: string - in: body name: ServiceEntry required: true schema: $ref: '#/definitions/ServiceEntry' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceEntry' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a ServiceEntry tags: - Policy, Inventory, Services x-vmw-nsx-module: Policy /global-infra/session-timer-profiles/{session-timer-profile-id}/bindings: get: consumes: - application/json description: |- API will list all Session Timer Profiles bindings. operationId: ListSessionTimerProfileBindings parameters: - in: path name: session-timer-profile-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Session Timer Profiles tags: - Policy, Security, Security, Profiles, Session, Timer, Profiles x-vmw-nsx-module: PolicyProfile /global-infra/settings/firewall/cpu-mem-thresholds-profile-binding-maps: get: consumes: - application/json description: | API will list all Firewall CPU Memory Thresholds Profile Binding Maps. operationId: ListPolicyFirewallCPUMemThresholdsProfileBindingMaps parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallCPUMemThresholdsProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Firewall CPU Memory Thresholds Profile Binding Maps tags: - Policy, Security, Security, Profiles, Cpu, Memory, Thresholds, Profiles x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding /global-infra/settings/firewall/cpu-mem-thresholds-profile-binding-maps/{cpu-mem-thresholds-profile-binding-map-id}: delete: consumes: - application/json description: |- API will delete Firewall CPU Memory Thresholds Profile Binding. operationId: DeletePolicyFirewallCPUMemThresholdsProfileBindingMap parameters: - description: |- Firewall CPU Memory Thresholds Profile Binding Map ID in: path name: cpu-mem-thresholds-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Firewall CPU Memory Thresholds Profile Binding tags: - Policy, Security, Security, Profiles, Cpu, Memory, Thresholds, Profiles x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding /global-infra/settings/firewall/cpu-mem-thresholds-profiles: get: consumes: - application/json description: |- List all CPU and memory thresholds profiles. operationId: ListCPUMemThresholdsProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all CPU and memory thresholds profiles tags: - Policy, Security, Security, Profiles, Cpu, Memory, Thresholds, Profiles x-vmw-nsx-module: PolicyProfile /global-infra/settings/firewall/cpu-mem-thresholds-profiles/{profile-id}: delete: consumes: - application/json description: |- Delete CPU and memory thresholds profile. operationId: DeleteCPUMemThresholdsProfile parameters: - in: path name: profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete CPU and memory thresholds profile tags: - Policy, Security, Security, Profiles, Cpu, Memory, Thresholds, Profiles x-vmw-nsx-module: PolicyProfile get: consumes: - application/json description: |- Read the CPU and memory thresholds profile. operationId: ReadCPUMemThresholdsProfile parameters: - in: path name: profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the CPU and memory thresholds profile tags: - Policy, Security, Security, Profiles, Cpu, Memory, Thresholds, Profiles x-vmw-nsx-module: PolicyProfile patch: consumes: - application/json description: |- Create or update CPU and memory thresholds profile. operationId: PatchCPUMemThresholdsProfile parameters: - in: path name: profile-id required: true type: string - in: body name: PolicyFirewallCpuMemThresholdsProfile required: true schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update CPU and memory thresholds profile tags: - Policy, Security, Security, Profiles, Cpu, Memory, Thresholds, Profiles x-vmw-nsx-module: PolicyProfile put: consumes: - application/json description: |- Create or update CPU and memory thresholds profile. operationId: UpdateCPUMemThresholdsProfile parameters: - in: path name: profile-id required: true type: string - in: body name: PolicyFirewallCpuMemThresholdsProfile required: true schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update CPU and memory thresholds profile tags: - Policy, Security, Security, Profiles, Cpu, Memory, Thresholds, Profiles x-vmw-nsx-module: PolicyProfile /global-infra/settings/firewall/stats?action=reset: post: consumes: - application/json description: | Sets firewall rule statistics counter to zero. This operation is supported for given category, for example: DFW i.e. for all layer3 firewall (transport nodes only) rules or EDGE i.e. for all layer3 edge firewall (edge nodes only) rules. - no enforcement point path specified: On global manager, it is mandatory to give an enforcement point path. On local manager, reset of stats will be executed for each enforcement point. - {enforcement_point_path}: Reset of stats will be executed only for the given enforcement point. operationId: ResetRuleStatsReset parameters: - description: Aggregation statistic category enum: - DFW - EDGE in: query name: category required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Reset firewall rule statistics tags: - Policy, Security, East, West, Security, Distributed, Firewall, Statistics x-vmw-nsx-module: DfwSecurityPolicy /global-infra/sites: get: consumes: - application/json description: | List Sites under Infra. operationId: ListSites parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SiteListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Sites tags: - Policy, Infra, Sites x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/listener_certificate: get: consumes: - application/json description: | Connects to the given IP and port, and, if an SSL listener is present, returns the certificate of the listener. Intent of this API is "Do you trust this certificate?". operationId: GetInfraSiteListenerCertificate parameters: - description: Host name or IP address of TLS listener format: host-or-ip in: query name: address required: true type: string - description: TCP port number of the TLS listener format: int32 in: query maximum: 65535 minimum: 0 name: port required: true type: integer produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TlsListenerCertificate' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns the certificate of the listener tags: - Policy, Infra, Sites x-vmw-nsx-module: PolicySiteGM /global-infra/sites/{site-id}: delete: consumes: - application/json description: | Delete a site under Infra. operationId: DeleteInfraSite parameters: - in: path name: site-id required: true type: string - in: query name: force required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a site tags: - Policy, Infra, Sites x-vmw-nsx-module: PolicySiteGM get: consumes: - application/json description: | Read a site under Infra. operationId: ReadSite parameters: - in: path name: site-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Site' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a site tags: - Policy, Infra, Sites x-vmw-nsx-module: PolicyEnforcementPointManagement patch: consumes: - application/json description: | Create or patch Site under Infra. operationId: PatchInfraSite parameters: - in: path name: site-id required: true type: string - in: body name: Site required: true schema: $ref: '#/definitions/Site' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or patch Site tags: - Policy, Infra, Sites x-vmw-nsx-module: PolicySiteGM put: consumes: - application/json description: | Create or fully replace a Site under Infra. Revision is optional for creation and required for update. operationId: CreateOrUpdateInfraSite parameters: - in: path name: site-id required: true type: string - in: body name: Site required: true schema: $ref: '#/definitions/Site' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Site' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or fully replace a Site under infra tags: - Policy, Infra, Sites x-vmw-nsx-module: PolicySiteGM /global-infra/sites/{site-id}/enforcement-points: get: consumes: - application/json description: | Paginated list of all enforcementpoints under Site. operationId: ListEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EnforcementPointListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List enforcementpoints under Site tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcement-point-id}?action=full-sync: post: consumes: - application/json description: |- Full sync EnforcementPoint from Site operationId: FullSyncEnforcementPointForSiteFull-sync parameters: - in: path name: site-id required: true type: string - in: path name: enforcement-point-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Full sync EnforcementPoint from Site tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}: delete: consumes: - application/json description: |- Delete EnforcementPoint from Site operationId: DeleteEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete EnforcementPoint from Site tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement get: consumes: - application/json description: | Read an Enforcement Point under Infra/Site operationId: ReadEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EnforcementPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read an Enforcement Point under Infra/Site tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement patch: consumes: - application/json description: | If the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, patch it. operationId: PatchEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: body name: EnforcementPoint required: true schema: $ref: '#/definitions/EnforcementPoint' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a new Enforcement Point under Site tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement put: consumes: - application/json description: | If the passed Enforcement Point does not already exist, create a new Enforcement Point. If it already exists, replace it. operationId: CreateOrUpdateEnforcementPointForSite parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: body name: EnforcementPoint required: true schema: $ref: '#/definitions/EnforcementPoint' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EnforcementPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create/update a new Enforcement Point under Site tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters: get: consumes: - application/json description: | Paginated list of all Edge Clusters under an Enforcement Point operationId: ListEdgeClustersForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeClusterListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Edge Clusters under an Enforcement Point tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}: get: consumes: - application/json description: | Read a Edge Cluster under an Enforcement Point operationId: ReadEdgeClusterForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: path name: edge-cluster-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeCluster' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Edge Cluster under an Enforcement Point tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes: get: consumes: - application/json description: | Paginated list of all Edge Nodes under an Enforcement Point, Edge Cluster operationId: ListEdgeNodesUnderEdgeClusterForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: path name: edge-cluster-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeNodeListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Edge Nodes under an Enforcement Point, Edge Cluster tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement ? /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/edge-clusters/{edge-cluster-id}/edge-nodes/{edge-node-id} : get: consumes: - application/json description: | Read a Edge Node under an Enforcement Point, Edge Cluster operationId: ReadEdgeNodeUnderEdgeClusterForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: path name: edge-cluster-id required: true type: string - in: path name: edge-node-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeNode' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Edge Node under an Enforcement Point, Edge Cluster tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/transport-zones: get: consumes: - application/json description: | Paginated list of all Transport Zones under an Enforcement Point operationId: ListTransportZonesForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyTransportZoneListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Transport Zones under an Enforcement Point tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}/transport-zones/{transport-zone-id}: get: consumes: - application/json description: | Read a Transport Zone under an Enforcement Point operationId: ReadTransportZoneForEnforcementPoint parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string - in: path name: transport-zone-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyTransportZone' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Transport Zone under an Enforcement Point tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/sites/{site-id}/enforcement-points/{enforcementpoint-id}?action=reload: post: consumes: - application/json description: | Reload an Enforcement Point under Site. This will read and update fabric configs from enforcement point. operationId: ReloadEnforcementPointForSiteReload parameters: - in: path name: site-id required: true type: string - in: path name: enforcementpoint-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/EnforcementPoint' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Reload an Enforcement Point under Site tags: - Policy, Infra, Enforcement, Points x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/span: get: consumes: - application/json description: |- Get span for an entity with specified path. operationId: GetSpan parameters: - description: String Path of the intent object in: query name: intent_path required: true type: string - description: Policy Path of the site in: query name: site_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Span' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get span for an entity with specified path tags: - Federation, Infra, Sites x-vmw-nsx-module: PolicySitesSpan /global-infra/spoofguard-profiles: get: consumes: - application/json description: | API will list all SpoofGuard profiles. operationId: ListSpoofGuardProfiles parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SpoofGuardProfileListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List SpoofGuard profiles tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Spoofguard, Profiles x-vmw-nsx-module: PolicySpoofGuard /global-infra/spoofguard-profiles/{spoofguard-profile-id}: delete: consumes: - application/json description: | API will delete SpoofGuard profile with the given id. operationId: DeleteSpoofGuardProfile parameters: - description: |- SpoofGuard profile id in: path name: spoofguard-profile-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete SpoofGuard profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Spoofguard, Profiles x-vmw-nsx-module: PolicySpoofGuard get: consumes: - application/json description: | API will return details of the SpoofGuard profile with given id. If the profile does not exist, it will return 404. operationId: GetSpoofGuardProfile parameters: - description: |- SpoofGuard profile id in: path name: spoofguard-profile-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SpoofGuardProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get SpoofGuard profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Spoofguard, Profiles x-vmw-nsx-module: PolicySpoofGuard patch: consumes: - application/json description: | Create a new SpoofGuard profile if the SpoofGuard profile with the given id does not exist. Otherwise, patch with the existing SpoofGuard profile. operationId: PatchSpoofGuardProfile parameters: - description: |- SpoofGuard profile id in: path name: spoofguard-profile-id required: true type: string - in: body name: SpoofGuardProfile required: true schema: $ref: '#/definitions/SpoofGuardProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch SpoofGuard profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Spoofguard, Profiles x-vmw-nsx-module: PolicySpoofGuard put: consumes: - application/json description: | API will create or replace SpoofGuard profile. operationId: CreateOrUpdateSpoofGuardProfile parameters: - description: |- SpoofGuard profile id in: path name: spoofguard-profile-id required: true type: string - in: body name: SpoofGuardProfile required: true schema: $ref: '#/definitions/SpoofGuardProfile' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SpoofGuardProfile' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or replace SpoofGuard profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Spoofguard, Profiles x-vmw-nsx-module: PolicySpoofGuard /global-infra/tags: get: consumes: - application/json description: | Returns paginated list of all unique tags. Supports filtering by scope, tag and source from which tags are synched. Supports starts with, equals and contains operators on scope and tag values. To filter tags by starts with on scope or tag, use '*' as prefix before the value. To filter tags by ends with on scope or tag, use '*' as suffix after the value. To filter tags by contain on scope or tag, use '*' as prefix and suffix on the value. Below special characters in the filter value needs to be escaped with hex values. - Character '&' needs to be escaped as '%26' - Character '[' needs to be escaped as '%5B' - Character ']' needs to be escaped as '%5D' - Character '+' needs to be escaped as '%2B' - Character '#' needs to be escaped as '%23' operationId: ListAllTags parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Tag scope in: query name: scope required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Source from which tags are synced. enum: - Amazon - Azure - NSX - ANY in: query name: source required: false type: string - description: Tag value in: query name: tag required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TagInfoListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all unique tags. tags: - Policy, Infra, Tags x-vmw-nsx-module: PolicyTag /global-infra/tags/effective-resources: get: consumes: - application/json description: | Paginated list of all objects assigned with matching scope and tag values. Objects are represented in form of resource reference. operationId: ListTaggedObjects parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Filter text to restrict tagged objects list with matching filter text. in: query name: filter_text required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Tag scope in: query name: scope required: false type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Tag value in: query name: tag required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all objects assigned with matching scope and tag values tags: - Policy, Infra, Tags x-vmw-nsx-module: PolicyTag /global-infra/tags/tag-operations/{operation-id}: get: consumes: - application/json description: | Get details of tag bulk operation request with which tag is applied or removed on virtual machines. operationId: GetTagBulkOperation parameters: - in: path name: operation-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TagBulkOperation' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get details of tag bulk operation request tags: - Policy, Infra, Tags x-vmw-nsx-module: PolicyTag put: consumes: - application/json description: "Tag can be assigned or unassigned on multiple objects. Supported\ \ object type is \nrestricted to Virtual Machine for now and support for other\ \ objects will be added \nlater. Permissions for tag bulk operation would\ \ be similar to virtual machine\ntag permissions.\n" operationId: TagBulkUpdate parameters: - in: path name: operation-id required: true type: string - in: body name: TagBulkOperation required: true schema: $ref: '#/definitions/TagBulkOperation' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TagBulkOperation' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Assign or Unassign tag on multiple Virtual Machines. tags: - Policy, Infra, Tags x-vmw-nsx-module: PolicyTag /global-infra/tags/tag-operations/{operation-id}/status: get: consumes: - application/json description: | Get status of tag bulk operation with details of tag operation on each virtual machine. operationId: GetTagBulkOperationStatus parameters: - in: path name: operation-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/TagBulkOperationStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get status of tag bulk operation tags: - Policy, Infra, Tags x-vmw-nsx-module: PolicyTag /global-infra/tier-0s: get: consumes: - application/json description: | Paginated list of all Tier-0s operationId: ListTier0s parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0ListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0s tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Gateways x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}: delete: consumes: - application/json description: |- Delete Tier-0 operationId: DeleteTier0 parameters: - in: path name: tier-0-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Gateways x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-0 operationId: ReadTier0 parameters: - in: path name: tier-0-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Gateways x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a Tier-0 with the tier-0-id is not already present, create a new Tier-0. If it already exists, update the Tier-0 for specified attributes. operationId: PatchTier0 parameters: - in: path name: tier-0-id required: true type: string - in: body name: Tier0 required: true schema: $ref: '#/definitions/Tier0' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Gateways x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a Tier-0 with the tier-0-id is not already present, create a new Tier-0. If it already exists, replace the Tier-0 instance with the new object. operationId: CreateOrReplaceTier0 parameters: - in: path name: tier-0-id required: true type: string - in: body name: Tier0 required: true schema: $ref: '#/definitions/Tier0' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Gateways x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/community-lists: get: consumes: - application/json description: | Paginated list of all community lists under a tier-0 operationId: ListCommunityList parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CommunityListListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List BGP community lists tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Community, Lists x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/community-lists/{community-list-id}: delete: consumes: - application/json description: |- Delete a BGP community list operationId: DeleteCommunityList parameters: - in: path name: tier-0-id required: true type: string - in: path name: community-list-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a BGP community list tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Community, Lists x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read a BGP community list operationId: ReadCommunityList parameters: - in: path name: tier-0-id required: true type: string - in: path name: community-list-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CommunityList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a BGP community list tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Community, Lists x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a community list with the community-list-id is not already present, create a new community list. If it already exists, update the community list for specified attributes. operationId: PatchCommunityList parameters: - in: path name: tier-0-id required: true type: string - in: path name: community-list-id required: true type: string - in: body name: CommunityList required: true schema: $ref: '#/definitions/CommunityList' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP community list tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Community, Lists x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a community list with the community-list-id is not already present, create a new community list. If it already exists, replace the community list instance with the new object. operationId: CreateOrReplaceCommunityList parameters: - in: path name: tier-0-id required: true type: string - in: path name: community-list-id required: true type: string - in: body name: CommunityList required: true schema: $ref: '#/definitions/CommunityList' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/CommunityList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP community list tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Community, Lists x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/dns-forwarder: delete: consumes: - application/json description: |- Delete DNS configuration for tier-0 instance operationId: DeletePolicyDnsForwarderOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DNS configuration for tier-0 instance tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 0, Gateways x-vmw-nsx-module: PolicyDnsForwarder get: consumes: - application/json description: |- Read the DNS Forwarder for the given tier-0 instance operationId: ReadPolicyDnsForwarderOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarder' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the DNS Forwarder for the given tier-0 instance tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 0, Gateways x-vmw-nsx-module: PolicyDnsForwarder patch: consumes: - application/json description: |- Update the DNS Forwarder operationId: PatchPolicyDnsForwarderOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - in: body name: PolicyDnsForwarder required: true schema: $ref: '#/definitions/PolicyDnsForwarder' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the DNS Forwarder tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 0, Gateways x-vmw-nsx-module: PolicyDnsForwarder post: consumes: - application/json description: | Perform the specified action for Tier0 DNS forwarder on specified enforcement point. operationId: PerformEPActionForDnsForwarderAtTier0 parameters: - in: path name: tier-0-id required: true type: string - description: An action to be performed for DNS forwarder on EP enum: - clear_cache in: query name: action required: true type: string - default: /infra/sites/default/enforcement-points/default description: An enforcement point path, on which the action is to be performed in: query name: enforcement_point_path required: false type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Perform the specified DNS forwarder action tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 0, Gateways x-vmw-nsx-module: PolicyDnsForwarder put: consumes: - application/json description: |- Update the DNS Forwarder operationId: UpdatePolicyDnsForwarderOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - in: body name: PolicyDnsForwarder required: true schema: $ref: '#/definitions/PolicyDnsForwarder' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarder' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the DNS Forwarder tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 0, Gateways x-vmw-nsx-module: PolicyDnsForwarder /global-infra/tier-0s/{tier-0-id}/dns-forwarder/nslookup: get: consumes: - application/json description: | Query the nameserver for an ip-address or a FQDN of the given an address optionally using an specified DNS server. If the address is a fqdn, nslookup will resolve ip-address with it. If the address is an ip-address, do a reverse lookup and answer fqdn(s). If enforcement point is specified, then DNS forwarder nslookup answer will get fetched from specified enforcement point. Otherwise from all enforcement points. operationId: LookupAddressViaTier0DNSForwarder parameters: - in: path name: tier-0-id required: true type: string - description: IP address or FQDN for nslookup in: query name: address required: false type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregatePolicyDnsAnswer' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Resolve a given address via the dns forwarder at Tier0 tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 0, Gateways x-vmw-nsx-module: PolicyDnsForwarder /global-infra/tier-0s/{tier-0-id}/dns-forwarder/statistics: get: consumes: - application/json description: | Get statistics of tier-0 DNS forwarder. - no enforcement point path specified: Statistics will be evaluated on each enforcement point. - {enforcement_point_path}: Statistics are evaluated only on the given enforcement point. operationId: GetTier0DNSForwarderStatistics parameters: - description: |- Tier-0 id in: path name: tier-0-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregateDNSForwarderStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-0 DNS forwarder statistics tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 0, Gateways x-vmw-nsx-module: PolicyDNSStatistics /global-infra/tier-0s/{tier-0-id}/dns-forwarder/status: get: consumes: - application/json description: | Get current status of tier-0 DNS forwarder. - no enforcement point path specified: Status will be evaluated on each enforcement point. - {enforcement_point_path}: Status will be evaluated only on the given enforcement point. operationId: GetTier0DNSForwarderStatus parameters: - description: |- Tier-0 id in: path name: tier-0-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregateDNSForwarderStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get current status of tier-0 DNS forwarder tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 0, Gateways x-vmw-nsx-module: PolicyDNSStatistics /global-infra/tier-0s/{tier-0-id}/forwarding-table: get: consumes: - application/json description: | Get forwarding table from tier-0 operationId: GetTier0ForwardingTable parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoutingTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get forwarding table from tier-0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Forwarding, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/forwarding-table?format=csv: get: consumes: - application/json description: | Get forwarding table from tier-0 gateway in CSV format. operationId: GetTier0ForwardingTableCsv parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/GatewayRouteTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get forwarding table from tier-0 in CSV format tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Forwarding, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/gateway-firewall: get: consumes: - application/json description: | Get filtered view of gateway rules associated with the Tier-0. The gateay policies are returned in the order of category and precedence. operationId: ViewTier0GatewayFirewall parameters: - in: path name: tier-0-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Get list of gateway policies with rules that belong to the specific Tier-0 logical router. tags: - Policy, Security, North, South, Security, Gateway, Firewall, Tier, 0, Gateways x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/tier-0s/{tier-0-id}/locale-services: get: consumes: - application/json description: | Paginated list of all Tier-0 locale-services operationId: ListTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServicesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Locale, Services x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp: get: consumes: - application/json description: |- Read BGP routing config operationId: ReadBgpRoutingConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpRoutingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read BGP routing config tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If an BGP routing config not present, create BGP routing config. If it already exists, update the routing config. operationId: PatchBgpRoutingConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: body name: BgpRoutingConfig required: true schema: $ref: '#/definitions/BgpRoutingConfig' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update BGP routing config tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If BGP routing config is not already present, create BGP routing config. If it already exists, replace the BGP routing config with this object. operationId: CreateOrReplaceBgpRoutingConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: body name: BgpRoutingConfig required: true schema: $ref: '#/definitions/BgpRoutingConfig' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpRoutingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP routing config tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors: get: consumes: - application/json description: | Paginated list of all BGP neighbor configurations operationId: ListBgpNeighborConfigs parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List BGP neighbor configurations tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/status: get: consumes: - application/json description: | Returns the status of all the BGP neighbors for the given Tier0. To get BGP neighbor status for a particular enforcement point, parameter "enforcement_point_path=" needs to be specified. If an enforcement_point is unspecified, then bgp neighbor status for all enforcement points is fetched. To get BGP neighbors status for the logical router from particular edge node, parameter "edge_path=" needs to be specified. If an edge_path is unspecified, then bgp neighbor status for all edges is fetched. operationId: GetTier0BgpNeighborsStatus parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyBgpNeighborsStatusListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get BGP neighbor status for the Tier0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}: delete: consumes: - application/json description: |- Delete BGP neighbor config operationId: DeleteBgpNeighborConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete BGP neighbor config tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read BGP neighbor config operationId: ReadBgpNeighborConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read BGP neighbor config tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If BGP neighbor config with the neighbor-id is not already present, create a new neighbor config. If it already exists, replace the BGP neighbor config with this object. operationId: PatchBgpNeighborConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - in: body name: BgpNeighborConfig required: true schema: $ref: '#/definitions/BgpNeighborConfig' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP neighbor config tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If BGP neighbor config with the neighbor-id is not already present, create a new neighbor config. If it already exists, replace the BGP neighbor config with this object. operationId: CreateOrReplaceBgpNeighborConfig parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - in: body name: BgpNeighborConfig required: true schema: $ref: '#/definitions/BgpNeighborConfig' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a BGP neighbor config tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}/advertised-routes: get: consumes: - application/json description: | Returns routes advertised by BGP neighbor from all edge transport nodes on which this neighbor is currently enabled. The query parameter "source=cached" is not supported. operationId: GetTier0BgpNeighborAdvertisedRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: 1000 description: Number of routes to retrieve format: int32 in: query minimum: 1 name: count type: integer - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborRoutesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get BGP neighbor advertised routes tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics ? /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}/advertised-routes?format=csv : get: consumes: - application/json description: | Returns routes advertised by BGP neighbor from all edge transport nodes on which this neighbor is currently enabled in CSV format. Routes from all enforcement points are returned. operationId: GetTier0BgpNeighborAdvertisedRoutesInCsvFormatCsv parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: 1000 description: Number of routes to retrieve format: int32 in: query minimum: 1 name: count type: integer - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborRouteDetailsInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get BGP neighbor advertised routes in CSV format tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}/routes: get: consumes: - application/json description: | Returns routes learned by BGP neighbor from all edge nodes on which this neighbor is currently enabled. operationId: GetTier0BgpNeighborRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: 1000 description: Number of routes to retrieve format: int32 in: query minimum: 1 name: count type: integer - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborRoutesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get routes learned by BGP neighbor tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/bgp/neighbors/{neighbor-id}/routes?format=csv: get: consumes: - application/json description: | Returns routes learned by BGP neighbor from all edge nodes on which this neighbor is currently enabled. Routes from all enforcement points are returned. operationId: GetTier0BgpNeighborRoutesInCsvFormatCsv parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: neighbor-id required: true type: string - default: 1000 description: Number of routes to retrieve format: int32 in: query minimum: 1 name: count type: integer - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/BgpNeighborRouteDetailsInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get routes learned by BGP neighbor in CSV format tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, BGP x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces: get: consumes: - application/json description: | Paginated list of all Tier-0 Interfaces operationId: ListTier0Interfaces parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0InterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0 Interfaces tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}: delete: consumes: - application/json description: |- Delete Tier-0 interface operationId: DeleteTier0Interface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-0 interface operationId: ReadTier0Interface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0Interface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-0 interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, update the interface for specified attributes. operationId: PatchTier0Interface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: Tier0Interface required: true schema: $ref: '#/definitions/Tier0Interface' - default: false description: Locally override the global object in: query name: override required: false type: boolean responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, replace the interface with this object. operationId: CreateOrReplaceTier0Interface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: Tier0Interface required: true schema: $ref: '#/definitions/Tier0Interface' - default: false description: Locally override the global object in: query name: override required: false type: boolean produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0Interface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-table: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) for the tier-0 interface, on a edge node if a query parameter "edge_path=" is given. The edge_path parameter is mandatory if the interface type is not EXTERNAL. operationId: GetTier0InterfaceArpTable parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from tier-0 interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, ARP, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-table?format=csv: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) in CSV format for the tier-0 interface, on a edge node if a query parameter "edge_path=" is given. The edge_path parameter is mandatory if the interface type is not EXTERNAL. operationId: GetTier0InterfaceArpTableCsv parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from tier-0 interface in CSV format tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, ARP, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/dad-state: get: consumes: - application/json description: | Get tier-0 interface DAD state information. operationId: GetTier0InterfaceDADState parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceDADState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DAD status by interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, DAD, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/statistics: get: consumes: - application/json description: | Get tier-0 interface statistics information. operationId: GetTier0InterfaceStatistics parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-0 interface statistics information tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/statistics/summary: get: consumes: - application/json description: | Get tier-0 interface statistics summary information. operationId: GetTier0InterfaceStatisticsSummary parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatisticsSummary' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-0 interface statistics summary information tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/service-interfaces: get: consumes: - application/json description: | Paginated list of all Service Interfaces operationId: ListServiceInterfaces parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Service Interfaces tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/service-interfaces/{interface-id}: delete: consumes: - application/json description: |- Delete service interface operationId: DeleteServiceInterface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete service interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read service interface operationId: ReadServiceInterface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read service interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, update the interface for specified attributes. operationId: PatchServiceInterface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: ServiceInterface required: true schema: $ref: '#/definitions/ServiceInterface' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. Modification of service interface is not allowed. operationId: CreateServiceInterface parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: ServiceInterface required: true schema: $ref: '#/definitions/ServiceInterface' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ServiceInterface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a service interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/tier-0-deployment-maps: get: consumes: - application/json description: | Paginated list of all Tier-0 Deployment Entries. operationId: ListTier0DeploymentMaps parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0DeploymentMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0 Deployment maps tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-service-id}/tier-0-deployment-maps/{tier-0-deployment-map-id}: delete: consumes: - application/json description: |- Delete Tier-0 Deployment Map operationId: DeleteTier0DeploymentMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: tier-0-deployment-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 Deployment Map tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement get: consumes: - application/json description: | Read a Tier-0 Deployment Map operationId: ReadTier0DeploymentMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: tier-0-deployment-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0DeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a Tier-0 Deployment Map tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement patch: consumes: - application/json description: | If the passed Tier-0 Deployment Map does not already exist, create a new Tier-0 Deployment Map. If it already exists, patch it. operationId: PatchTier0DeploymentMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: tier-0-deployment-map-id required: true type: string - in: body name: Tier0DeploymentMap required: true schema: $ref: '#/definitions/Tier0DeploymentMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0DeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch a Tier-0 Deployment Map under Tier-0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement put: consumes: - application/json description: | If the passed Tier-0 Deployment Map does not already exist, create a new Tier-0 Deployment Map. If it already exists, replace it. operationId: CreateOrUpdateTier0DeploymentMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: tier-0-deployment-map-id required: true type: string - in: body name: Tier0DeploymentMap required: true schema: $ref: '#/definitions/Tier0DeploymentMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0DeploymentMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create a new Tier-0 Deployment Map under Tier-0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Deployment, Maps x-vmw-nsx-module: PolicyEnforcementPointManagement /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}: delete: consumes: - application/json description: |- Delete Tier-0 locale-services operationId: DeleteTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Locale, Services x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-0 locale-services operationId: ReadTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServices' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Locale, Services x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a Tier-0 locale-services with the locale-services-id is not already present, create a new locale-services. If it already exists, update Tier-0 locale-services with specified attributes. operationId: PatchTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: body name: LocaleServices required: true schema: $ref: '#/definitions/LocaleServices' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Locale, Services x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a Tier-0 locale-services with the locale-services-id is not already present, create a new locale-services. If it already exists, replace the Tier-0 locale-services instance with the new object. operationId: CreateOrReplaceTier0LocaleServices parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: body name: LocaleServices required: true schema: $ref: '#/definitions/LocaleServices' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServices' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 locale-services tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Tier, 0, Locale, Services x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/gateway-firewall: get: consumes: - application/json description: | Get filtered view of Gateway Firewall rules associated with the Tier-0 Locale Services. The gateway policies are returned in the order of category and sequence number. operationId: ViewTier0LocaleServicesGatewayFirewall parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Get list of gateway policies with rules that belong to the specific Tier-0 LocalServices. tags: - Policy, Security, North, South, Security, Gateway, Firewall, Tier, 1, Gateways x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/inter-site/bgp-summary: get: consumes: - application/json description: | Get RTEP span and mac address-table. operationId: GetPolicyInterSiteBgpSummary parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Transport node in: query name: edge_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeClusterInterSiteBgpSummary' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get RTEP span and mac address-table tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Inter, Site x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/locale-services/{locale-services-id}/inter-site/status: get: consumes: - application/json description: | Get RTEP mesh connectivity status. operationId: GetPolicyInterSiteStatus parameters: - in: path name: tier-0-id required: true type: string - in: path name: locale-services-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Transport node in: query name: edge_path required: false type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyEdgeClusterInterSiteStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get RTEP mesh connectivity status tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Inter, Site x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/nat/statistics: get: consumes: - application/json description: |- List NAT Rules Statistics from Tier-0 denoted by Tier-0 ID. operationId: ListPolicyNatRulesStatisticsFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleStatisticsPerLogicalRouterListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List NAT Rules Statistics tags: - Policy, Networking, Network, Services, NAT, Statistics x-vmw-nsx-module: PolicyNAT /global-infra/tier-0s/{tier-0-id}/nat/{nat-id}/nat-rules: get: consumes: - application/json description: |- List NAT Rules from Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: ListPolicyNatRulesFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List NAT Rules tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 0, Gateways x-vmw-nsx-module: PolicyNAT /global-infra/tier-0s/{tier-0-id}/nat/{nat-id}/nat-rules/{nat-rule-id}: delete: consumes: - application/json description: |- Delete NAT Rule from Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: DeletePolicyNatRuleFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete NAT Rule tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 0, Gateways x-vmw-nsx-module: PolicyNAT get: consumes: - application/json description: | Get NAT Rule from Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: GetPolicyNatRuleFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get NAT Rule tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 0, Gateways x-vmw-nsx-module: PolicyNAT patch: consumes: - application/json description: | If a NAT Rule is not already present on Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>, create a new NAT Rule. If it already exists, update the NAT Rule. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: PatchPolicyNatRuleOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - in: body name: PolicyNatRule required: true schema: $ref: '#/definitions/PolicyNatRule' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a NAT Rule on tier-0 tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 0, Gateways x-vmw-nsx-module: PolicyNAT put: consumes: - application/json description: |- Update NAT Rule on Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: CreateOrReplacePolicyNatRuleOnTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - in: body name: PolicyNatRule required: true schema: $ref: '#/definitions/PolicyNatRule' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update NAT Rule tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 0, Gateways x-vmw-nsx-module: PolicyNAT /global-infra/tier-0s/{tier-0-id}/nat/{nat-id}/nat-rules/{nat-rule-id}/statistics: get: consumes: - application/json description: | Get NAT Rule Statistics from Tier-0 denoted by Tier-0 ID, under NAT section denoted by <nat-id>. Under tier-0 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: GetPolicyNatRuleStatisticsFromTier0 parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get NAT Rule Statistics tags: - Policy, Networking, Network, Services, NAT, Statistics x-vmw-nsx-module: PolicyNAT /global-infra/tier-0s/{tier-0-id}/prefix-lists: get: consumes: - application/json description: | Paginated list of all prefix lists operationId: ListPrefixLists parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrefixListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List prefix lists tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Prefix, List x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/prefix-lists/{prefix-list-id}: delete: consumes: - application/json description: |- Delete a prefix list operationId: DeletePrefixList parameters: - in: path name: tier-0-id required: true type: string - in: path name: prefix-list-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a prefix list tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Prefix, List x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read a prefix list operationId: ReadPrefixList parameters: - in: path name: tier-0-id required: true type: string - in: path name: prefix-list-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrefixList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a prefix list tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Prefix, List x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If prefix list for prefix-list-id is not already present, create a prefix list. If it already exists, update prefix list for prefix-list-id. operationId: PatchPrefixList parameters: - in: path name: tier-0-id required: true type: string - in: path name: prefix-list-id required: true type: string - in: body name: PrefixList required: true schema: $ref: '#/definitions/PrefixList' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a prefix list tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Prefix, List x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If prefix list for prefix-list-id is not already present, create a prefix list. If it already exists, replace the prefix list for prefix-list-id. operationId: CreateOrReplacePrefixList parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- Prefix List ID in: path name: prefix-list-id required: true type: string - in: body name: PrefixList required: true schema: $ref: '#/definitions/PrefixList' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PrefixList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a prefix list tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Prefix, List x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/route-maps: get: consumes: - application/json description: | Paginated list of all route maps under a tier-0 operationId: ListAllRouteMaps parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0RouteMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List route maps tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Route, Maps x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/route-maps/{route-map-id}: delete: consumes: - application/json description: |- Delete a route map operationId: RemoveRouteMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete a route map tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Route, Maps x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read a route map operationId: GetRouteMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0RouteMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a route map tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Route, Maps x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a route map with the route-map-id is not already present, create a new route map. If it already exists, update the route map for specified attributes. operationId: PatchRouteMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-map-id required: true type: string - in: body name: Tier0RouteMap required: true schema: $ref: '#/definitions/Tier0RouteMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a route map tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Route, Maps x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a route map with the route-map-id is not already present, create a new route map. If it already exists, replace the route map instance with the new object. operationId: CreateOrReplaceRouteMap parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-map-id required: true type: string - in: body name: Tier0RouteMap required: true schema: $ref: '#/definitions/Tier0RouteMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0RouteMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a route map tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Route, Maps x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/routing-table: get: consumes: - application/json description: | Get routing table from tier-0 operationId: GetTier0Routes parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoutingTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get routing table from tier-0 tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Rounting, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/routing-table?format=csv: get: consumes: - application/json description: | Get routing table from tier-0 gateway in CSV format. operationId: GetTier0RoutesCsv parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/GatewayRouteTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get routing table from tier-0 in CSV format tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Rounting, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/state: get: consumes: - application/json description: | Returns operationId: GetTier0State parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Interface path for interface specific state such as IPv6 DAD state in: query name: interface_path type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier0GatewayState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier0 state tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-0s/{tier-0-id}/static-routes: get: consumes: - application/json description: | Paginated list of all Tier-0 Static Routes operationId: ListTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-0 Static Routes tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/static-routes/bfd-peers: get: consumes: - application/json description: | Paginated list of all StaticRouteBfdPeers. operationId: ListStaticRouteBfdPeer parameters: - in: path name: tier-0-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRouteBfdPeerListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List StaticRouteBfdPeers tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes, Bfd, Peers x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/static-routes/bfd-peers/{bfd-peer-id}: delete: consumes: - application/json description: |- Delete this StaticRouteBfdPeer and all the entities contained by it. operationId: DeleteStaticRouteBfdPeer parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- BFD peer ID in: path name: bfd-peer-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete this StaticRouteBfdPeer and all the entities contained by it. tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes, Bfd, Peers x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: | Read a StaticRouteBfdPeer with the bfd-peer-id. operationId: ReadStaticRouteBfdPeer parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- BFD peer ID in: path name: bfd-peer-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRouteBfdPeer' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read a StaticRouteBfdPeer tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes, Bfd, Peers x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a StaticRouteBfdPeer with the bfd-peer-id is not already present, create a new StaticRouteBfdPeer. If it already exists, update the StaticRouteBfdPeer. This is a full replace. operationId: PatchStaticRouteBfdPeer parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- BFD peer ID in: path name: bfd-peer-id required: true type: string - in: body name: StaticRouteBfdPeer required: true schema: $ref: '#/definitions/StaticRouteBfdPeer' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a StaticRouteBfdPeer tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes, Bfd, Peers x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a StaticRouteBfdPeer with the bfd-peer-id is not already present, create a new StaticRouteBfdPeer. If it already exists, update the StaticRouteBfdPeer. This operation will fully replace the object. operationId: UpdateStaticRouteBfdPeer parameters: - description: |- Tier-0 ID in: path name: tier-0-id required: true type: string - description: |- BFD peer ID in: path name: bfd-peer-id required: true type: string - in: body name: StaticRouteBfdPeer required: true schema: $ref: '#/definitions/StaticRouteBfdPeer' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRouteBfdPeer' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a StaticRouteBfdPeer tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes, Bfd, Peers x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier-0-id}/static-routes/{route-id}: delete: consumes: - application/json description: |- Delete Tier-0 static routes operationId: DeleteTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-0 static routes tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-0 static routes operationId: ReadTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutes' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-0 static routes tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If static routes for route-id are not already present, create static routes. If it already exists, update static routes for route-id. operationId: PatchTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-id required: true type: string - in: body name: StaticRoutes required: true schema: $ref: '#/definitions/StaticRoutes' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 static routes tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If static routes for route-id are not already present, create static routes. If it already exists, replace the static routes for route-id. operationId: CreateOrReplaceTier0StaticRoutes parameters: - in: path name: tier-0-id required: true type: string - in: path name: route-id required: true type: string - in: body name: StaticRoutes required: true schema: $ref: '#/definitions/StaticRoutes' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutes' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-0 static routes tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-0s/{tier0-id}/flood-protection-profile-bindings/{flood-protection-profile-binding-id}: delete: consumes: - application/json description: |- API will delete Flood Protection Profile Binding for Tier-0 Logical Router. operationId: DeleteTier0FloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile Binding for Tier-0 Logical Router tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Flood Protection Profile Binding Map for Tier-0 Logical Router. operationId: GetTier0FloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-0 Logical Router. operationId: PatchTier0FloodProtectionProfileBindingMap parameters: - in: path name: tier0-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-0 Logical Router. operationId: UpdateTier0FloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding ? /global-infra/tier-0s/{tier0-id}/locale-services/{locale-services-id}/flood-protection-profile-bindings/{flood-protection-profile-binding-id} : delete: consumes: - application/json description: |- API will delete Flood Protection Profile Binding for Tier-0 Logical Router LocaleServices. operationId: DeleteTier0LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile Binding for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Flood Protection Profile Binding Map for Tier-0 Logical Router LocaleServices. operationId: GetTier0LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-0 Logical Router LocaleServices. operationId: PatchTier0LocaleServicesFloodProtectionProfileBindingMap parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-0 Logical Router LocaleServices. operationId: UpdateTier0LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding ? /global-infra/tier-0s/{tier0-id}/locale-services/{locale-services-id}/session-timer-profile-bindings/{session-timer-profile-binding-id} : delete: consumes: - application/json description: |- API will delete Session Timer Profile Binding for Tier-0 Logical Router LocaleServices. operationId: DeleteTier0LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Session Timer Profile Binding for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Session Timer Profile Binding Map for Tier-0 Logical Router LocaleServices. operationId: GetTier0LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Session Timer Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-0 Logical Router LocaleServices. operationId: PatchTier0LocalServicesSessionTimerProfileBindingMap parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-0 Logical Router LocaleServices. operationId: UpdateTier0LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-0 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding /global-infra/tier-0s/{tier0-id}/session-timer-profile-bindings/{session-timer-profile-binding-id}: delete: consumes: - application/json description: |- API will delete Session Timer Profile Binding for Tier-0 Logical Router. operationId: DeleteTier0SessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Session Timer Profile Binding for Tier-0 Logical Router tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Session Timer Profile Binding Map for Tier-0 Logical Router. operationId: GetTier0SessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Session Timer Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-0 Logical Router. operationId: PatchTier0SessionTimerProfileBindingMap parameters: - in: path name: tier0-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-0 Logical Router. operationId: UpdateTier0SessionTimerProfileBinding parameters: - in: path name: tier0-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-0 Logical Router tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding /global-infra/tier-1s: get: consumes: - application/json description: | Paginated list of all Tier-1 instances operationId: ListTier1 parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1ListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 instances tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Gateways x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}: delete: consumes: - application/json description: |- Delete Tier-1 configuration operationId: DeleteTier1 parameters: - in: path name: tier-1-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-1 configuration tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Gateways x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-1 configuration operationId: ReadTier1 parameters: - in: path name: tier-1-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-1 configuration tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Gateways x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If Tier-1 with the tier-1-id is not already present, create a new Tier-1 instance. If it already exists, update the tier-1 instance with specified attributes. operationId: PatchTier1 parameters: - in: path name: tier-1-id required: true type: string - in: body name: Tier1 required: true schema: $ref: '#/definitions/Tier1' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Tier-1 configuration tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Gateways x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If Tier-1 with the tier-1-id is not already present, create a new Tier-1 instance. If it already exists, replace the Tier-1 instance with this object. operationId: CreateOrReplaceTier1 parameters: - in: path name: tier-1-id required: true type: string - in: body name: Tier1 required: true schema: $ref: '#/definitions/Tier1' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update tier-1 configuration tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Gateways x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/dns-forwarder: delete: consumes: - application/json description: |- Delete DNS configuration for tier-1 instance operationId: DeletePolicyDnsForwarderOnTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DNS configuration for tier-1 instance tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 1, Gateways x-vmw-nsx-module: PolicyDnsForwarder get: consumes: - application/json description: |- Read the DNS Forwarder for the given tier-1 instance operationId: ReadPolicyDnsForwarderOnTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarder' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read the DNS Forwarder for the given tier-1 instance tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 1, Gateways x-vmw-nsx-module: PolicyDnsForwarder patch: consumes: - application/json description: |- Create or update the DNS Forwarder operationId: PatchPolicyDnsForwarderOnTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - in: body name: PolicyDnsForwarder required: true schema: $ref: '#/definitions/PolicyDnsForwarder' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update the DNS Forwarder tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 1, Gateways x-vmw-nsx-module: PolicyDnsForwarder post: consumes: - application/json description: | Perform the specified action for Tier0 DNS forwarder on specified enforcement point. operationId: PerformEPActionForDnsForwarderAtTier1 parameters: - in: path name: tier-1-id required: true type: string - description: An action to be performed for DNS forwarder on EP enum: - clear_cache in: query name: action required: true type: string - default: /infra/sites/default/enforcement-points/default description: An enforcement point path, on which the action is to be performed in: query name: enforcement_point_path required: false type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Perform the specified DNS forwarder action tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 1, Gateways x-vmw-nsx-module: PolicyDnsForwarder put: consumes: - application/json description: |- Create or update the DNS Forwarder operationId: UpdatePolicyDnsForwarderOnTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - in: body name: PolicyDnsForwarder required: true schema: $ref: '#/definitions/PolicyDnsForwarder' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyDnsForwarder' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update the DNS Forwarder tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 1, Gateways x-vmw-nsx-module: PolicyDnsForwarder /global-infra/tier-1s/{tier-1-id}/dns-forwarder/nslookup: get: consumes: - application/json description: | Query the nameserver for an ip-address or a FQDN of the given an address optionally using an specified DNS server. If the address is a fqdn, nslookup will resolve ip-address with it. If the address is an ip-address, do a reverse lookup and answer fqdn(s). If enforcement point is specified, then DNS forwarder nslookup answer will get fetched from specified enforcement point. Otherwise from all enforcement points. operationId: LookupAddressViaTier1DNSForwarder parameters: - in: path name: tier-1-id required: true type: string - description: IP address or FQDN for nslookup in: query name: address required: false type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregatePolicyDnsAnswer' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Resolve a given address via the dns forwarder at Tier1 tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 1, Gateways x-vmw-nsx-module: PolicyDnsForwarder /global-infra/tier-1s/{tier-1-id}/dns-forwarder/statistics: get: consumes: - application/json description: | Get statistics of tier-1 DNS forwarder. - no enforcement point path specified: Statistics will be evaluated on each enforcement point. - {enforcement_point_path}: Statistics are evaluated only on the given enforcement point. operationId: GetTier1DNSForwarderStatistics parameters: - description: |- Tier-1 id in: path name: tier-1-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregateDNSForwarderStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 DNS forwarder statistics tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 1, Gateways x-vmw-nsx-module: PolicyDNSStatistics /global-infra/tier-1s/{tier-1-id}/dns-forwarder/status: get: consumes: - application/json description: | Get current status of tier-1 DNS forwarder. - no enforcement point path specified: Status will be evaluated on each enforcement point. - {enforcement_point_path}: Status will be evaluated only on the given enforcement point. operationId: GetTier1DNSForwarderStatus parameters: - description: |- Tier-1 id in: path name: tier-1-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AggregateDNSForwarderStatus' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get current status of tier-1 DNS forwarder tags: - Policy, Networking, IP, Management, DNS, DNS, Forwarder, Tier, 1, Gateways x-vmw-nsx-module: PolicyDNSStatistics /global-infra/tier-1s/{tier-1-id}/forwarding-table: get: consumes: - application/json description: | Get forwarding table from tier-1 operationId: GetTier1ForwardingTable parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/RoutingTableListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get forwarding table from tier-1 tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Routing, Forwarding, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/forwarding-table?format=csv: get: consumes: - application/json description: | Get forwarding table from tier-1 gateway in CSV format. operationId: GetTier1ForwardingTableCsv parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: UUID of edge node in: query name: edge_id type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: IPv4 or IPv6 CIDR Block format: ip-cidr-block in: query name: network_prefix type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Filter routes based on the source from which route is learned enum: - BGP - STATIC - CONNECTED in: query name: route_source type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/GatewayRouteTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get forwarding table from tier-1 in CSV format tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Routing, Forwarding, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/gateway-firewall: get: consumes: - application/json description: | Get filtered view of Gateway Firewall rules associated with the Tier-1. The gateway policies are returned in the order of category and sequence number. operationId: ViewTier1GatewayFirewall parameters: - in: path name: tier-1-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Get list of gateway policies with rules that belong to the specific Tier-1. tags: - Policy, Security, North, South, Security, Gateway, Firewall, Tier, 1, Gateways x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/tier-1s/{tier-1-id}/locale-services: get: consumes: - application/json description: | Paginated list of all Tier-1 locale-services operationId: ListTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServicesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Locale, Services x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-table: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) for the tier-1 interface, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetTier1InterfaceArpTable parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from tier-1 interface tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, ARP, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/arp-table?format=csv: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) in CSV format for the tier-1 interface, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetTier1InterfaceArpTableCsv parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from tier-1 interface in CSV format tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, ARP, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/dad-state: get: consumes: - application/json description: | Get tier-1 interface DAD state information. operationId: GetTier1InterfaceDADState parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceDADState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get DAD status by interface tags: - Policy, Networking, Connectivity, Tier, 0, Gateways, Interfaces, DAD, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/statistics: get: consumes: - application/json description: | Get tier-1 interface statistics information. operationId: GetTier1InterfaceStatistics parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 interface statistics information tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-service-id}/interfaces/{interface-id}/statistics/summary: get: consumes: - application/json description: | Get tier-1 interface statistics information. operationId: GetTier1InterfaceStatisticsSummary parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-service-id required: true type: string - in: path name: interface-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyInterfaceStatisticsSummary' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 interface statistics summary information tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}: delete: consumes: - application/json description: |- Delete Tier-1 locale-services operationId: DeleteTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Locale, Services x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-1 locale-services operationId: ReadTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServices' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Locale, Services x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If a Tier-1 locale services with the locale-services-id is not already present, create a new locale services. If it already exists, update Tier-1 locale services with specified attributes. operationId: PatchTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: body name: LocaleServices required: true schema: $ref: '#/definitions/LocaleServices' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Locale, Services x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If a Tier-1 locale services with the locale-services-id is not already present, create a new locale-services. If it already exists, replace the Tier-1 locale services instance with the new object. Modifying edge cluster re-allocates NSX service routers of TIER1 to a different edge cluster. You can also place edge nodes manually and provide maximum two indices for HA mode ACTIVE_STANDBY. To re-allocating edge cluster is a disruptive operation and all existing statistics of Tier1 gateway will be removed. operationId: CreateOrReplaceTier1LocaleServices parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: body name: LocaleServices required: true schema: $ref: '#/definitions/LocaleServices' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/LocaleServices' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 locale-services tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Tier, 1, Locale, Services x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/gateway-firewall: get: consumes: - application/json description: | Get filtered view of Gateway Firewall rules associated with the Tier-1 Locale Services. The gateway policies are returned in the order of category and sequence number. operationId: ViewTier1LocaleServicesGatewayFirewall parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/GatewayPolicyListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: | Get list of gateway policies with rules that belong to the specific Tier-1 LocalServices. tags: - Policy, Security, North, South, Security, Gateway, Firewall, Tier, 1, Gateways x-vmw-nsx-module: PolicyEdgeFirewall /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/interfaces: get: consumes: - application/json description: | Paginated list of all Tier-1 interfaces operationId: ListTier1Interfaces parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1InterfaceListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 interfaces tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/locale-services/{locale-services-id}/interfaces/{interface-id}: delete: consumes: - application/json description: |- Delete Tier-1 interface operationId: DeleteTier1Interface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: interface-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-1 interface tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-1 interface operationId: ReadTier1Interface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: interface-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1Interface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-1 interface tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, update the interface for specified attributes. operationId: PatchTier1Interface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: Tier1Interface required: true schema: $ref: '#/definitions/Tier1Interface' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 interface tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If an interface with the interface-id is not already present, create a new interface. If it already exists, replace the interface with this object. operationId: CreateOrReplaceTier1Interface parameters: - in: path name: tier-1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: interface-id required: true type: string - in: body name: Tier1Interface required: true schema: $ref: '#/definitions/Tier1Interface' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1Interface' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a tier-1 interface tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, Interfaces x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/nat/statistics: get: consumes: - application/json description: |- List NAT Rules Statistics from Tier-1 denoted by Tier-1 ID. operationId: ListPolicyNatRulesStatisticsFromTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleStatisticsPerLogicalRouterListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List NAT Rules Statistics tags: - Policy, Networking, Network, Services, NAT, Statistics x-vmw-nsx-module: PolicyNAT /global-infra/tier-1s/{tier-1-id}/nat/{nat-id}/nat-rules: get: consumes: - application/json description: |- List NAT Rules from Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: ListPolicyNatRules parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List NAT Rules tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 1, Gateways x-vmw-nsx-module: PolicyNAT /global-infra/tier-1s/{tier-1-id}/nat/{nat-id}/nat-rules/{nat-rule-id}: delete: consumes: - application/json description: |- Delete NAT Rule from Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: DeletePolicyNatRule parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete NAT Rule tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 1, Gateways x-vmw-nsx-module: PolicyNAT get: consumes: - application/json description: | Get NAT Rule from Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: GetPolicyNatRule parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get NAT Rule tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 1, Gateways x-vmw-nsx-module: PolicyNAT patch: consumes: - application/json description: | If a NAT Rule is not already present on Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>, create a new NAT Rule. If it already exists, update the NAT Rule. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: PatchPolicyNatRule parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - in: body name: PolicyNatRule required: true schema: $ref: '#/definitions/PolicyNatRule' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Nat Rule tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 1, Gateways x-vmw-nsx-module: PolicyNAT put: consumes: - application/json description: |- Update NAT Rule on Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: CreateOrReplacePolicyNatRule parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - in: body name: PolicyNatRule required: true schema: $ref: '#/definitions/PolicyNatRule' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRule' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update NAT Rule tags: - Policy, Networking, Network, Services, NAT, Rules, Tier, 1, Gateways x-vmw-nsx-module: PolicyNAT /global-infra/tier-1s/{tier-1-id}/nat/{nat-id}/nat-rules/{nat-rule-id}/statistics: get: consumes: - application/json description: | Get NAT Rule Statistics from Tier-1 denoted by Tier-1 ID, under NAT section denoted by <nat-id>. Under tier-1 there will be 3 different NATs(sections). (INTERNAL, USER and DEFAULT) For more details related to NAT section please refer to PolicyNAT schema. operationId: GetPolicyNatRuleStatisticsFromTier1 parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- NAT id in: path name: nat-id required: true type: string - description: |- Rule ID in: path name: nat-rule-id required: true type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyNatRuleStatisticsListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get NAT Rule Statistics tags: - Policy, Networking, Network, Services, NAT, Statistics x-vmw-nsx-module: PolicyNAT /global-infra/tier-1s/{tier-1-id}/segments: get: consumes: - application/json description: | Paginated list of all segments under Tier-1 instance operationId: ListSegments parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all segments under tier-1 instance tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}: delete: consumes: - application/json description: |- Delete segment operationId: DeleteSegment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete segment tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read segment operationId: ReadSegment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read segment tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, update the segment with specified attributes. operationId: PatchSegment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a segment tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If segment with the segment-id is not already present, create a new segment. If it already exists, replace the segment with this object. operationId: CreateOrReplaceSegment parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: body name: Segment required: true schema: $ref: '#/definitions/Segment' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Segment' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a segment tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/arp-table: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) for the interface (downlink) attaching segment to tier-1 gateway, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetSegmentInterfaceArpTable parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTable' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from segment interface (downlink) tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, ARP, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/arp-table?format=csv: get: consumes: - application/json description: | Returns ARP table (IPv4) or Neighbor Discovery table (IPv6) in CSV format for the interface (downlink) attaching segment to tier1 gateway, on a edge node specified in edge_path parameter. The edge_path parameter is mandatory. operationId: GetSegmentInterfaceArpTableCsv parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - text/csv responses: '200': description: OK schema: $ref: '#/definitions/InterfaceArpTableInCsvFormat' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get ARP table from segment interface (downlink) in CSV format tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Interfaces, ARP, Table x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/dhcp-static-binding-configs: get: consumes: - application/json description: | Paginated list of all DHCP static binding instances operationId: ListSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfigListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List all DHCP static bindings tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings, (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/dhcp-static-binding-configs/{binding-id}: delete: consumes: - application/json description: |- Delete DHCP static binding operationId: DeleteSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete DHCP static binding tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings, (Fixed) x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read DHCP static binding operationId: ReadSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP static binding tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings, (Fixed) x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If binding with the binding-id is not already present, create a new DHCP static binding instance. If it already exists, replace the existing DHCP static binding instance with specified attributes. operationId: PatchSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string - in: body name: DhcpStaticBindingConfig required: true schema: $ref: '#/definitions/DhcpStaticBindingConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP static binding tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings, (Fixed) x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If binding with the binding-id is not already present, create a new DHCP static binding instance. If it already exists, replace the existing DHCP static binding instance with this object. operationId: CreateOrReplaceSegmentDhcpStaticBinding parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string - in: body name: DhcpStaticBindingConfig required: true schema: $ref: '#/definitions/DhcpStaticBindingConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update DHCP static binding tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings, Segments, Bindings, (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/dhcp-static-bindings/{binding-id}/state: get: consumes: - application/json description: |- Read DHCP static binding state operationId: ReadSegmentDhcpStaticBindingState parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/DhcpStaticBindingState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read DHCP static binding state tags: - Policy, Networking, IP, Management, DHCP, DHCP, Static, Bindings x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports: get: consumes: - application/json description: | List all the ports for a Tier-1 segment. operationId: ListTier1SegmentPorts parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 segment ports tags: - Policy, Networking, Connectivity, Segment, Ports x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}: get: consumes: - application/json description: | Get detail information on a Tier-1 segment port by giving ID. operationId: GetTier1SegmentPort parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPort' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier-1 segment port by ID tags: - Policy, Networking, Connectivity, Segment, Ports x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-discovery-profile-binding-maps: get: consumes: - application/json description: | API will list all Port Discovery Profile Binding Maps in current port id. operationId: ListPortDiscoveryBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port Discovery Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-discovery-profile-binding-maps/{port-discovery-profile-binding-map-id} : get: consumes: - application/json description: | API will get Port Discovery Profile Binding Map operationId: GetPortDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Port ID in: path name: port-id required: true type: string - description: |- Port Discovery Profile Binding Map ID in: path name: port-discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Port Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Port Monitoring Profile Binding Maps in current port id. operationId: ListPortMonitoringBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port Monitoring Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-monitoring-profile-binding-maps/{port-monitoring-profile-binding-map-id} : get: consumes: - application/json description: | API will get Port Monitoring Profile Binding Map. operationId: GetPortMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Port ID in: path name: port-id required: true type: string - description: |- Port Monitoring Profile Binding Map ID in: path name: port-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Port Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-qos-profile-binding-maps: get: consumes: - application/json description: | API will list all Port QoS Profile Binding Maps in current port id. operationId: ListPortQoSBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortQoSProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Port QoS Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-qos-profile-binding-maps/{port-qos-profile-binding-map-id} : get: consumes: - application/json description: | API will get Port QoS Profile Binding Map. operationId: GetPortQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Port ID in: path name: port-id required: true type: string - description: |- Port QoS Profile Binding Map ID in: path name: port-qos-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Port QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-security-profile-binding-maps: get: consumes: - application/json description: | API will list all port security profile binding maps. operationId: ListPortSecurityProfileBindings parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- port id in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List port security profile binding maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/ports/{port-id}/port-security-profile-binding-maps/{port-security-profile-binding-map-id} : get: consumes: - application/json description: | API will return details of the port security profile binding map. If the security profile binding map does not exist, it will return 404. operationId: GetPortSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- port id in: path name: port-id required: true type: string - description: |- port security profile binding map id in: path name: port-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PortSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get port security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-discovery-profile-binding-maps: get: consumes: - application/json description: | API will list all Segment Discovery Profile Binding Maps in current segment id. operationId: ListSegmentDiscoveryBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Segment Discovery Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-discovery-profile-binding-maps/{segment-discovery-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Segment Discovery Profile Binding Profile operationId: DeleteSegmentDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment Discovery Profile Binding Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding get: consumes: - application/json description: | API will get Segment Discovery Profile Binding Map operationId: GetSegmentDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding patch: consumes: - application/json description: |- API will create Segment Discovery Profile Binding Map operationId: PatchSegmentDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string - in: body name: SegmentDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding put: consumes: - application/json description: |- API will update Segment Discovery Profile Binding Map operationId: UpdateSegmentDiscoveryBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Discovery Profile Binding Map ID in: path name: segment-discovery-profile-binding-map-id required: true type: string - in: body name: SegmentDiscoveryProfileBindingMap required: true schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Segment Discovery Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Discovery, Profile, Binding x-vmw-nsx-module: PolicyDiscoveryProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-monitoring-profile-binding-maps: get: consumes: - application/json description: | API will list all Segment Monitoring Profile Binding Maps in current segment id. operationId: ListSegmentMonitoringBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Segment Monitoring Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-monitoring-profile-binding-maps/{segment-monitoring-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Segment Monitoring Profile Binding Profile. operationId: DeleteSegmentMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment Monitoring Profile Binding Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding get: consumes: - application/json description: | API will get Segment Monitoring Profile Binding Map. operationId: GetSegmentMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding patch: consumes: - application/json description: |- API will create segment monitoring profile binding map. operationId: PatchSegmentMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string - in: body name: SegmentMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding put: consumes: - application/json description: |- API will update Segment Monitoring Profile Binding Map. operationId: UpdateSegmentMonitoringBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment Monitoring Profile Binding Map ID in: path name: segment-monitoring-profile-binding-map-id required: true type: string - in: body name: SegmentMonitoringProfileBindingMap required: true schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Segment Monitoring Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Monitoring, Profile, Binding x-vmw-nsx-module: PolicyMonitoringProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-qos-profile-binding-maps: get: consumes: - application/json description: | API will list all Segment QoS Profile Binding Maps in current segment id. operationId: ListSegmentQoSBindings parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Segment QoS Profile Binding Maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-qos-profile-binding-maps/{segment-qos-profile-binding-map-id} : delete: consumes: - application/json description: |- API will delete Segment QoS Profile Binding Profile. operationId: DeleteSegmentQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Segment QoS Profile Binding Profile tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding get: consumes: - application/json description: | API will get Segment QoS Profile Binding Map. operationId: GetSegmentQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding patch: consumes: - application/json description: |- API will create segment QoS profile binding map. operationId: PatchSegmentQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string - in: body name: SegmentQoSProfileBindingMap required: true schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding put: consumes: - application/json description: |- API will update Segment QoS Profile Binding Map. operationId: UpdateSegmentQoSBinding parameters: - description: |- Tier-1 ID in: path name: tier-1-id required: true type: string - description: |- Segment ID in: path name: segment-id required: true type: string - description: |- Segment QoS Profile Binding Map ID in: path name: segment-qos-profile-binding-map-id required: true type: string - in: body name: SegmentQoSProfileBindingMap required: true schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentQoSProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Segment QoS Profile Binding Map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, QOS, Profile, Binding x-vmw-nsx-module: PolicyQoSProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-security-profile-binding-maps: get: consumes: - application/json description: | API will list all segment security profile binding maps. operationId: ListSegmentSecurityProfileBindings parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMapListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List segment security profile binding maps tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding ? /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/segment-security-profile-binding-maps/{segment-security-profile-binding-map-id} : delete: consumes: - application/json description: | API will delete segment security profile binding map. operationId: DeleteSegmentSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete segment security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding get: consumes: - application/json description: | API will return details of the segment security profile binding map. If the binding map does not exist, it will return 404. operationId: GetSegmentSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding patch: consumes: - application/json description: | Create a new segment security profile binding map if the given security profile binding map does not exist. Otherwise, patch the existing segment security profile binding map. operationId: PatchSegmentSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string - in: body name: SegmentSecurityProfileBindingMap required: true schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Patch segment security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding put: consumes: - application/json description: | API will create or replace segment security profile binding map. operationId: CreateOrUpdateSegmentSecurityProfileBinding parameters: - description: |- tier-1 gateway id in: path name: tier-1-id required: true type: string - description: |- segment id in: path name: segment-id required: true type: string - description: |- segment security profile binding map id in: path name: segment-security-profile-binding-map-id required: true type: string - in: body name: SegmentSecurityProfileBindingMap required: true schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentSecurityProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or replace segment security profile binding map tags: - Policy, Networking, Connectivity, Segment, Segment, Profiles, Segment, Security, Profile, Binding x-vmw-nsx-module: PolicySecurityProfileBinding /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}/static-arp: delete: consumes: - application/json description: |- Delete static ARP config operationId: DeleteStaticARPConfig parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete static ARP config tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read static ARP config operationId: ReadStaticARPConfig parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticARPConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read static ARP config tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | Create static ARP config with Tier-1 and segment IDs provided if it doesn't exist, update with provided config if it's already created. operationId: PatchStaticARPConfig parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: body name: StaticARPConfig required: true schema: $ref: '#/definitions/StaticARPConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a static ARP config tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | Create static ARP config with Tier-1 and segment IDs provided if it doesn't exist, update with provided config if it's already created. operationId: CreateOrReplaceStaticARPConfig parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string - in: body name: StaticARPConfig required: true schema: $ref: '#/definitions/StaticARPConfig' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticARPConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a static ARP config tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segment-id}?force=true: delete: consumes: - application/json description: | Force delete bypasses validations during segment deletion. This may result in an inconsistent connectivity. operationId: ForceDeleteSegmentTrue parameters: - in: path name: tier-1-id required: true type: string - in: path name: segment-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Force delete segment tags: - Policy, Networking, Connectivity, Segment, Segments, (Fixed) x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/segments/{segments-id}/ports/{port-id}/statistics: get: consumes: - application/json description: | Get tier-1 segment port statistics information. operationId: GetSegmentPortStatistics parameters: - in: path name: tier-1-id required: true type: string - in: path name: segments-id required: true type: string - in: path name: port-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentPortStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get tier-1 segment port statistics information tags: - Policy, Networking, Connectivity, Segment, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segments-id}/state: get: consumes: - application/json description: | Get tier1 segment state information. operationId: GetSegmentState parameters: - in: path name: tier-1-id required: true type: string - in: path name: segments-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentConfigurationState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment state information tags: - Policy, Networking, Connectivity, Segment, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/segments/{segments-id}/statistics: get: consumes: - application/json description: | Get tier1 segment statistics information. operationId: GetSegmentStatistics parameters: - in: path name: tier-1-id required: true type: string - in: path name: segments-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Policy path of edge node in: query name: edge_path type: string - description: String Path of the enforcement point in: query name: enforcement_point_path type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SegmentStatistics' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get segment statistics information tags: - Policy, Networking, Connectivity, Segment, Statistics x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/state: get: consumes: - application/json description: | Returns operationId: GetTier1State parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Enforcement point path in: query name: enforcement_point_path type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - description: Interface path for interface specific state such as IPv6 DAD state in: query name: interface_path type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/Tier1GatewayState' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Tier1 state tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Routing, State x-vmw-nsx-module: PolicyConnectivityStatistics /global-infra/tier-1s/{tier-1-id}/static-routes: get: consumes: - application/json description: | Paginated list of all Tier-1 Static Routes operationId: ListTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutesListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- List Tier-1 Static Routes tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier-1-id}/static-routes/{route-id}: delete: consumes: - application/json description: |- Delete Tier-1 static routes operationId: DeleteTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - in: path name: route-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Tier-1 static routes tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity get: consumes: - application/json description: |- Read Tier-1 static routes operationId: ReadTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - in: path name: route-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutes' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Read Tier-1 static routes tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity patch: consumes: - application/json description: | If static routes for route-id are not already present, create static routes. If it already exists, update static routes for route-id. operationId: PatchTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - in: path name: route-id required: true type: string - in: body name: StaticRoutes required: true schema: $ref: '#/definitions/StaticRoutes' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 static routes tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity put: consumes: - application/json description: | If static routes for route-id are not already present, create static routes. If it already exists, replace the static routes for route-id. operationId: CreateOrReplaceTier1StaticRoutes parameters: - in: path name: tier-1-id required: true type: string - in: path name: route-id required: true type: string - in: body name: StaticRoutes required: true schema: $ref: '#/definitions/StaticRoutes' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/StaticRoutes' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update a Tier-1 static routes tags: - Policy, Networking, Connectivity, Tier, 1, Gateways, Routing, Static, Routes x-vmw-nsx-module: PolicyConnectivity /global-infra/tier-1s/{tier1-id}/flood-protection-profile-bindings/{flood-protection-profile-binding-id}: delete: consumes: - application/json description: |- API will delete Flood Protection Profile Binding for Tier-1 Logical Router. operationId: DeleteTier1FloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile Binding for Tier-1 Logical Router tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Flood Protection Profile Binding Map for Tier-1 Logical Router. operationId: GetTier1FloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-1 Logical Router. operationId: PatchTier1FloodProtectionProfileBindingMap parameters: - in: path name: tier1-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-1 Logical Router. operationId: UpdateTier1FloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding ? /global-infra/tier-1s/{tier1-id}/locale-services/{locale-services-id}/flood-protection-profile-bindings/{flood-protection-profile-binding-id} : delete: consumes: - application/json description: |- API will delete Flood Protection Profile Binding for Tier-1 Logical Router LocaleServices. operationId: DeleteTier1LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Flood Protection Profile Binding for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Flood Protection Profile Binding Map for Tier-1 Logical Router LocaleServices. operationId: GetTier1LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Flood Protection Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-1 Logical Router LocaleServices. operationId: PatchTier1LocaleServicesFloodProtectionProfileBindingMap parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Flood Protection profile binding map for Tier-1 Logical Router LocaleServices. operationId: UpdateTier1LocaleServicesFloodProtectionProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: flood-protection-profile-binding-id required: true type: string - in: body name: FloodProtectionProfileBindingMap required: true schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FloodProtectionProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Flood Protection Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Flood, Protection, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding ? /global-infra/tier-1s/{tier1-id}/locale-services/{locale-services-id}/session-timer-profile-bindings/{session-timer-profile-binding-id} : delete: consumes: - application/json description: |- API will delete Session Timer Profile Binding for Tier-1 Logical Router LocaleServices. operationId: DeleteTier1LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Session Timer Profile Binding for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Session Timer Profile Binding Map for Tier-1 Logical Router LocaleServices. operationId: GetTier1LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Session Timer Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-1 Logical Router LocaleServices. operationId: PatchTier1LocaleServicesSessionTimerProfileBindingMap parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-1 Logical Router LocaleServices. operationId: UpdateTier1LocaleServicesSessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: locale-services-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-1 Logical Router LocaleServices tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding /global-infra/tier-1s/{tier1-id}/session-timer-profile-bindings/{session-timer-profile-binding-id}: delete: consumes: - application/json description: |- API will delete Session Timer Profile Binding for Tier-1 Logical Router. operationId: DeleteTier1SessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Session Timer Profile Binding for Tier-1 Logical Router tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding get: consumes: - application/json description: | API will get Session Timer Profile Binding Map for Tier-1 Logical Router. operationId: GetTier1SessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Session Timer Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding patch: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-1 Logical Router. operationId: PatchTier1SessionTimerProfileBindingMap parameters: - in: path name: tier1-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding put: consumes: - application/json description: |- API will create or update Session Timer profile binding map for Tier-1 Logical Router. operationId: UpdateTier1SessionTimerProfileBinding parameters: - in: path name: tier1-id required: true type: string - in: path name: session-timer-profile-binding-id required: true type: string - in: body name: SessionTimerProfileBindingMap required: true schema: $ref: '#/definitions/SessionTimerProfileBindingMap' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SessionTimerProfileBindingMap' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Create or update Session Timer Profile Binding Map for Tier-1 Logical Router tags: - Policy, Security, Security, Profiles, Session, Timer, Profile, Binding x-vmw-nsx-module: PolicyGatewayProfileBinding /global-infra/upgrade-summary: get: consumes: - application/json description: | API will return high level summary of Upgrade across various sites. operationId: GetFederationUpgradeSummary parameters: - description: Filter on site current_version in: query name: current_version required: false type: string - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/FederationUpgradeSummaryListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get Upgrade summary tags: - Federation, Infra, Global, Managers x-vmw-nsx-module: FederationUpgrade /global-infra/virtual-machine-group-associations: get: consumes: - application/json description: | Get policy groups for which the given VM is a member. operationId: GetGroupsForVM parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Virtual machine external ID in: query name: vm_external_id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceForEPListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get groups for which the given VM is a member tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /global-infra/virtual-network-interface-group-associations: get: consumes: - application/json description: | Get policy groups for which the given VIF is a member. operationId: GetGroupsForVIF parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: String Path of the enforcement point in: query name: enforcement_point_path required: false type: string - default: false description: Include objects that are marked for deletion in results in: query name: include_mark_for_delete_objects required: false type: boolean - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string - description: Virtual network interface external ID in: query name: vif_external_id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PolicyResourceReferenceForEPListResult' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get groups for which the given VIF is a member tags: - Policy, Inventory, Groups, Group, Members x-vmw-nsx-module: PolicyGroupRealization /search/dsl: get: consumes: - application/json description: |- DSL (Domain Specific Language) search API operationId: DslSearch parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Search query in: query name: query required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SearchResponse' '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- DSL (Domain Specific Language) search API tags: - Search, Search, Api x-vmw-nsx-module: Search /search/query: get: consumes: - application/json description: |- Full text search API operationId: QuerySearch parameters: - description: Opaque cursor to be used for getting next page of records (supplied by current result page) in: query name: cursor type: string - description: Comma separated list of fields that should be included in query result in: query name: included_fields type: string - default: 1000 description: Maximum number of results to return in this page (server may return fewer) format: int64 in: query maximum: 1000 minimum: 0 name: page_size type: integer - description: Search query in: query name: query required: true type: string - in: query name: sort_ascending type: boolean - description: Field by which records are sorted in: query name: sort_by type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/SearchResponse' '400': description: Bad Request '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Full text search API tags: - Search, Search, Api x-vmw-nsx-module: Search /system-config/nsx-partial-patch-config: get: consumes: - application/json description: | Get Configuration values for nsx-partial-patch. By default partial patch is disbaled (i.e false). operationId: GetPartialPatchConfiguration produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/PartialPatchConfig' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Fetch the policy partial patch configuration value. tags: - Policy, System, Configuration, Nsx, Partial, Patch x-vmw-nsx-module: PolicySystemConfig patch: consumes: - application/json description: | Update partial patch configuration values. Only boolean value is allowed for enable_partial_patch operationId: updatePartialPatchConfig parameters: - in: body name: PartialPatchConfig required: true schema: $ref: '#/definitions/PartialPatchConfig' responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Saves the configuration for policy partial patch tags: - Policy, System, Configuration, Nsx, Partial, Patch x-vmw-nsx-module: PolicySystemConfig /ui-views: get: consumes: - application/json description: | If no query params are specified then all the views entitled for the user are returned. The views to which a user is entitled to include the views created by the user and the shared views. operationId: ListViews parameters: - description: The tag for which associated views to be queried. in: query name: tag type: string - description: Ids of the Views in: query maxLength: 8192 name: view_ids type: string - description: Id of widget configuration in: query maxLength: 255 name: widget_id type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/ViewList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns the Views based on query criteria defined in ViewQueryParameters. tags: - System, Administration, Lifecycle, Management, Dashboards, UI, Views x-vmw-nsx-module: NsxDashboard post: consumes: - application/json description: |- Creates a new View. operationId: CreateView parameters: - in: body name: View required: true schema: $ref: '#/definitions/View' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/View' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Creates a new View. tags: - System, Administration, Lifecycle, Management, Dashboards, UI, Views x-vmw-nsx-module: NsxDashboard /ui-views/{view-id}: delete: consumes: - application/json description: |- Delete View operationId: DeletView parameters: - in: path name: view-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete View tags: - System, Administration, Lifecycle, Management, Dashboards, UI, Views x-vmw-nsx-module: NsxDashboard get: consumes: - application/json description: | Returns Information about a specific View. operationId: GetView parameters: - in: path name: view-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/View' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns View Information tags: - System, Administration, Lifecycle, Management, Dashboards, UI, Views x-vmw-nsx-module: NsxDashboard put: consumes: - application/json description: |- Update View operationId: UpdateView parameters: - in: path name: view-id required: true type: string - in: body name: View required: true schema: $ref: '#/definitions/View' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/View' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update View tags: - System, Administration, Lifecycle, Management, Dashboards, UI, Views x-vmw-nsx-module: NsxDashboard /ui-views/{view-id}/widgetconfigurations: get: consumes: - application/json description: | If no query params are specified then all the Widget Configurations of the specified view are returned. operationId: ListWidgetConfigurations parameters: - in: path name: view-id required: true type: string - description: Id of the container in: query maxLength: 255 name: container type: string - description: Ids of the WidgetConfigurations in: query maxLength: 8192 name: widget_ids type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/WidgetConfigurationList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns the Widget Configurations based on query criteria defined in WidgetQueryParameters. tags: - System, Administration, Lifecycle, Management, Dashboards, Widget, Configuration x-vmw-nsx-module: NsxDashboard post: consumes: - application/json description: | Creates a new Widget Configuration and adds it to the specified view. Supported resource_types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration and ContainerConfiguration. Note: Expressions should be given in a single line. If an expression spans multiple lines, then form the expression in a single line. For label-value pairs, expressions are evaluated as follows: a. First, render configurations are evaluated in their order of appearance in the widget config. The 'field' is evaluated at the end. b. Second, when render configuration is provided then the order of evaluation is 1. If expressions provided in 'condition' and 'display value' are well-formed and free of runtime-errors such as 'null pointers' and evaluates to 'true'; Then remaining render configurations are not evaluated, and the current render configuration's 'display value' is taken as the final value. 2. If expression provided in 'condition' of render configuration is false, then next render configuration is evaluated. 3. Finally, 'field' is evaluated only when every render configuration evaluates to false and no error occurs during steps 1 and 2 above. If an error occurs during evaluation of render configuration, then an error message is shown. The display value corresponding to that label is not shown and evaluation of the remaining render configurations continues to collect and show all the error messages (marked with the 'Label' for identification) as 'Error_Messages: {}'. If during evaluation of expressions for any label-value pair an error occurs, then it is marked with error. The errors are shown in the report, along with the label value pairs that are error-free. Important: For elements that take expressions, strings should be provided by escaping them with a back-slash. These elements are - condition, field, tooltip text and render_configuration's display_value. operationId: CreateWidgetConfiguration parameters: - in: path name: view-id required: true type: string - in: body name: WidgetConfiguration required: true schema: $ref: '#/definitions/WidgetConfiguration' produces: - application/json responses: '201': description: Created schema: $ref: '#/definitions/WidgetConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Creates a new Widget Configuration. tags: - System, Administration, Lifecycle, Management, Dashboards, Widget, Configuration x-vmw-nsx-module: NsxDashboard /ui-views/{view-id}/widgetconfigurations/{widgetconfiguration-id}: delete: consumes: - application/json description: | Detaches widget from a given view. If the widget is no longer part of any view, then it will be purged. operationId: DeleteWidgetConfiguration parameters: - in: path name: view-id required: true type: string - in: path name: widgetconfiguration-id required: true type: string responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Delete Widget Configuration tags: - System, Administration, Lifecycle, Management, Dashboards, Widget, Configuration x-vmw-nsx-module: NsxDashboard get: consumes: - application/json description: | Returns Information about a specific Widget Configuration. operationId: GetWidgetConfiguration parameters: - in: path name: view-id required: true type: string - in: path name: widgetconfiguration-id required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/WidgetConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Returns Widget Configuration Information tags: - System, Administration, Lifecycle, Management, Dashboards, Widget, Configuration x-vmw-nsx-module: NsxDashboard put: consumes: - application/json description: | Updates the widget at the given view. If the widget is referenced by other views, then the widget will be updated in all the views that it is part of. operationId: UpdateWidgetConfiguration parameters: - in: path name: view-id required: true type: string - in: path name: widgetconfiguration-id required: true type: string - in: body name: WidgetConfiguration required: true schema: $ref: '#/definitions/WidgetConfiguration' produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/WidgetConfiguration' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': description: Not Found '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update Widget Configuration tags: - System, Administration, Lifecycle, Management, Dashboards, Widget, Configuration x-vmw-nsx-module: NsxDashboard /upgrade/version-whitelist: get: consumes: - application/json description: |- Get whitelist of versions for different components operationId: GetVersionWhitelist produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AcceptableComponentVersionList' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the version whitelist tags: - System, Administration, Lifecycle, Management, Upgrade, Nodes x-vmw-nsx-module: VersionWhitelist /upgrade/version-whitelist/{component_type}: get: consumes: - application/json description: |- Get whitelist of versions for a component. Component can include HOST, EDGE, CCP, MP operationId: GetVersionWhitelistByComponent parameters: - in: path name: component_type required: true type: string produces: - application/json responses: '200': description: OK schema: $ref: '#/definitions/AcceptableComponentVersion' '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Get the version whitelist for the specified component tags: - System, Administration, Lifecycle, Management, Upgrade, Nodes x-vmw-nsx-module: VersionWhitelist put: consumes: - application/json description: |- Update the version whitelist for the specified component type (HOST, EDGE, CCP, MP). operationId: UpdateVersionWhitelist parameters: - in: path name: component_type required: true type: string - in: body name: VersionList required: true schema: $ref: '#/definitions/VersionList' produces: - application/json responses: '200': description: OK '400': $ref: '#/responses/BadRequest' '403': $ref: '#/responses/Forbidden' '404': $ref: '#/responses/NotFound' '412': $ref: '#/responses/PreconditionFailed' '500': $ref: '#/responses/InternalServerError' '503': $ref: '#/responses/ServiceUnavailable' summary: |- Update the version whitelist for the specified component type tags: - System, Administration, Lifecycle, Management, Upgrade, Nodes x-vmw-nsx-module: VersionWhitelist definitions: ALGTypeServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: alg: description: | The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead. enum: - ORACLE_TNS - FTP - SUN_RPC_TCP - SUN_RPC_UDP - MS_RPC_TCP - MS_RPC_UDP - NBNS_BROADCAST - NBDG_BROADCAST - TFTP title: |- The Application Layer Gateway (ALG) protocol type: string destination_ports: description: |- The destination_port cannot be empty and must be a single value. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 15 minItems: 1 title: |- The destination_port cannot be empty and must be a single value. type: array source_ports: items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 15 type: array required: - alg - destination_ports type: object x-vmw-nsx-module: Policy description: |- An ServiceEntry that represents an ALG protocol title: |- An ServiceEntry that represents an ALG protocol x-vmw-nsx-module: Policy AbstractSpace: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: connectivity_strategy: description: | The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added. enum: - WHITELIST - BLACKLIST - WHITELIST_ENABLE_LOGGING - BLACKLIST_ENABLE_LOGGING - NONE title: |- Connectivity strategy used by this tenant type: string x-deprecated: true type: object x-vmw-nsx-module: Policy description: |- Represents the space in which the policy is being defined. title: |- The space in which policy is being defined x-vmw-nsx-module: Policy AcceptableComponentVersion: allOf: - $ref: '#/definitions/VersionList' - properties: component_type: description: |- Node type enum: - HOST - EDGE - CCP - MP title: |- Node type type: string required: - component_type type: object x-vmw-nsx-module: VersionWhitelist x-vmw-nsx-module: VersionWhitelist AcceptableComponentVersionList: properties: results: description: |- Acceptable version whitelist for different components items: $ref: '#/definitions/AcceptableComponentVersion' title: |- Acceptable version whitelist for different components type: array required: - results type: object x-vmw-nsx-module: VersionWhitelist Action: description: | Reaction Action is the action to take when the stipulated criteria specified in the event exist over the source. Some example actions include: - Notify Admin (or VMC's SRE) via email. - Populate a specific label with the IPSec VPN Session. - Remove the IPSec VPN Session from a specific label. discriminator: resource_type properties: resource_type: description: | Reaction Action resource type. enum: - PatchResources - SetFields title: |- Resource Type type: string required: - resource_type title: |- Reaction Action type: object x-vmw-nsx-module: PolicyReaction ActionableResource: allOf: - $ref: '#/definitions/ManagedResource' - properties: ip_address: description: |- A resource reference on which actions can be performed format: hostname-or-ip title: |- A resource reference on which actions can be performed type: string type: object x-vmw-nsx-module: ClusterRestore description: |- Resources managed during restore process title: |- Resources managed during restore process x-vmw-nsx-module: ClusterRestore ActionableResourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/ActionableResource' title: |- List results type: array required: - results type: object x-vmw-nsx-module: ClusterRestore x-vmw-nsx-module: ClusterRestore ActiveDirectoryIdentitySource: allOf: - $ref: '#/definitions/LdapIdentitySource' - type: object x-vmw-nsx-module: LdapIdentitySources description: |- An identity source service that runs Microsoft Active Directory. The service allows selected user accounts defined in Active Directory to log into and access NSX-T. title: |- An Active Directory identity source service x-vmw-nsx-module: LdapIdentitySources AdvanceClusterRestoreInput: properties: id: description: | Unique id of an instruction (as returned by the GET /restore/status call) for which input is to be provided readOnly: true title: | Unique id of an instruction (as returned by the GET /restore/status call) for which input is to be provided type: string resources: description: |- List of resources for which the instruction is applicable. items: $ref: '#/definitions/SelectableResourceReference' title: |- List of resources for which the instruction is applicable. type: array required: - resources type: object x-vmw-nsx-module: ClusterRestore AdvanceClusterRestoreRequest: properties: data: description: |- List of instructions and their associated data items: $ref: '#/definitions/AdvanceClusterRestoreInput' title: |- List of instructions and their associated data type: array required: - data type: object x-vmw-nsx-module: ClusterRestore AggregateDNSForwarderStatistics: description: | Aggregate of DNS forwarder statistics across enforcement points. properties: intent_path: description: | String path of the DNS forwarder intent. title: |- String path of the DNS forwarder intent type: string statistics_per_enforcement_point: description: | List of DNS forwarder statistics per enforcement point. items: $ref: '#/definitions/DNSForwarderStatisticsPerEnforcementPoint' readOnly: true title: |- List of DNS forwarder statistics per enforcement point type: array required: - intent_path title: |- Aggregate of DNS forwarder statistics type: object x-vmw-nsx-module: PolicyDNSStatistics AggregateDNSForwarderStatus: description: | Aggregate of DNS forwarder status across enforcement points. properties: intent_path: description: | String path of the DNS forwarder intent. title: |- String path of the DNS forwarder intent type: string status_per_enforcement_point: description: | List of DNS forwarder status per enforcement point. items: $ref: '#/definitions/DNSForwarderStatusPerEnforcementPoint' readOnly: true title: |- List of DNS forwarder status per enforcement point type: array required: - intent_path title: |- Aggregate of DNS forwarder status type: object x-vmw-nsx-module: PolicyDNSStatistics AggregatePolicyDnsAnswer: description: | Aggregate of DNS forwarder nslookup answer across enforcement points. properties: dns_answer_per_enforcement_point: description: | List of DNS forwarder nslookup answer per enforcement point. items: $ref: '#/definitions/PolicyDnsAnswerPerEnforcementPoint' readOnly: true title: |- List of DNS forwarder nslookup answer per enforcement point type: array intent_path: description: | String path of the DNS forwarder intent. title: |- String path of the DNS forwarder intent type: string required: - intent_path title: |- Aggregate of DNS forwarder nslookup answer type: object x-vmw-nsx-module: PolicyDnsForwarder AggregatePolicyRuntimeInfo: description: | Aggregate of PolicyRuntimeInfoPerEP across Enforcement Points. properties: intent_path: description: | Intent path of object, forward slashes must be escaped using %2F. readOnly: true title: |- String Path of the intent object type: string title: |- Aggregate of PolicyRuntimeInfoPerEP type: object x-vmw-nsx-module: PolicyBaseStatistics AggregatedDataCounter: properties: rx_bytes: $ref: '#/definitions/DataCounter' readOnly: true rx_packets: $ref: '#/definitions/DataCounter' readOnly: true tx_bytes: $ref: '#/definitions/DataCounter' readOnly: true tx_packets: $ref: '#/definitions/DataCounter' readOnly: true type: object x-vmw-nsx-module: AggSvcL2Types AggregatedDataCounterEx: allOf: - $ref: '#/definitions/AggregatedDataCounter' - properties: dropped_by_security_packets: $ref: '#/definitions/PacketsDroppedBySecurity' readOnly: true mac_learning: $ref: '#/definitions/MacLearningCounters' readOnly: true type: object x-vmw-nsx-module: AggSvcL2Types x-vmw-nsx-module: AggSvcL2Types AggregatedLogicalRouterPortCounters: properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer rx: $ref: '#/definitions/LogicalRouterPortCounters' readOnly: true tx: $ref: '#/definitions/LogicalRouterPortCounters' readOnly: true type: object x-vmw-nsx-module: AggSvcLogicalRouterPort ApiError: allOf: - $ref: '#/definitions/RelatedApiError' - properties: related_errors: description: |- Other errors related to this error items: $ref: '#/definitions/RelatedApiError' title: |- Other errors related to this error type: array type: object x-vmw-nsx-module: Common description: |- Detailed information about an API Error title: |- Detailed information about an API Error x-vmw-nsx-module: Common ApiRequestBody: allOf: - $ref: '#/definitions/Source' - properties: resource_pointer: description: | Regex path representing a regex expression on resources. This regex is used to identify the request body(ies) that is/are the source of the Event. For instance: specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question. title: |- Resource Pointer type: string required: - resource_pointer type: object x-vmw-nsx-module: PolicyReaction description: | API Request Body is an Event Source that represents an API request body that is being reveived as part of an API. Supported Request Bodies are those received as part of a PATCH/PUT/POST request. title: |- API Request Body x-vmw-nsx-module: PolicyReaction ArpHeader: properties: dst_ip: description: |- The destination IP address format: ipv4 type: string op_code: default: ARP_REQUEST description: |- This field specifies the nature of the Arp message being sent. enum: - ARP_REQUEST - ARP_REPLY title: |- Arp message type type: string src_ip: description: |- This field specifies the IP address of the sender. If omitted, the src_ip is set to 0.0.0.0. format: ipv4 type: string required: - op_code - dst_ip type: object x-vmw-nsx-module: Traceflow ArpSnoopingConfig: description: |- Contains ARP snooping related configuration. properties: arp_binding_limit: default: 1 description: | Number of arp snooped IP addresses Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. format: int32 maximum: 256 minimum: 1 title: |- Maximum number of ARP bindings type: integer arp_snooping_enabled: default: true description: |- Indicates whether ARP snooping is enabled title: |- Is ARP snooping enabled or not type: boolean title: |- ARP Snooping Configuration type: object x-vmw-nsx-module: PolicyIpDiscovery Attribute: description: |- Attribute specific to a partner. There attributes are passed on to the partner appliance and is opaque to the NSX Manager. The Attributes used by the partner applicance. properties: attribute_type: description: |- Attribute Type can be of any of the allowed enum type. enum: - IP_ADDRESS - PORT - PASSWORD - STRING - LONG - BOOLEAN readOnly: false title: |- Attributetype. type: string display_name: description: |- Attribute display name string value. readOnly: false title: |- Display name type: string key: description: |- Attribute key string value. readOnly: false title: |- key type: string read_only: default: false description: |- Read only Attribute cannot be overdidden by service instance/deployment. readOnly: false title: |- read only type: boolean value: description: |- Attribute value string value. readOnly: false title: |- value type: string required: - key title: |- Attributes type: object x-vmw-nsx-module: ServiceInsertionCommonTypes AttributeVal: description: |- Contains type specific properties of generic realized entity properties: data_type: description: |- Datatype of the property enum: - STRING - DATE - INTEGER - BOOLEAN readOnly: true title: |- Datatype of property represented by this attribute type: string key: description: |- Attribute key title: |- Key for the attribute value type: string multivalue: description: |- If attribute has a single value or collection of values readOnly: true title: |- multivalue flag type: boolean values: description: |- List of attribute values items: type: string readOnly: true title: |- List of values for the attribute type: array title: |- Attribute values of realized type type: object x-vmw-nsx-module: PolicyRealizedState Axes: description: |- Represents X and Y axes of a graph. For a multi-graph, the same axes are shared by all the graphs. properties: x_label: $ref: '#/definitions/Label' description: |- Label for X axis of a graph title: |- Label for X axis of a graph y_label: $ref: '#/definitions/Label' description: |- Label for Y axis of a graph title: |- Label for Y axis of a graph title: |- Axes of a graph type: object x-vmw-nsx-module: NsxDashboard BackupConfiguration: description: |- Configuration for taking manual/automated backup properties: after_inventory_update_interval: description: |- A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups. format: int64 maximum: 86400 minimum: 300 title: |- A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups. type: integer backup_enabled: default: false description: |- true if automated backup is enabled title: |- true if automated backup is enabled type: boolean backup_schedule: $ref: '#/definitions/BackupSchedule' description: |- Set when backups should be taken - on a weekly schedule or at regular intervals. title: |- Set when backups should be taken - on a weekly schedule or at regular intervals. inventory_summary_interval: default: 240 description: |- The minimum number of seconds between each upload of the inventory summary to backup server. format: int64 maximum: 3600 minimum: 30 title: |- The minimum number of seconds between each upload of the inventory summary to backup server. type: integer passphrase: description: | Passphrase used to encrypt backup files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (any other non-space character). title: |- Passphrase used to encrypt backup files. type: string remote_file_server: $ref: '#/definitions/RemoteFileServer' description: |- The server to which backups will be sent. title: |- The server to which backups will be sent. required: - remote_file_server title: |- Configuration for taking manual/automated backup type: object x-vmw-nsx-module: BackupConfiguration BackupOperationHistory: description: |- Past backup operation details properties: cluster_backup_statuses: description: |- Statuses of previous cluser backups items: $ref: '#/definitions/BackupOperationStatus' title: |- Statuses of previous cluser backups type: array inventory_backup_statuses: description: |- Statuses of previous inventory backups items: $ref: '#/definitions/BackupOperationStatus' title: |- Statuses of previous inventory backups type: array node_backup_statuses: description: |- Statuses of previous node backups items: $ref: '#/definitions/BackupOperationStatus' title: |- Statuses of previous node backups type: array title: |- Past backup operation details type: object x-vmw-nsx-module: BackupConfiguration BackupOperationStatus: description: |- Backup operation status properties: backup_id: description: |- Unique identifier of a backup title: |- Unique identifier of a backup type: string end_time: description: |- Time when operation was ended format: int64 type: integer error_code: description: |- Error code enum: - BACKUP_NOT_RUN_ON_MASTER - BACKUP_SERVER_UNREACHABLE - BACKUP_AUTHENTICATION_FAILURE - BACKUP_PERMISSION_ERROR - BACKUP_TIMEOUT - BACKUP_BAD_FINGERPRINT - BACKUP_GENERIC_ERROR title: |- Error code type: string error_message: description: |- Error code details title: |- Error code details type: string start_time: description: |- Time when operation was started format: int64 type: integer success: description: |- True if backup is successfully completed, else false title: |- True if backup is successfully completed, else false type: boolean required: - backup_id - success title: |- Backup operation status type: object x-vmw-nsx-module: BackupConfiguration BackupOverview: allOf: - $ref: '#/definitions/ClusterBackupInfoListResult' - properties: backup_config: $ref: '#/definitions/BackupConfiguration' description: |- Configuration to generate a manual/automated backup title: |- Backup configuration backup_operation_history: $ref: '#/definitions/BackupOperationHistory' description: |- Status of the last backup execution per component title: |- Last backup status current_backup_operation_status: $ref: '#/definitions/CurrentBackupOperationStatus' description: |- Backup status decribes type, phase, success/failure and time of a | latest backup execution title: |- Current backup status restore_status: $ref: '#/definitions/ClusterRestoreStatus' description: |- Status of restore process executing/executed on appliance title: |- Current restore status required: - current_backup_operation_status - backup_operation_history - backup_config - restore_status type: object x-vmw-nsx-module: BackupConfiguration description: |- Data for a single backup/restore card title: |- Backup overview x-vmw-nsx-module: BackupConfiguration BackupSchedule: description: |- Abstract base type for Weekly or Interval Backup Schedule discriminator: resource_type properties: resource_type: description: |- Schedule type enum: - WeeklyBackupSchedule - IntervalBackupSchedule title: |- Schedule type type: string required: - resource_type title: |- Abstract base type for Weekly or Interval Backup Schedule type: object x-vmw-nsx-module: BackupConfiguration BaseConsolidatedStatusPerEnforcementPoint: allOf: - $ref: '#/definitions/PolicyRuntimeInfoPerEP' - discriminator: resource_type properties: consolidated_status: $ref: '#/definitions/ConsolidatedStatus' description: | Consolidated Realized Status of an Intent object per enforcement point. readOnly: true title: |- Consolidated Realized Status enforcement_point_id: description: |- Enforcement Point Id. readOnly: true title: |- Enforcement Point Id type: string resource_type: type: string site_path: description: |- The site where this enforcement point resides. readOnly: true title: |- Site Path type: string required: - resource_type type: object x-vmw-nsx-module: PolicyRealizedState description: | Consolidated Realized Status Per Enforcement Point. title: |- Base class for ConsolidatedStatusPerEnforcementPoint x-vmw-nsx-module: PolicyRealizedState BaseEndpoint: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - VirtualEndpoint - ServiceInstanceEndpoint type: string target_ips: description: | IPs where either inbound or outbound traffic is to be redirected. items: $ref: '#/definitions/IPInfo' maxItems: 1 minItems: 1 title: |- IP addresses to redirect the traffic to type: array required: - target_ips - resource_type type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Represents an endpoint which will be used as subject in rule. It is a polymorphic type object which can be either of the types - 1. Virtual 2. Logical We have 2 separate objects representing these 2 types. VirtualEndPoint for Virtual type and ServiceInstanceEndpoint for Logical. title: |- An endpoint to be used in redirection rule x-vmw-nsx-module: PolicyServiceInsertion BasePolicyServiceInstance: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: deployment_mode: default: ACTIVE_STANDBY description: |- Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode. enum: - STAND_ALONE - ACTIVE_STANDBY readOnly: false title: |- Deployment Mode type: string partner_service_name: description: |- Unique name of Partner Service in the Marketplace title: |- Name of Partner Service type: string transport_type: default: L2_BRIDGE description: |- Transport to be used while deploying Service-VM. enum: - L2_BRIDGE - L3_ROUTED readOnly: false title: |- Transport Type type: string required: - partner_service_name type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Represents an instance of partner Service and its configuration. title: |- Represents an instance of partner Service and its configuration x-vmw-nsx-module: PolicyServiceInsertion BaseRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: destination_groups: description: | We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Destination group paths type: array destinations_excluded: default: false description: | If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups readOnly: false title: |- Negation of destination groups type: boolean direction: default: IN_OUT description: | Define direction of traffic. enum: - IN - OUT - IN_OUT title: |- Direction type: string disabled: default: false description: |- Flag to disable the rule. Default is enabled. readOnly: false title: |- Flag to disable the rule type: boolean ip_protocol: description: | Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. enum: - IPV4 - IPV6 - IPV4_IPV6 readOnly: false title: |- IPv4 vs IPv6 packet type type: string is_default: description: |- A flag to indicate whether rule is a default rule. readOnly: true title: |- Default rule flag type: boolean logged: default: false description: |- Flag to enable packet logging. Default is disabled. readOnly: false title: |- Enable logging flag type: boolean notes: description: |- Text for additional notes on changes. maxLength: 2048 readOnly: false title: |- Text for additional notes on changes type: string profiles: description: | Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. items: type: string maxItems: 128 title: |- Layer 7 service profiles type: array rule_id: description: "This is a unique 4 byte positive number that is assigned by\ \ the system. \nThis rule id is passed all the way down to the data path.\ \ The first 1GB\n(1000 to 2^30) will be shared by GM and LM with zebra\ \ style striped\nnumber space. For E.g 1000 to (1Million -1) by LM, (1M\ \ - 2M-1) by GM\nand so on.\n" format: int64 readOnly: true title: |- Unique rule ID type: integer scope: description: | The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. items: type: string maxItems: 128 type: array sequence_number: description: | This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number format: int32 minimum: 0 title: |- Sequence number of the this Rule type: integer service_entries: description: | In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. items: $ref: '#/definitions/ServiceEntry' maxItems: 128 title: |- Raw services type: array services: description: | In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Names of services type: array source_groups: description: | We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Source group paths type: array sources_excluded: default: false description: | If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups readOnly: false title: |- Negation of source groups type: boolean tag: description: | User level field which will be printed in CLI and packet logs. title: |- Tag applied on the rule type: string type: object x-vmw-nsx-module: Policy description: |- A rule indicates the action to be performed for various types of traffic flowing between workload groups. title: |- A rule represent base properties for ,dfw, forwarding, redirection rule x-vmw-nsx-module: Policy BaseRuleListResult: allOf: - $ref: '#/definitions/ListResult' - type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Rules title: |- Paged Collection of Rules x-vmw-nsx-module: Policy BaseTier0Interface: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: subnets: description: | Specify IP address and network prefix for interface. items: $ref: '#/definitions/InterfaceSubnet' minItems: 1 title: |- IP address and subnet specification for interface type: array required: - subnets type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-0 interface configuration for external connectivity. title: |- Tier-0 interface configuration x-vmw-nsx-module: PolicyConnectivity BatchRequest: description: |- A set of operations to be performed in a single batch properties: continue_on_error: default: true description: |- Flag to decide if we will continue processing subsequent requests in case of current error for atomic = false. type: boolean requests: items: $ref: '#/definitions/BatchRequestItem' type: array title: |- A set of operations to be performed in a single batch type: object x-vmw-nsx-module: Common BatchRequestItem: description: |- A single request within a batch of operations properties: body: type: object method: description: |- http method type enum: - GET - POST - PUT - DELETE - PATCH title: |- method type(POST/PUT/DELETE/UPDATE) type: string uri: description: |- relative uri (path and args), of the call including resource id (if this is a POST/DELETE), exclude hostname and port and prefix, exploded form of parameters title: |- Internal uri of the call type: string required: - uri - method title: |- A single request within a batch of operations type: object x-vmw-nsx-module: Common BatchResponse: description: |- The reponse to a batch operation properties: has_errors: description: |- Indicates if any of the APIs failed title: |- errors indicator type: boolean results: description: |- Bulk list results items: $ref: '#/definitions/BatchResponseItem' title: |- Bulk list results type: array rolled_back: description: |- Optional flag indicating that all items were rolled back even if succeeded initially title: |- indicates if all items were rolled back. type: boolean required: - results title: |- The reponse to a batch operation type: object x-vmw-nsx-module: Common BatchResponseItem: description: |- A single respose in a list of batched responses properties: body: description: |- object returned by api title: |- object returned by api type: object code: description: |- http status code format: int64 title: |- object returned by api type: integer headers: description: |- The headers returned by the API call title: |- object returned by api type: object required: - code title: |- A single respose in a list of batched responses type: object x-vmw-nsx-module: Common BfdProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: interval: default: 500 description: | Time interval between heartbeat packets in milliseconds. format: int32 maximum: 60000 minimum: 50 title: |- Time interval between heartbeat packets in milliseconds type: integer multiple: default: 3 description: | Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down. format: int32 maximum: 16 minimum: 2 title: |- Declare dead multiple type: integer type: object x-vmw-nsx-module: PolicyConnectivity description: |- Bidirectional Forwarding Detection configuration for BGP peers title: |- Bidirectional Forwarding Detection configuration for BGP peers x-vmw-nsx-module: PolicyConnectivity BfdProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Bfd Profile list results. items: $ref: '#/definitions/BfdProfile' title: |- Bfd Profile List Results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged Collection of BfdProfile. title: |- Paged Collection of BfdProfile x-vmw-nsx-module: PolicyConnectivity BgpAddressFamily: properties: in_prefix_count: description: |- Count of in prefixes format: int64 readOnly: true title: |- Count of in prefixes type: integer out_prefix_count: description: |- Count of out prefixes format: int64 readOnly: true title: |- Count of out prefixes type: integer type: description: |- BGP address family type enum: - IPV4_UNICAST - VPNV4_UNICAST - IPV6_UNICAST - L2VPN_EVPN readOnly: true title: |- BGP address family type type: string type: object x-vmw-nsx-module: AggSvcLogicalRouter BgpBfdConfig: description: |- BFD configuration for BGP peers properties: enabled: default: false description: |- Flag to enable BFD cofiguration. title: |- Flag to enable BFD cofiguration type: boolean interval: default: 500 description: | Time interval between heartbeat packets in milliseconds. format: int32 maximum: 60000 minimum: 50 title: |- Time interval between heartbeat packets in milliseconds type: integer multiple: default: 3 description: | Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down. format: int32 maximum: 16 minimum: 2 title: |- Declare dead multiple type: integer title: |- BFD configuration for BGP peers type: object x-vmw-nsx-module: PolicyConnectivity BgpGracefulRestartConfig: description: |- Configuration field to hold BGP restart mode and timer. properties: mode: default: HELPER_ONLY description: | If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers. enum: - DISABLE - GR_AND_HELPER - HELPER_ONLY title: |- BGP Graceful Restart Configuration Mode type: string timer: $ref: '#/definitions/BgpGracefulRestartTimer' description: |- Configuration field to hold BGP restart timers. title: |- BGP Graceful Restart Timer title: |- BGP Graceful Restart Configuration type: object x-vmw-nsx-module: PolicyConnectivity BgpGracefulRestartTimer: description: |- Configuration field to hold BGP restart timers properties: restart_timer: default: 180 description: | Maximum time taken (in seconds) for a BGP session to be established after a restart. This can be used to speed up routing convergence by its peer in case the BGP speaker does not come back up after a restart. If the session is not re-established within this timer, the receiving speaker will delete all the stale routes from that peer. format: int64 maximum: 3600 minimum: 1 title: |- BGP Graceful Restart Timer type: integer stale_route_timer: default: 600 description: | Maximum time (in seconds) before stale routes are removed from the RIB (Routing Information Base) when BGP restarts. format: int64 maximum: 3600 minimum: 1 title: |- BGP Stale Route Timer type: integer title: |- BGP Graceful Restart Timers type: object x-vmw-nsx-module: PolicyConnectivity BgpNeighborConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: allow_as_in: default: false description: |- Flag to enable allowas_in option for BGP neighbor title: |- Flag to enable allowas_in option for BGP neighbor type: boolean bfd: $ref: '#/definitions/BgpBfdConfig' description: | BFD configuration for failure detection. BFD is enabled with default values when not configured. title: |- BFD configuration for failure detection graceful_restart_mode: description: | If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers. enum: - DISABLE - GR_AND_HELPER - HELPER_ONLY title: |- BGP Graceful Restart Configuration Mode type: string hold_down_time: default: 180 description: | Wait time in seconds before declaring peer dead. format: int32 maximum: 65535 minimum: 1 title: |- Wait time in seconds before declaring peer dead type: integer in_route_filters: description: | Specify path of prefix-list or route map to filter routes for IN direction. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error. items: type: string maxItems: 1 title: |- Prefix-list or route map path for IN direction type: array x-deprecated: true keep_alive_time: default: 60 description: | Interval (in seconds) between keep alive messages sent to peer. format: int32 maximum: 65535 minimum: 1 title: |- Interval between keep alive messages sent to peer type: integer maximum_hop_limit: default: 1 description: | Maximum number of hops allowed to reach BGP neighbor. format: int32 maximum: 255 minimum: 1 title: |- Maximum number of hops allowed to reach BGP neighbor type: integer neighbor_address: description: |- Neighbor IP Address format: ip type: string out_route_filters: description: | Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error. items: type: string maxItems: 1 title: |- Prefix-list or route map path for OUT direction type: array x-deprecated: true password: description: | Specify password for BGP neighbor authentication. Empty string ("") clears existing password. maxLength: 20 minLength: 0 title: |- Password type: string remote_as_num: description: |- 4 Byte ASN of the neighbor in ASPLAIN Format title: |- 4 Byte ASN of the neighbor in ASPLAIN Format type: string route_filtering: description: | Enable address families and route filtering in each direction. items: $ref: '#/definitions/BgpRouteFiltering' maxItems: 2 title: |- Enable address families and route filtering in each direction type: array source_addresses: description: | Source addresses should belong to Tier0 external or loopback interface IP Addresses . BGP peering is formed from all these addresses. This property is mandatory when maximum_hop_limit is greater than 1. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 8 title: |- Source IP Addresses for BGP peering type: array required: - remote_as_num - neighbor_address type: object x-vmw-nsx-module: PolicyConnectivity description: | Contains information necessary to configure a BGP neighbor. title: |- BGP neighbor config x-vmw-nsx-module: PolicyConnectivity BgpNeighborConfigListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- BGP neighbor configs list results items: $ref: '#/definitions/BgpNeighborConfig' title: |- BGP neighbor configs list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of BGP Neighbor Configs title: |- Paged collection of BGP Neighbor Configs x-vmw-nsx-module: PolicyConnectivity BgpNeighborRouteDetailsCsvRecord: allOf: - $ref: '#/definitions/CsvRecord' - properties: as_path: description: |- BGP AS path attribute. readOnly: true title: |- AS path type: string local_pref: description: |- BGP Local Preference attribute. format: int64 readOnly: true title: |- Local preference type: integer logical_router_id: description: |- Logical router id readOnly: true title: |- Logical router id type: string med: description: |- BGP Multi Exit Discriminator attribute. format: int64 readOnly: true title: |- Multi Exit Discriminator type: integer neighbor_address: description: |- BGP neighbor peer IP address. format: ip readOnly: true type: string neighbor_id: description: |- BGP neighbor id readOnly: true title: |- BGP neighbor id type: string network: description: |- CIDR network address. format: ip-cidr-block readOnly: true type: string next_hop: description: |- Next hop IP address. format: ip readOnly: true type: string source_address: description: |- BGP neighbor source address. format: ip readOnly: true type: string transport_node_id: description: |- Transport node id readOnly: true title: |- Transport node id type: string weight: description: |- BGP Weight attribute. format: int64 readOnly: true title: |- Weight type: integer type: object x-vmw-nsx-module: AggSvcLogicalRouter description: |- BGP neighbor learned/advertised route details. title: |- BGP neighbor route details x-vmw-nsx-module: AggSvcLogicalRouter BgpNeighborRouteDetailsInCsvFormat: allOf: - $ref: '#/definitions/CsvListResult' - properties: results: items: $ref: '#/definitions/BgpNeighborRouteDetailsCsvRecord' type: array type: object x-vmw-nsx-module: AggSvcLogicalRouter x-vmw-nsx-module: AggSvcLogicalRouter BgpNeighborRoutes: description: |- BGP neighbor learned/advertised route details. properties: egde_node_routes: description: | Array of BGP neighbor route details per edge node. items: $ref: '#/definitions/RoutesPerTransportNode' readOnly: true title: |- Route details per transport node type: array enforcement_point_path: description: |- Enforcement point policy path readOnly: true title: |- Enforcement point policy path type: string neighbor_path: description: |- BGP neighbor policy path readOnly: true title: |- BGP neighbor policy path type: string title: |- BGP neighbor route details type: object x-vmw-nsx-module: PolicyConnectivityStatistics BgpNeighborRoutesListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of Bgp neighbor routes. items: $ref: '#/definitions/BgpNeighborRoutes' title: |- Paged Collection of Bgp neighbor routes type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics BgpRouteFiltering: description: |- Enable address_families and route filtering in each direction properties: address_family: description: |- Address family type. If not configured, this property automatically derived for IPv4 & IPv6 peer configuration. enum: - IPV4 - IPV6 - L2VPN_EVPN title: |- Address family type type: string enabled: default: true description: |- Flag to enable address family. title: |- Enable address family type: boolean in_route_filters: description: | Specify path of prefix-list or route map to filter routes for IN direction. items: type: string maxItems: 1 title: |- Prefix-list or route map path for IN direction type: array maximum_routes: description: | Maximum number of routes for the address family. format: int32 maximum: 1000000 minimum: 1 title: |- Maximum number of routes for the address family type: integer out_route_filters: description: | Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. items: type: string maxItems: 1 title: |- Prefix-list or route map path for OUT direction type: array title: |- Enable address_families and route filtering in each direction type: object x-vmw-nsx-module: PolicyConnectivity BgpRoutingConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ecmp: description: | Flag to enable ECMP. title: |- Flag to enable ECMP type: boolean enabled: description: | Flag to enable BGP configuration. Disabling will stop feature and BGP peering. title: |- Flag to enable BGP configuration type: boolean graceful_restart: description: | Flag to enable graceful restart. This field is deprecated, please use graceful_restart_config parameter for graceful restart configuration. If both parameters are set and consistent with each other (i.e. graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR graceful_restart=true and graceful_restart_mode=GR_AND_HELPER) then this is allowed, but if inconsistent with each other then this is not allowed and validation error will be thrown. title: |- Flag to enable graceful restart type: boolean x-deprecated: true graceful_restart_config: $ref: '#/definitions/BgpGracefulRestartConfig' description: |- Configuration field to hold BGP Restart mode and timer. title: |- BGP Graceful Restart Configuration inter_sr_ibgp: description: | Flag to enable inter SR IBGP configuration. When not specified, inter SR IBGP is automatically enabled if Tier-0 is created in ACTIVE_ACTIVE ha_mode. title: |- Enable inter SR IBGP configuration type: boolean local_as_num: description: | Specify BGP AS number for Tier-0 to advertize to BGP peers. AS number can be specified in ASPLAIN (e.g., "65546") or ASDOT (e.g., "1.10") format. Empty string disables BGP feature. It is required by normal tier0 but not required in vrf tier0. title: |- BGP AS number in ASPLAIN/ASDOT Format type: string multipath_relax: description: |- Flag to enable BGP multipath relax option. title: |- Flag to enable BGP multipath relax option type: boolean route_aggregations: description: | List of routes to be aggregated. items: $ref: '#/definitions/RouteAggregationEntry' maxItems: 1000 title: |- List of routes to be aggregated type: array type: object x-vmw-nsx-module: PolicyConnectivity description: | Contains BGP routing configuration. title: |- BGP routing config x-vmw-nsx-module: PolicyConnectivity BinaryPacketData: allOf: - $ref: '#/definitions/PacketData' - properties: payload: description: |- Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload must contain all headers (Ethernet, IP, etc). Note that VLAN is not supported in the logical space. Hence, payload must not contain 802.1Q headers. maxLength: 1336 title: |- RFC3548 compatible base64 encoded full payload type: string type: object x-vmw-nsx-module: Traceflow x-vmw-nsx-module: Traceflow BridgeProfileConfig: description: |- configuration parameters for Bridge Profile properties: bridge_profile_path: description: |- Same bridge profile can be configured on different segments. Each bridge profile on a segment must unique. title: |- Policy path to L2 Bridge profile type: string uplink_teaming_policy_name: description: |- The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one fot he switching uplink teaming policy names listed in teh transport zone. When this property is not specified, the teaming policy is assigned by MP. title: |- Uplink Teaming Policy Name type: string vlan_ids: description: |- VLAN specification for bridge endpoint. Either VLAN ID or VLAN ranges can be specified. Not both. items: type: string title: |- VLAN IDs type: array vlan_transport_zone_path: description: |- VLAN transport zone should belong to the enforcment-point as the transport zone specified in the segment. title: |- Policy path to VLAN Transport Zone type: string required: - vlan_transport_zone_path - bridge_profile_path title: |- Bridge Profile Configuration type: object x-vmw-nsx-module: PolicyConnectivity ByodPolicyServiceInstance: allOf: - $ref: '#/definitions/BasePolicyServiceInstance' - type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Represents an instance of partner's service whose wiring will be done by partner itself. As partner does all the wiring, we call it as Byod - Bring your own device. title: |- Represents instance of self wiring partner's service x-vmw-nsx-module: PolicyServiceInsertion ChildBfdProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: BfdProfile: $ref: '#/definitions/BfdProfile' description: | Contains the actual BfdProfile object. title: |- Bfd Profile required: - BfdProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for BfdProfile, used in hierarchical API. title: |- Wrapper object for BfdProfile x-vmw-nsx-module: PolicyConnectivity ChildBgpNeighborConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: BgpNeighborConfig: $ref: '#/definitions/BgpNeighborConfig' description: | Contains the actual BgpNeighborConfig object. title: |- BgpNeighborConfig required: - BgpNeighborConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for BgpNeighborConfig, used in hierarchical API. title: |- Wrapper object for BgpNeighborConfig x-vmw-nsx-module: PolicyConnectivity ChildBgpRoutingConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: BgpRoutingConfig: $ref: '#/definitions/BgpRoutingConfig' description: | Contains the actual BgpRoutingConfig object. title: |- BgpRoutingConfig required: - BgpRoutingConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for BgpRoutingConfig, used in hierarchical API. title: |- Wrapper object for BgpRoutingConfig x-vmw-nsx-module: PolicyConnectivity ChildByodPolicyServiceInstance: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ByodPolicyServiceInstance: $ref: '#/definitions/ByodPolicyServiceInstance' description: | Contains actual ByodPolicyServiceInstance. title: |- ByodPolicyServiceInstance required: - ByodPolicyServiceInstance type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for ByodPolicyServiceInstance used in hierarchical API. title: |- Wrapper object for ByodPolicyServiceInstance x-vmw-nsx-module: PolicyServiceInsertion ChildCommunicationEntry: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: CommunicationEntry: $ref: '#/definitions/CommunicationEntry' description: | Contains the actual CommunicationEntry object. title: |- CommunicationEntry required: - CommunicationEntry type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for CommunicationEntry, used in hierarchical API This type is deprecated. Use the type ChildRule instead. title: |- Wrapper object for CommunicationEntry x-vmw-nsx-module: Policy ChildCommunicationMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: CommunicationMap: $ref: '#/definitions/CommunicationMap' description: | Contains the actual CommunicationMap object. title: |- CommunicationMap required: - CommunicationMap type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for CommunicationMap, used in hierarchical API This type is deprecated. Use the type ChildSecurityPolicy instead. title: |- Wrapper object for CommunicationMap x-vmw-nsx-module: Policy ChildCommunityList: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: CommunityList: $ref: '#/definitions/CommunityList' description: | Contains the actual CommunityList object title: |- CommunityList required: - CommunityList type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for CommunityList, used in hierarchical API title: |- Wrapper object for CommunityList x-vmw-nsx-module: PolicyConnectivity ChildComputeClusterIdfwConfiguration: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ComputeClusterIdfwConfiguration: $ref: '#/definitions/ComputeClusterIdfwConfiguration' description: | Contains the actual compute cluster idfw configuration object. title: |- ComputeClusterIdfwConfiguration required: - ComputeClusterIdfwConfiguration type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: |- Wrapper object for ComputeClusterIdfwConfiguration title: |- Wrapper object for ComputeClusterIdfwConfiguration x-vmw-nsx-module: PolicyFirewallConfiguration ChildConstraint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Constraint: $ref: '#/definitions/Constraint' description: | Contains the actual Constraint object title: |- Constraint required: - Constraint type: object x-vmw-nsx-module: PolicyConstraints description: |- Child wrapper object for Constraint, used in hierarchical API title: |- Wrapper object for Constraint x-vmw-nsx-module: PolicyConstraints ChildDeploymentZone: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DeploymentZone: $ref: '#/definitions/DeploymentZone' description: | Contains the actual DeploymentZone object title: |- DeploymentZone required: - DeploymentZone type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for DeploymentZone, used in hierarchical API title: |- Wrapper object for DeploymentZone x-vmw-nsx-module: PolicyEnforcementPointManagement ChildDfwFirewallConfiguration: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DfwFirewallConfiguration: $ref: '#/definitions/DfwFirewallConfiguration' description: | Contains the actual dfw firewall configuration list object. title: |- Dfw Firewall Configuration required: - DfwFirewallConfiguration type: object x-vmw-nsx-module: Policy description: |- Wrapper object for FirewallConfiguration title: |- Wrapper object for FirewallConfiguration x-vmw-nsx-module: Policy ChildDhcpRelayConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DhcpRelayConfig: $ref: '#/definitions/DhcpRelayConfig' description: | Contains the actual DhcpRelayConfig object title: |- DhcpRelayConfig required: - DhcpRelayConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for DhcpRelayConfig, used in hierarchical API title: |- Wrapper object for DhcpRelayConfig x-vmw-nsx-module: PolicyConnectivity ChildDhcpServerConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DhcpServerConfig: $ref: '#/definitions/DhcpServerConfig' description: | Contains the actual DhcpServerConfig object title: |- DhcpServerConfig required: - DhcpServerConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for DhcpServerConfig, used in hierarchical API title: |- Wrapper object for DhcpServerConfig x-vmw-nsx-module: PolicyConnectivity ChildDhcpStaticBindingConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DhcpStaticBindingConfig: $ref: '#/definitions/DhcpStaticBindingConfig' description: | Contains the actual DhcpStaticBindingConfig object. title: |- DhcpStaticBindingConfig required: - DhcpStaticBindingConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for DhcpStaticBindingConfig, used in hierarchical API. title: |- Wrapper object for DhcpStaticBindingConfig x-vmw-nsx-module: PolicyConnectivity ChildDnsSecurityProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DnsSecurityProfile: $ref: '#/definitions/DnsSecurityProfile' description: | Contains the actual DnsSecurityProfile object title: |- DnsSecurityProfile required: - DnsSecurityProfile type: object x-vmw-nsx-module: PolicyProfile description: |- Child wrapper object for DnsSecurityProfile, used in hierarchical API title: |- Wrapper object for DnsSecurityProfile x-vmw-nsx-module: PolicyProfile ChildDnsSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DnsSecurityProfileBindingMap: $ref: '#/definitions/DnsSecurityProfileBindingMap' description: | Contains the actual DnsSecurityProfileBindingMap object title: |- DnsSecurityProfileBindingMap required: - DnsSecurityProfileBindingMap type: object x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding description: | Child wrapper obejct for DnsSecurityProfileBindingMap used in hierarchical API title: |- Wrapper object for DnsSecurityProfileBindingMap x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding ChildDomain: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Domain: $ref: '#/definitions/Domain' description: | Contains the actual domain object. title: |- Domain required: - Domain type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for domain, used in hierarchical API. title: |- Wrapper object for Domain x-vmw-nsx-module: Policy ChildDomainDeploymentMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: DomainDeploymentMap: $ref: '#/definitions/DomainDeploymentMap' description: | Contains the actual DomainDeploymentMap object. title: |- DomainDeploymentMap required: - DomainDeploymentMap type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for DomainDeploymentMap, used in hierarchical API. title: |- Wrapper object for DomainDeploymentMap x-vmw-nsx-module: PolicyEnforcementPointManagement ChildEndpointPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EndpointPolicy: $ref: '#/definitions/EndpointPolicy' description: | Contains actual EndpointPolicy. title: |- EndpointPolicy required: - EndpointPolicy type: object x-vmw-nsx-module: PolicyGuestIntrospection description: | Child wrapper object for EndpointPolicy used in hierarchical API. title: |- Wrapper object for Endpoint Policy x-vmw-nsx-module: PolicyGuestIntrospection ChildEndpointRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EndpointRule: $ref: '#/definitions/EndpointRule' description: | Contains actual EndpointRule. title: |- EndpointRule required: - EndpointRule type: object x-vmw-nsx-module: PolicyGuestIntrospection description: | Child wrapper object for EndpointRule used in hierarchical API. title: |- Wrapper object for Endpoint Rule x-vmw-nsx-module: PolicyGuestIntrospection ChildEnforcementPoint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EnforcementPoint: $ref: '#/definitions/EnforcementPoint' description: | Contains the actual Enforcement point object. title: |- EnforcementPoint required: - EnforcementPoint type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for EnforcementPoint, used in hierarchical API. title: |- Wrapper object for EnforcementPoint x-vmw-nsx-module: PolicyEnforcementPointManagement ChildEvpnConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EvpnConfig: $ref: '#/definitions/EvpnConfig' description: | Contains the actual EvpnConfig object. title: |- EvpnConfig required: - EvpnConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for EvpnConfig, used in hierarchical API. title: |- Wrapper object for EvpnConfig x-vmw-nsx-module: PolicyConnectivity ChildEvpnTunnelEndpointConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: EvpnTunnelEndpointConfig: $ref: '#/definitions/EvpnTunnelEndpointConfig' description: | Contains the actual EvpnTunnelEndpointConfig object. title: |- EvpnTunnelEndpointConfig required: - EvpnTunnelEndpointConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for EvpnTunnelEndpointConfig, used in hierarchical API. title: |- Wrapper object for EvpnTunnelEndpointConfig x-vmw-nsx-module: PolicyConnectivity ChildFirewallIdentityStore: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: FirewallIdentityStore: $ref: '#/definitions/FirewallIdentityStore' description: | Contains the actual FirewallIdentityStore object. title: |- FirewallIdentityStore required: - FirewallIdentityStore type: object x-vmw-nsx-module: PolicyIdentity description: | Child wrapper for FirewallIdentityStore, used in hierarchical API. title: |- Wrapper object for FirewallIdentityStore x-vmw-nsx-module: PolicyIdentity ChildFloodProtectionProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: FloodProtectionProfile: $ref: '#/definitions/FloodProtectionProfile' description: | Contains the actual FloodProtectionProfile object title: |- FloodProtectionProfile required: - FloodProtectionProfile type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for FloodProtectionProfile, used in hierarchical API title: |- Wrapper object for FloodProtectionProfile x-vmw-nsx-module: PolicyProfile ChildFloodProtectionProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: FloodProtectionProfileBindingMap: $ref: '#/definitions/FloodProtectionProfileBindingMap' description: | Contains the actual FloodProtectionProfileBindingMap object title: |- FloodProtectionProfileBindingMap required: - FloodProtectionProfileBindingMap type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for FloodProtectionProfileBindingMap, used in hierarchical API title: |- Wrapper object for FloodProtectionProfileBindingMap x-vmw-nsx-module: PolicyProfile ChildForwardingPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ForwardingPolicy: $ref: '#/definitions/ForwardingPolicy' description: | Contains actual ForwardingPolicy. title: |- ForwardingPolicy required: - ForwardingPolicy type: object x-vmw-nsx-module: PolicyForwarding description: | Child wrapper object for ForwardingPolicy used in Hierarchical API. title: | Wrapper object for children of type ForwardingPolicy x-vmw-nsx-module: PolicyForwarding ChildForwardingRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ForwardingRule: $ref: '#/definitions/ForwardingRule' description: | Contains actual ForwardingRule. title: |- ForwardingRule required: - ForwardingRule type: object x-vmw-nsx-module: PolicyForwarding description: | Child wrapper object for ForwardingRule used in Hierarchical API. title: | Wrapper object for ForwardingRule x-vmw-nsx-module: PolicyForwarding ChildGatewayPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GatewayPolicy: $ref: '#/definitions/GatewayPolicy' description: | Contains the actual GatewayPolicy object title: |- GatewayPolicy required: - GatewayPolicy type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for GatewayPolicy, used in hierarchical API title: |- Wrapper object for GatewayPolicy x-vmw-nsx-module: Policy ChildGatewayQosProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: QosProfile: $ref: '#/definitions/GatewayQosProfile' description: | Contains the actual GatewayQosProfile object. title: |- GatewayQosProfile required: - QosProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for GatewayQosProfile, used in hierarchical API. title: |- Wrapper object for GatewayQosProfile x-vmw-nsx-module: PolicyConnectivity ChildGlobalConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GlobalConfig: $ref: '#/definitions/GlobalConfig' description: | Contains the actual GlobalConfig object. title: |- GlobalConfig required: - GlobalConfig type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for GlobalConfig, used in hierarchical API title: |- Wrapper object for GlobalConfig x-vmw-nsx-module: Policy ChildGlobalManager: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GlobalManager: $ref: '#/definitions/GlobalManager' description: | Contains the actual Global Manager object. title: |- GlobalManager required: - GlobalManager type: object x-vmw-nsx-module: PolicySiteGM description: |- Child wrapper object for Global Manager, used in hierarchical API. title: |- Wrapper object for Global Manager x-vmw-nsx-module: PolicySiteGM ChildGroup: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Group: $ref: '#/definitions/Group' description: | Contains the actual group objects. title: |- Group required: - Group type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for group, used in hierarchical API. title: |- Wrapper object for Group x-vmw-nsx-module: Policy ChildGroupDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GroupDiscoveryProfileBindingMap: $ref: '#/definitions/GroupDiscoveryProfileBindingMap' description: | Contains the actual GroupDiscoveryProfileBindingMap object title: |- GroupDiscoveryProfileBindingMap required: - GroupDiscoveryProfileBindingMap type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: | Child wrapper obejct for GroupDiscoveryProfileBindingMap used in hierarchical API title: |- Wrapper object for GroupDiscoveryProfileBindingMap x-vmw-nsx-module: PolicyDiscoveryProfileBinding ChildGroupMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: GroupMonitoringProfileBindingMap: $ref: '#/definitions/GroupMonitoringProfileBindingMap' description: | Contains the actual GroupMonitoringProfileBindingMap object title: |- GroupMonitoringProfileBindingMap required: - GroupMonitoringProfileBindingMap type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Child wrapper object for GroupMonitoringProfileBindingMap, used in hierarchical API title: |- Wrapper object for GroupMonitoringProfileBindingMap x-vmw-nsx-module: PolicyMonitoringProfileBinding ChildIPDiscoveryProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPDiscoveryProfile: $ref: '#/definitions/IPDiscoveryProfile' description: | Contains the actual IPDiscoveryProfile object title: |- IPDiscoveryProfile required: - IPDiscoveryProfile type: object x-vmw-nsx-module: PolicyIpDiscovery description: |- Child wrapper object for IPDiscoveryProfile, used in hierarchical API title: |- Wrapper object for IPDiscoveryProfile x-vmw-nsx-module: PolicyIpDiscovery ChildIPFIXDFWCollectorProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPFIXDFWCollectorProfile: $ref: '#/definitions/IPFIXDFWCollectorProfile' description: | Contains the actual IPFIXDFWCollectorProfile object title: |- IPFIXDFWCollectorProfile required: - IPFIXDFWCollectorProfile type: object x-vmw-nsx-module: PolicyIPFIXDFW description: |- Child wrapper object for IPFIXDFWCollectorProfile, used in hierarchical API title: |- Wrapper object for IPFIXDFWCollectorProfile x-vmw-nsx-module: PolicyIPFIXDFW ChildIPFIXDFWProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPFIXDFWProfile: $ref: '#/definitions/IPFIXDFWProfile' description: | Contains the actual IPFIXDFWProfile object title: |- IPFIXDFWProfile required: - IPFIXDFWProfile type: object x-vmw-nsx-module: PolicyIPFIXDFW description: |- Child wrapper object for IPFIXDFWProfile, used in hierarchical API title: |- Wrapper object for IPFIXDFWProfile x-vmw-nsx-module: PolicyIPFIXDFW ChildIPFIXL2CollectorProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPFIXL2CollectorProfile: $ref: '#/definitions/IPFIXL2CollectorProfile' description: | Contains the actual IPFIXL2CollectorProfile object title: |- IPFIXL2CollectorProfile required: - IPFIXL2CollectorProfile type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: |- Child wrapper object for IPFIXL2CollectorProfile, used in hierarchical API title: |- Wrapper object for IPFIXL2CollectorProfile x-vmw-nsx-module: PolicyIPFIXSwitch ChildIPFIXL2Profile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPFIXL2Profile: $ref: '#/definitions/IPFIXL2Profile' description: | Contains the actual IPFIXL2Profile object title: |- IPFIXL2Profile required: - IPFIXL2Profile type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: |- Child wrapper object for IPFIXL2Profile, used in hierarchical API title: |- Wrapper object for IPFIXL2Profile x-vmw-nsx-module: PolicyIPFIXSwitch ChildIPSecVpnDpdProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnDpdProfile: $ref: '#/definitions/IPSecVpnDpdProfile' description: | Contains the actual IPSecVpnDpdProfile object. title: |- IPSecVpnDpdProfile required: - IPSecVpnDpdProfile type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnDpdProfile, used in hierarchical API. title: |- Wrapper object for IPSecVpnDpdProfile x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnIkeProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnIkeProfile: $ref: '#/definitions/IPSecVpnIkeProfile' description: | Contains the actual IPSecVpnIkeProfile object. title: |- IPSecVpnIkeProfile required: - IPSecVpnIkeProfile type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnIkeProfile, used in hierarchical API. title: |- Wrapper object for IPSecVpnIkeProfile x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnLocalEndpoint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnLocalEndpoint: $ref: '#/definitions/IPSecVpnLocalEndpoint' description: | Contains the actual IPSecVpnLocalEndpoint object. title: |- IPSecVpnLocalEndpoint required: - IPSecVpnLocalEndpoint type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnLocalEndpoint, used in hierarchical API. title: |- Wrapper object for IPSecVpnLocalEndpoint x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnService: $ref: '#/definitions/IPSecVpnService' description: | Contains the actual IPSecVpnService object. title: |- IPSecVpnService required: - IPSecVpnService type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnService, used in hierarchical API. title: |- Wrapper object for IPSecVpnService x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnSession: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnSession: $ref: '#/definitions/IPSecVpnSession' description: | Contains the actual IPSecVpnSession object. title: |- IPSecVpnSession required: - IPSecVpnSession type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnSession, used in hierarchical API. title: |- Wrapper object for IPSecVpnSession x-vmw-nsx-module: PolicyIPSecVpn ChildIPSecVpnTunnelProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IPSecVpnTunnelProfile: $ref: '#/definitions/IPSecVpnTunnelProfile' description: | Contains the actual IPSecVpnTunnelProfile object title: |- IPSecVpnTunnelProfile required: - IPSecVpnTunnelProfile type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Child wrapper object for IPSecVpnTunnelProfile, used in hierarchical API. title: |- Wrapper object for IPSecVpnTunnelProfile x-vmw-nsx-module: PolicyIPSecVpn ChildIdsClusterConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsClusterConfig: $ref: '#/definitions/IdsClusterConfig' description: | Contains the IdsClusterConfig object title: |- IdsClusterConfig required: - IdsClusterConfig type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsClusterConfig, used in hierarchical API title: |- Wrapper object for IdsClusterConfig x-vmw-nsx-module: PolicyIDS ChildIdsProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsProfile: $ref: '#/definitions/IdsProfile' description: | Contains the IdsProfile object title: |- IdsProfile required: - IdsProfile type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsProfile, used in hierarchical API title: |- Wrapper object for IdsProfile x-vmw-nsx-module: PolicyIDS ChildIdsRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsRule: $ref: '#/definitions/IdsRule' description: | Contains the IdsRule object title: |- IdsRule required: - IdsRule type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsRule, used in hierarchical API title: |- Wrapper object for IdsRule x-vmw-nsx-module: PolicyIDS ChildIdsSecurityPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsSecurityPolicy: $ref: '#/definitions/IdsSecurityPolicy' description: | Contains the IdsSecurityPolicy object title: |- IdsSecurityPolicy required: - IdsSecurityPolicy type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsSecurityPolicy, used in hierarchical API title: |- Wrapper object for IdsSecurityPolicy x-vmw-nsx-module: PolicyIDS ChildIdsSignature: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsSignature: $ref: '#/definitions/IdsSignature' description: | Contains the IdsSignature object title: |- IdsSignature required: - IdsSignature type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsSignature, used in hierarchical API title: |- Wrapper object for IdsSignature x-vmw-nsx-module: PolicyIDS ChildIdsStandaloneHostConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IdsStandaloneHostConfig: $ref: '#/definitions/IdsStandaloneHostConfig' description: | Contains the IdsStandaloneHostConfig object title: |- IdsStandaloneHostConfig required: - IdsStandaloneHostConfig type: object x-vmw-nsx-module: PolicyIDS description: |- Child wrapper object for IdsStandaloneHostConfig, used in hierarchical API title: |- Wrapper object for IdsStandaloneHostConfig x-vmw-nsx-module: PolicyIDS ChildIpAddressAllocation: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IpAddressAllocation: $ref: '#/definitions/IpAddressAllocation' description: | Contains the actual IpAddressAllocation object title: |- IpAddressAllocation required: - IpAddressAllocation type: object x-vmw-nsx-module: PolicyIpam description: |- Child wrapper object for IpAddressAllocation, used in hierarchical API title: |- Wrapper object for IpAddressAllocation x-vmw-nsx-module: PolicyIpam ChildIpAddressBlock: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IpAddressBlock: $ref: '#/definitions/IpAddressBlock' description: | Contains the actual IpAddressBlock object title: |- IpAddressBlock required: - IpAddressBlock type: object x-vmw-nsx-module: PolicyIpam description: |- Child wrapper object for IpAddressBlock, used in hierarchical API title: |- Wrapper object for IpAddressBlock x-vmw-nsx-module: PolicyIpam ChildIpAddressPool: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IpAddressPool: $ref: '#/definitions/IpAddressPool' description: | Contains the actual IpAddressPool object title: |- IpAddressPool required: - IpAddressPool type: object x-vmw-nsx-module: PolicyIpam description: |- Child wrapper object for IpAddressPool, used in hierarchical API title: |- Wrapper object for IpAddressPool x-vmw-nsx-module: PolicyIpam ChildIpAddressPoolSubnet: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: IpAddressPoolSubnet: $ref: '#/definitions/IpAddressPoolSubnet' description: | Contains the actual IpAddressPoolSubnet object title: |- IpAddressPoolSubnet required: - IpAddressPoolSubnet type: object x-vmw-nsx-module: PolicyIpam description: |- Child wrapper object for IpAddressPoolSubnet, used in hierarchical API title: |- Wrapper object for IpAddressPoolSubnet x-vmw-nsx-module: PolicyIpam ChildIpv6DadProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Ipv6DadProfile: $ref: '#/definitions/Ipv6DadProfile' description: | Contains the actual Ipv6DadProfile objects title: |- Ipv6DadProfile required: - Ipv6DadProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Ipv6DadProfile, used in hierarchical API title: |- Wrapper object for Ipv6DadProfile x-vmw-nsx-module: PolicyConnectivity ChildIpv6NdraProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Ipv6NdraProfile: $ref: '#/definitions/Ipv6NdraProfile' description: | Contains the actual Ipv6NdraProfile objects title: |- Ipv6NdraProfile required: - Ipv6NdraProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Ipv6NdraProfile, used in hierarchical API title: |- Wrapper object for Ipv6NdraProfile x-vmw-nsx-module: PolicyConnectivity ChildL2BridgeEndpointProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2BridgeEndpointProfile: $ref: '#/definitions/L2BridgeEndpointProfile' description: |- Contains the actual L2BridgeEndpointProfile object title: |- L2BridgeEndpointProfile required: - L2BridgeEndpointProfile type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for L2BridgeEndpointProfile, used in hierarchical API title: |- Wrapper object for L2BridgeEndpointProfile x-vmw-nsx-module: PolicyConnectivity ChildL2VPNService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2VPNService: $ref: '#/definitions/L2VPNService' description: | Contains the actual L2VPNService object. title: |- L2VPNService required: - L2VPNService type: object x-vmw-nsx-module: PolicyLayer2VPN description: |- Child wrapper object for L2VPNService, used in hierarchical API. title: |- Wrapper object for L2VPNService x-vmw-nsx-module: PolicyLayer2VPN ChildL2VPNSession: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2VPNSession: $ref: '#/definitions/L2VPNSession' description: | Contains the actual L2VPNSession object. title: |- L2VPNSession required: - L2VPNSession type: object x-vmw-nsx-module: PolicyLayer2VPN description: |- Child wrapper object for L2VPNSession, used in hierarchical API. title: |- Wrapper object for L2VPNSession x-vmw-nsx-module: PolicyLayer2VPN ChildL2Vpn: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2Vpn: $ref: '#/definitions/L2Vpn' description: | Contains the actual L2Vpn object. title: |- L2Vpn required: - L2Vpn type: object x-vmw-nsx-module: PolicyL2Vpn description: |- Child wrapper object for L2Vpn, used in hierarchical API. title: |- Wrapper object for L2Vpn x-vmw-nsx-module: PolicyL2Vpn ChildL2VpnContext: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L2VpnContext: $ref: '#/definitions/L2VpnContext' description: | Contains the actual L2VpnContext object. title: |- L2VpnContext required: - L2VpnContext type: object x-vmw-nsx-module: PolicyL2Vpn description: |- Child wrapper object for L2VpnContext, used in hierarchical API. title: |- Wrapper object for L2VpnContext x-vmw-nsx-module: PolicyL2Vpn ChildL3Vpn: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L3Vpn: $ref: '#/definitions/L3Vpn' description: | Contains the actual L3Vpn object. title: |- L3Vpn required: - L3Vpn type: object x-vmw-nsx-module: PolicyL3Vpn description: |- Child wrapper object for L3Vpn, used in hierarchical API. title: |- Wrapper object for L3Vpn x-vmw-nsx-module: PolicyL3Vpn ChildL3VpnContext: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: L3VpnContext: $ref: '#/definitions/L3VpnContext' description: | Contains the actual L3VpnContext object. title: |- L3VpnContext required: - L3VpnContext type: object x-vmw-nsx-module: PolicyL3Vpn description: |- Child wrapper object for L3VpnContext, used in hierarchical API. title: |- Wrapper object for L3VpnContext x-vmw-nsx-module: PolicyL3Vpn ChildLBAppProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBAppProfile: $ref: '#/definitions/LBAppProfile' description: | Contains the actual LBAppProfile object. title: |- LBAppProfile required: - LBAppProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBAppProfile, used in hierarchical API. title: |- Wrapper object for LBAppProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBClientSslProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBClientSslProfile: $ref: '#/definitions/LBClientSslProfile' description: | Contains the actual LBClientSslProfile object. title: |- LBClientSslProfile required: - LBClientSslProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBClientSslProfile, used in hierarchical API. title: |- Wrapper object for LBClientSslProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBMonitorProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBMonitorProfile: $ref: '#/definitions/LBMonitorProfile' description: | Contains the actual LBMonitorProfile object. title: |- LBMonitorProfile required: - LBMonitorProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBMonitorProfile, used in hierarchical API. title: |- Wrapper object for LBMonitorProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBPersistenceProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBPersistenceProfile: $ref: '#/definitions/LBPersistenceProfile' description: | Contains the actual LBPersistenceProfile object. title: |- LBPersistenceProfile required: - LBPersistenceProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBPersistenceProfile, used in hierarchical API. title: |- Wrapper object for LBPersistenceProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBPool: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBPool: $ref: '#/definitions/LBPool' description: | Contains the actual LBPool object. title: |- LBPool required: - LBPool type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Child wrapper for LBPool, used in hierarchical API. title: |- Wrapper object for LBPool x-vmw-nsx-module: PolicyLoadBalancer ChildLBServerSslProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBServerSslProfile: $ref: '#/definitions/LBServerSslProfile' description: | Contains the actual LBServerSslProfile object. title: |- LBServerSslProfile required: - LBServerSslProfile type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBServerSslProfile, used in hierarchical API. title: |- Wrapper object for LBServerSslProfile x-vmw-nsx-module: PolicyLoadBalancer ChildLBService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBService: $ref: '#/definitions/LBService' description: | Contains the actual LBService object. title: |- LBService required: - LBService type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBService, used in hierarchical API. title: |- Wrapper object for LBService x-vmw-nsx-module: PolicyLoadBalancer ChildLBVirtualServer: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LBVirtualServer: $ref: '#/definitions/LBVirtualServer' description: | Contains the actual LBVirtualServer object. title: |- LBVirtualServer required: - LBVirtualServer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Child wrapper for LBVirtualServer, used in hierarchical API. title: |- Wrapper object for LBVirtualServer x-vmw-nsx-module: PolicyLoadBalancer ChildLocaleServices: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: LocaleServices: $ref: '#/definitions/LocaleServices' description: | Contains the actual LocaleServices object title: |- LocaleServices required: - LocaleServices type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for LocaleServices, used in hierarchical API title: |- Wrapper object for LocaleServices x-vmw-nsx-module: PolicyConnectivity ChildMacDiscoveryProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: MacDiscoveryProfile: $ref: '#/definitions/MacDiscoveryProfile' description: | Contains the actual MacDiscoveryProfile object title: |- MacDiscoveryProfile required: - MacDiscoveryProfile type: object x-vmw-nsx-module: PolicyMacDiscovery description: |- Child wrapper object for MacDiscoveryProfile, used in hierarchical API title: |- Wrapper object for MacDiscoveryProfile x-vmw-nsx-module: PolicyMacDiscovery ChildMetadataProxyConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: MetadataProxyConfig: $ref: '#/definitions/MetadataProxyConfig' description: | Contains the actual MetadataProxyConfig object. title: |- MetadataProxyConfig required: - MetadataProxyConfig type: object x-vmw-nsx-module: PolicyMetadataProxy description: |- Wrapper object for MetadataProxyConfig title: |- Wrapper object for MetadataProxyConfig x-vmw-nsx-module: PolicyMetadataProxy ChildPolicyConfigResource: allOf: - $ref: '#/definitions/ManagedResource' - discriminator: resource_type properties: mark_for_override: default: false description: |- Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. title: |- Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. type: boolean marked_for_delete: default: false description: | If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. title: |- Indicates whether the intent object is marked for deletion type: boolean resource_type: type: string required: - resource_type type: object x-vmw-nsx-module: Policy description: |- Represents an object on the desired state title: |- Represents the desired state object as child resource x-vmw-nsx-module: Policy ChildPolicyContextProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyContextProfile: $ref: '#/definitions/PolicyContextProfile' description: | Contains the actual PolicyContextProfile objects title: |- PolicyContextProfile required: - PolicyContextProfile type: object x-vmw-nsx-module: PolicyContextProfile description: |- Child wrapper object for PolicyContextProfile, used in hierarchical API title: |- Wrapper object for PolicyContextProfile x-vmw-nsx-module: PolicyContextProfile ChildPolicyDnsForwarder: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyDnsForwarder: $ref: '#/definitions/PolicyDnsForwarder' description: | Contains the actual PolicyDnsForwarder object title: |- PolicyDnsForwarder required: - PolicyDnsForwarder type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Child wrapper object for PolicyDnsForwarder, used in hierarchical API title: |- Wrapper object for PolicyDnsForwarder x-vmw-nsx-module: PolicyDnsForwarder ChildPolicyDnsForwarderZone: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyDnsForwarderZone: $ref: '#/definitions/PolicyDnsForwarderZone' description: | Contains the actual PolicyDnsForwarderZone object title: |- PolicyDnsForwarderZone required: - PolicyDnsForwarderZone type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Child wrapper object for PolicyDnsForwarderZone, used in hierarchical API title: |- Wrapper object for PolicyDnsForwarderZone x-vmw-nsx-module: PolicyDnsForwarder ChildPolicyEdgeCluster: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyEdgeCluster: $ref: '#/definitions/PolicyEdgeCluster' description: | Contains the actual PolicyEdgeCluster object. title: |- PolicyEdgeCluster required: - PolicyEdgeCluster type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for PolicyEdgeCluster, used in hierarchical API. title: |- Wrapper object for PolicyEdgeCluster x-vmw-nsx-module: PolicyEnforcementPointManagement ChildPolicyEdgeNode: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyEdgeNode: $ref: '#/definitions/PolicyEdgeNode' description: | Contains the actual PolicyEdgeNode object. title: |- PolicyEdgeNode required: - PolicyEdgeNode type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for PolicyEdgeNode, used in hierarchical API. title: |- Wrapper object for PolicyEdgeNode x-vmw-nsx-module: PolicyEnforcementPointManagement ChildPolicyExcludeList: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyExcludeList: $ref: '#/definitions/PolicyExcludeList' description: | Contains the actual policy exclude list object. title: |- PolicyExcludeList required: - PolicyExcludeList type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: |- Wrapper object for PolicyExcludeList title: |- Wrapper object for PolicyExcludeList x-vmw-nsx-module: PolicyFirewallConfiguration ChildPolicyFirewallCPUMemThresholdsProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallCPUMemThresholdsProfileBindingMap: $ref: '#/definitions/PolicyFirewallCPUMemThresholdsProfileBindingMap' description: | Contains the actual PolicyFirewallCPUMemThresholdsProfileBindingMap object. title: |- PolicyFirewallCPUMemThresholdsProfileBindingMap required: - PolicyFirewallCPUMemThresholdsProfileBindingMap type: object x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding description: | Child wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap, used in hierarchical API. title: |- Wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding ChildPolicyFirewallCpuMemThresholdsProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallCpuMemThresholdsProfile: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' description: | Contains the actual PolicyFirewallCpuMemThresholdsProfile object title: |- PolicyFirewallCpuMemThresholdsProfile required: - PolicyFirewallCpuMemThresholdsProfile type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for PolicyFirewallCpuMemThresholdsProfile, used in hierarchical API. title: |- Wrapper object for PolicyFirewallCpuMemThresholdsProfile x-vmw-nsx-module: PolicyProfile ChildPolicyFirewallFloodProtectionProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallFloodProtectionProfileBindingMap: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' description: | Contains the actual PolicyFirewallFloodProtectionProfileBindingMap object title: |- PolicyFirewallFloodProtectionProfileBindingMap required: - PolicyFirewallFloodProtectionProfileBindingMap type: object x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding description: | Child wrapper object for PolicyFirewallFloodProtectionProfileBindingMap, used in hierarchical API title: |- Wrapper object for PolicyFirewallFloodProtectionProfileBindingMap x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding ChildPolicyFirewallScheduler: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallScheduler: $ref: '#/definitions/PolicyFirewallScheduler' description: | Contains the actual PolicyFirewallScheduler objects title: |- PolicyFirewallScheduler required: - PolicyFirewallScheduler type: object x-vmw-nsx-module: PolicyFirewallScheduler description: |- Child wrapper object for PolicyFirewallScheduler, used in hierarchical API title: |- Wrapper object for PolicyFirewallScheduler x-vmw-nsx-module: PolicyFirewallScheduler ChildPolicyFirewallSessionTimerProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallSessionTimerProfile: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' description: | Contains the actual PolicyFirewallSessionTimerProfile object title: |- PolicyFirewallSessionTimerProfile required: - PolicyFirewallSessionTimerProfile type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfile description: | Child wrapper object for PolicyFirewallSessionTimerProfile, used in hierarchical API title: |- Wrapper object for PolicyFirewallSessionTimerProfile x-vmw-nsx-module: PolicyFirewallSessionTimerProfile ChildPolicyFirewallSessionTimerProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyFirewallSessionTimerProfileBindingMap: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' description: | Contains the actual PolicyFirewallSessionTimerProfileBindingMap object title: |- PolicyFirewallSessionTimerProfileBindingMap required: - PolicyFirewallSessionTimerProfileBindingMap type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding description: | Child wrapper object for PolicyFirewallSessionTimerProfileBindingMap, used in hierarchical API title: |- Wrapper object for PolicyFirewallSessionTimerProfileBindingMap x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding ChildPolicyIgmpProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyIgmpProfile: $ref: '#/definitions/PolicyIgmpProfile' description: | Contains actual PolicyIgmpProfile. title: |- PolicyIgmpProfile required: - PolicyIgmpProfile type: object x-vmw-nsx-module: PolicyMulticast description: | Child wrapper object for PolicyIgmpProfile used in hierarchical API. title: |- Wrapper object for PolicyIgmpProfile x-vmw-nsx-module: PolicyMulticast ChildPolicyLabel: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLabel: $ref: '#/definitions/PolicyLabel' description: | Contains the actual PolicyLabel object title: |- PolicyLabel required: - PolicyLabel type: object x-vmw-nsx-module: PolicyLabel description: |- Child wrapper object for PolicyLabel, used in hierarchical API title: |- Wrapper object for PolicyLabel x-vmw-nsx-module: PolicyLabel ChildPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbMonitorProfile: $ref: '#/definitions/PolicyLbMonitorProfile' description: | Contains the actual PolicyLbMonitorProfile object title: |- PolicyLbMonitorProfile required: - PolicyLbMonitorProfile type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Child wrapper for PolicyLbMonitorProfile, used in hierarchical API title: |- Wrapper object for PolicyLbMonitorProfile x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbPersistenceProfile: $ref: '#/definitions/PolicyLbPersistenceProfile' description: | Contains the actual PolicyLbPersistenceProfile object title: |- PolicyLbPersistenceProfile required: - PolicyLbPersistenceProfile type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Child wrapper for PolicyLbPersistenceProfile, used in hierarchical API title: |- Wrapper object for PolicyLbPersistenceProfile x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyLbPoolAccess: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbPoolAccess: $ref: '#/definitions/PolicyLbPoolAccess' description: | Contains the actual PolicyLbPoolAccess object title: |- PolicyLbPoolAccess required: - PolicyLbPoolAccess type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: |- Child wrapper for PolicyLbPoolAccess, used in hierarchical API title: |- Wrapper object for PolicyLbPoolAccess x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyLbRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbRule: $ref: '#/definitions/PolicyLbRule' description: | Contains the actual PolicyLbRule object title: |- PolicyLbRule required: - PolicyLbRule type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: |- Child wrapper for PolicyLbRule, used in hierarchical API title: |- Wrapper object for PolicyLbRule x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyLbVirtualServer: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyLbVirtualServer: $ref: '#/definitions/PolicyLbVirtualServer' description: | Contains the actual PolicyLbVirtualServer object title: |- PolicyLbVirtualServer required: - PolicyLbVirtualServer type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Child wrapper for PolicyLbVirtualServer, used in hierarchical API title: |- Wrapper object for PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer ChildPolicyMulticastConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyMulticastConfig: $ref: '#/definitions/PolicyMulticastConfig' description: | Contains actual PolicyMulticastConfig. title: |- PolicyMulticastConfig required: - PolicyMulticastConfig type: object x-vmw-nsx-module: PolicyMulticast description: |- Child wrapper object for PolicyMulticastConfig used in hierarchical API. title: |- Wrapper object for PolicyMulticastConfig x-vmw-nsx-module: PolicyMulticast ChildPolicyNat: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyNat: $ref: '#/definitions/PolicyNat' description: | Contains the actual PolicyNAT object title: |- PolicyNat required: - PolicyNat type: object x-vmw-nsx-module: PolicyNAT description: |- Child wrapper object for PolicyNat, used in hierarchical API title: |- Wrapper object for PolicyNat x-vmw-nsx-module: PolicyNAT ChildPolicyNatRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyNatRule: $ref: '#/definitions/PolicyNatRule' description: | Contains the actual PolicyNatRule object title: |- PolicyNatRule required: - PolicyNatRule type: object x-vmw-nsx-module: PolicyNAT description: |- Child wrapper object for PolicyNatRule, used in hierarchical API title: |- Wrapper object for PolicyNatRule x-vmw-nsx-module: PolicyNAT ChildPolicyPimProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyPimProfile: $ref: '#/definitions/PolicyPimProfile' description: | Contains actual PolicyPimProfile. title: |- PolicyPimProfile required: - PolicyPimProfile type: object x-vmw-nsx-module: PolicyMulticast description: | Child wrapper object for PolicyPimProfile used in hierarchical API. title: |- Wrapper object for PolicyPimProfile x-vmw-nsx-module: PolicyMulticast ChildPolicyServiceChain: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyServiceChain: $ref: '#/definitions/PolicyServiceChain' description: | Contains actual PolicyServiceChain. title: |- PolicyServiceChain required: - PolicyServiceChain type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for PolicyServiceInstance used in hierarchical API. title: |- Wrapper object for PolicyServiceChain x-vmw-nsx-module: PolicyServiceInsertion ChildPolicyServiceInstance: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyServiceInstance: $ref: '#/definitions/PolicyServiceInstance' description: | Contains actual PolicyServiceInstance. title: |- PolicyServiceInstance required: - PolicyServiceInstance type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for PolicyServiceInstance used in hierarchical API. title: |- Wrapper object for PolicyServiceInstance x-vmw-nsx-module: PolicyServiceInsertion ChildPolicyServiceProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyServiceProfile: $ref: '#/definitions/PolicyServiceProfile' description: | Contains actual PolicyServiceProfile. title: |- PolicyServiceProfile required: - PolicyServiceProfile type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for PolicyServiceProfile used in hierarchical API. title: |- Wrapper object for PolicyServiceProfile x-vmw-nsx-module: PolicyServiceInsertion ChildPolicyTransportZone: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyTransportZone: $ref: '#/definitions/PolicyTransportZone' description: | Contains the actual PolicyTransportZone object. title: |- PolicyTransportZone required: - PolicyTransportZone type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for PolicyTransportZone, used in hierarchical API. title: |- Wrapper object for PolicyTransportZone x-vmw-nsx-module: PolicyEnforcementPointManagement ChildPolicyUrlCategorizationConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PolicyUrlCategorizationConfig: $ref: '#/definitions/PolicyUrlCategorizationConfig' description: | Contains the actual PolicyUrlCategorizationConfig object title: |- URL Categorization Config required: - PolicyUrlCategorizationConfig type: object x-vmw-nsx-module: PolicyUrlCategorization description: |- Child wrapper object for PolicyUrlCategorizationConfig, used in hierarchical API title: |- Wrapper object for PolicyUrlCategorizationConfig x-vmw-nsx-module: PolicyUrlCategorization ChildPortDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortDiscoveryProfileBindingMap: $ref: '#/definitions/PortDiscoveryProfileBindingMap' description: | Contains the actual PortDiscoveryProfileBindingMap object title: |- PortDiscoveryProfileBindingMap required: - PortDiscoveryProfileBindingMap type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Child wrapper object for PortDiscoveryProfileBindingMap, used in hierarchical API title: |- Wrapper object for PortDiscoveryProfileBindingMap x-vmw-nsx-module: PolicyDiscoveryProfileBinding ChildPortMirroringProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortMirroringProfile: $ref: '#/definitions/PortMirroringProfile' description: | Contains the actual PortMirroringProfile object title: |- PortMirroringProfile required: - PortMirroringProfile type: object x-vmw-nsx-module: PolicyPortMirroring description: |- Child wrapper object for PortMirroringProfile, used in hierarchical API title: |- Wrapper object for PortMirroringProfile x-vmw-nsx-module: PolicyPortMirroring ChildPortMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortMonitoringProfileBindingMap: $ref: '#/definitions/PortMonitoringProfileBindingMap' description: | Contains the actual PortMonitoringProfileBindingMap object title: |- PortMonitoringProfileBindingMap required: - PortMonitoringProfileBindingMap type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Child wrapper object for PortMonitoringProfileBindingMap, used in hierarchical API title: |- Wrapper object for PortMonitoringProfileBindingMap x-vmw-nsx-module: PolicyMonitoringProfileBinding ChildPortQoSProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortQoSProfileBindingMap: $ref: '#/definitions/PortQoSProfileBindingMap' description: | Contains the actual PortQoSProfileBindingMap object title: |- PortQoSProfileBindingMap required: - PortQoSProfileBindingMap type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Child wrapper object for PortQoSProfileBindingMap, used in hierarchical API title: |- Wrapper object for PortQoSProfileBindingMap x-vmw-nsx-module: PolicyQoSProfileBinding ChildPortSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PortSecurityProfileBindingMap: $ref: '#/definitions/PortSecurityProfileBindingMap' description: | Contains the actual PortSecurityProfileBindingMap object title: |- PortSecurityProfileBindingMap required: - PortSecurityProfileBindingMap type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Child wrapper object for PortSecurityProfileBindingMap, used in hierarchical API title: |- Wrapper object for PortSecurityProfileBindingMap x-vmw-nsx-module: PolicySecurityProfileBinding ChildPrefixList: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: PrefixList: $ref: '#/definitions/PrefixList' description: | Contains the actual PrefixList object. title: |- PrefixList required: - PrefixList type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for PrefixList, used in hierarchical API. title: |- Wrapper object for PrefixList x-vmw-nsx-module: PolicyConnectivity ChildQoSProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: QoSProfile: $ref: '#/definitions/QoSProfile' description: | Contains the actual QoSProfile object title: |- QoSProfile required: - QoSProfile type: object x-vmw-nsx-module: PolicyQoS description: |- Child wrapper object for QoSProfile, used in hierarchical API title: |- Wrapper object for QoSProfile x-vmw-nsx-module: PolicyQoS ChildReaction: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Reaction: $ref: '#/definitions/Reaction' description: | Contains the actual Reaction object. title: |- Reaction required: - Reaction type: object x-vmw-nsx-module: PolicyReaction description: | Child wrapper object for Reaction used in hierarchical API. title: |- Wrapper object for Reaction x-vmw-nsx-module: PolicyReaction ChildRedirectionPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: RedirectionPolicy: $ref: '#/definitions/RedirectionPolicy' description: | Contains actual RedirectionPolicy. title: |- RedirectionPolicy required: - RedirectionPolicy type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for RedirectionPolicy used in Hierarchical API. title: | Wrapper object for RedirectionPolicy x-vmw-nsx-module: PolicyServiceInsertion ChildRedirectionRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: RedirectionRule: $ref: '#/definitions/RedirectionRule' description: | Contains actual RedirectionRule. title: |- RedirectionRule required: - RedirectionRule type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for ChildRedirectionRule used in Hierarchical API. title: | Wrapper object for RedirectionRule x-vmw-nsx-module: PolicyServiceInsertion ChildResourceReference: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: children: description: | subtree for this type within policy tree containing nested elements. items: $ref: '#/definitions/ChildPolicyConfigResource' title: |- subtree for this type within policy tree type: array target_type: description: |- The target type of this reference title: |- The target type of this reference type: string required: - target_type type: object x-vmw-nsx-module: Policy description: |- Represents a reference to ChildPolicyConfigResource in the hierarchical API. resource_type, id and target_type are mandatory fields. title: |- Represents the reference to ChildPolicyConfigResource x-vmw-nsx-module: Policy ChildRule: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Rule: $ref: '#/definitions/Rule' description: | Contains the actual Rule object title: |- Rule required: - Rule type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for Rule, used in hierarchical API title: |- Wrapper object for Rule x-vmw-nsx-module: Policy ChildSecurityPolicy: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SecurityPolicy: $ref: '#/definitions/SecurityPolicy' description: | Contains the actual SecurityPolicy object title: |- SecurityPolicy required: - SecurityPolicy type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for SecurityPolicy, used in hierarchical API title: |- Wrapper object for SecurityPolicy x-vmw-nsx-module: Policy ChildSegment: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Segment: $ref: '#/definitions/Segment' description: | Contains the actual Segment object. title: |- Segment required: - Segment type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Segment, used in hierarchical API. title: |- Wrapper object for Segment x-vmw-nsx-module: PolicyConnectivity ChildSegmentDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentDiscoveryProfileBindingMap: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' description: | Contains the actual SegmentDiscoveryProfileBindingMap object title: |- SegmentDiscoveryProfileBindingMap required: - SegmentDiscoveryProfileBindingMap type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Child wrapper object for SegmentDiscoveryProfileBindingMap, used in hierarchical API title: |- Wrapper object for SegmentDiscoveryProfileBindingMap x-vmw-nsx-module: PolicyDiscoveryProfileBinding ChildSegmentMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentMonitoringProfileBindingMap: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' description: | Contains the actual SegmentMonitoringProfileBindingMap object title: |- SegmentMonitoringProfileBindingMap required: - SegmentMonitoringProfileBindingMap type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Child wrapper object for SegmentMonitoringProfileBindingMap, used in hierarchical API title: |- Wrapper object for SegmentMonitoringProfileBindingMap x-vmw-nsx-module: PolicyMonitoringProfileBinding ChildSegmentPort: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentPort: $ref: '#/definitions/SegmentPort' description: | Contains the actual SegmentPort object title: |- SegmentPort required: - SegmentPort type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for SegmentPort, used in hierarchical API title: |- Wrapper object for SegmentPort x-vmw-nsx-module: PolicyConnectivity ChildSegmentQoSProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentQoSProfileBindingMap: $ref: '#/definitions/SegmentQoSProfileBindingMap' description: | Contains the actual SegmentQoSProfileBindingMap object title: |- SegmentQoSProfileBindingMap required: - SegmentQoSProfileBindingMap type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Child wrapper object for SegmentQoSProfileBindingMap, used in hierarchical API title: |- Wrapper object for SegmentQoSProfileBindingMap x-vmw-nsx-module: PolicyQoSProfileBinding ChildSegmentSecurityProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentSecurityProfile: $ref: '#/definitions/SegmentSecurityProfile' description: | Contains the actual SegmentSecurityProfile object title: |- SegmentSecurityProfile required: - SegmentSecurityProfile type: object x-vmw-nsx-module: PolicySegmentSecurity description: |- Child wrapper object for SegmentSecurityProfile, used in hierarchical API title: |- Wrapper object for SegmentSecurityProfile x-vmw-nsx-module: PolicySegmentSecurity ChildSegmentSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SegmentSecurityProfileBindingMap: $ref: '#/definitions/SegmentSecurityProfileBindingMap' description: | Contains the actual SegmentSecurityProfileBindingMap object title: |- SegmentSecurityProfileBindingMap required: - SegmentSecurityProfileBindingMap type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Child wrapper object for SegmentSecurityProfileBindingMap, used in hierarchical API title: |- Wrapper object for SegmentSecurityProfileBindingMap x-vmw-nsx-module: PolicySecurityProfileBinding ChildService: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Service: $ref: '#/definitions/Service' description: | Contains the actual Service object. title: |- Service required: - Service type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for Service, used in hierarchical API. title: |- Wrapper object for Service x-vmw-nsx-module: Policy ChildServiceEntry: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Service: $ref: '#/definitions/ServiceEntry' description: | This is a deprecated property, Please use 'ServiceEntry' instead. title: |- ServiceEntry x-deprecated: true ServiceEntry: $ref: '#/definitions/ServiceEntry' description: | Contains the actual ServiceEntry object. title: |- ServiceEntry required: - ServiceEntry type: object x-vmw-nsx-module: Policy description: |- Child wrapper object for ServiceEntry, used in hierarchical API. title: |- Wrapper object for ServiceEntry x-vmw-nsx-module: Policy ChildServiceInstanceEndpoint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ServiceInstanceEndpoint: $ref: '#/definitions/ServiceInstanceEndpoint' description: | Contains actual ServiceInstanceEndpoint. title: |- ServiceInstanceEndpoint required: - ServiceInstanceEndpoint type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for ServiceInstanceEndpoint used in hierarchical API. title: |- Wrapper object for ServiceInstanceEndpoint x-vmw-nsx-module: PolicyServiceInsertion ChildServiceInterface: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ServiceInterface: $ref: '#/definitions/ServiceInterface' description: | Contains the actual ServiceInterface object. title: |- ServiceInterface required: - ServiceInterface type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for ServiceInterface, used in hierarchical API. title: |- Wrapper object for ServiceInterface x-vmw-nsx-module: PolicyConnectivity ChildServiceReference: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ServiceReference: $ref: '#/definitions/ServiceReference' description: | Contains actual ServiceReference. title: |- ServiceReference required: - ServiceReference type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for ServiceReference used in hierarchical API. title: |- Wrapper object for ServiceReference x-vmw-nsx-module: PolicyServiceInsertion ChildServiceSegment: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: ServiceSegment: $ref: '#/definitions/ServiceSegment' description: | Contains the actual ServiceSegment objects title: |- ServiceSegments required: - ServiceSegment type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for ServiceSegment, used in hierarchical API title: |- Wrapper object for SerivceSegment x-vmw-nsx-module: PolicyConnectivity ChildSessionTimerProfileBindingMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SessionTimerProfileBindingMap: $ref: '#/definitions/SessionTimerProfileBindingMap' description: | Contains the actual SessionTimerProfileBindingMap object title: |- SessionTimerProfileBindingMap required: - SessionTimerProfileBindingMap type: object x-vmw-nsx-module: PolicyProfile description: | Child wrapper object for SessionTimerProfileBindingMap, used in hierarchical API title: |- Wrapper object for SessionTimerProfileBindingMap x-vmw-nsx-module: PolicyProfile ChildSite: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Site: $ref: '#/definitions/Site' description: | Contains the actual Site object. title: |- Site required: - Site type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Child wrapper object for Site, used in hierarchical API. title: |- Wrapper object for Site x-vmw-nsx-module: PolicyEnforcementPointManagement ChildSpoofGuardProfile: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SpoofGuardProfile: $ref: '#/definitions/SpoofGuardProfile' description: | Contains the actual SpoofGuardProfile object title: |- SpoofGuardProfile required: - SpoofGuardProfile type: object x-vmw-nsx-module: PolicySpoofGuard description: |- Child wrapper object for SpoofGuardProfile, used in hierarchical API title: |- Wrapper object for SpoofGuardProfile x-vmw-nsx-module: PolicySpoofGuard ChildSslTrustObjectData: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: SslTrustObjectData: $ref: '#/definitions/SslTrustObjectData' description: | Contains the actual SslTrustObjectData object title: |- SslTrustObjectData required: - SslTrustObjectData type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: |- Child wrapper for SslTrustObjectData, used in hierarchical API title: |- Wrapper object for SslTrustObjectData x-vmw-nsx-module: TempPolicyLoadBalancer ChildStandaloneHostIdfwConfiguration: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: StandaloneHostIdfwConfiguration: $ref: '#/definitions/StandaloneHostIdfwConfiguration' description: | Contains the actual standalone host idfw configuration object. title: |- StandaloneHostIdfwConfiguration required: - StandaloneHostIdfwConfiguration type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: |- Wrapper object for StandaloneHostIdfwConfiguration title: |- Wrapper object for StandaloneHostIdfwConfiguration x-vmw-nsx-module: PolicyFirewallConfiguration ChildStaticARPConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: StaticARPConfig: $ref: '#/definitions/StaticARPConfig' description: | Contains the actual StaticARPConfig object. title: |- StaticARPConfig required: - StaticARPConfig type: object x-vmw-nsx-module: PolicyConnectivity description: | Child wrapper object for StaticARPConfig, used in hierarchical API. title: |- Wrapper object for StaticARPConfig x-vmw-nsx-module: PolicyConnectivity ChildStaticRouteBfdPeer: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: BfdPeer: $ref: '#/definitions/StaticRouteBfdPeer' description: | Contains the actual StaticRouteBfdPeer object. title: |- Static Route BFD Peer required: - BfdPeer type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for StaticRouteBfdPeer, used in hierarchical API. title: |- Wrapper object for StaticRouteBfdPeer x-vmw-nsx-module: PolicyConnectivity ChildStaticRoutes: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: StaticRoutes: $ref: '#/definitions/StaticRoutes' description: | Contains the actual StaticRoutes object. title: |- StaticRoutes required: - StaticRoutes type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for StaticRoutes, used in hierarchical API. title: |- Wrapper object for StaticRoutes x-vmw-nsx-module: PolicyConnectivity ChildTier0: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier0: $ref: '#/definitions/Tier0' description: | Contains the actual Tier-0 object. title: |- Tier-0 required: - Tier0 type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Tier-0, used in hierarchical API. title: |- Wrapper object for Tier-0 x-vmw-nsx-module: PolicyConnectivity ChildTier0DeploymentMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier0DeploymentMap: $ref: '#/definitions/Tier0DeploymentMap' description: | Contains the actual Tier0DeploymentMap object. title: |- Tier0DeploymentMap required: - Tier0DeploymentMap type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Child wrapper object for Tier0DeploymentMap, used in hierarchical API. title: |- Wrapper object for Tier0DeploymentMap x-vmw-nsx-module: PolicyEnforcementPointManagement ChildTier0Interface: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier0Interface: $ref: '#/definitions/Tier0Interface' description: | Contains the actual Tier0Interface object. title: |- Tier0Interface required: - Tier0Interface type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Tier0Interface, used in hierarchical API. title: |- Wrapper object for Tier0Interface x-vmw-nsx-module: PolicyConnectivity ChildTier0RouteMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier0RouteMap: $ref: '#/definitions/Tier0RouteMap' description: | Contains the actual Tier0RouteMap object title: |- Tier0RouteMap required: - Tier0RouteMap type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Tier0RouteMap, used in hierarchical API title: |- Wrapper object for Tier0RouteMap x-vmw-nsx-module: PolicyConnectivity ChildTier1: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier1: $ref: '#/definitions/Tier1' description: | Contains the actual Tier-1 object. title: |- Tier-1 required: - Tier1 type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for Tier-1 , used in hierarchical API. title: |- Wrapper object for Tier-1 x-vmw-nsx-module: PolicyConnectivity ChildTier1DeploymentMap: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier1DeploymentMap: $ref: '#/definitions/Tier1DeploymentMap' description: | Contains the actual Tier1DeploymentMap object. title: |- Tier1DeploymentMap required: - Tier1DeploymentMap type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Child wrapper object for Tier1DeploymentMap, used in hierarchical API. title: |- Wrapper object for Tier1DeploymentMap x-vmw-nsx-module: PolicyEnforcementPointManagement ChildTier1Interface: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: Tier1Interface: $ref: '#/definitions/Tier1Interface' description: | Contains the actual Tier1Interface object. title: |- Tier1Interface required: - Tier1Interface type: object x-vmw-nsx-module: PolicyConnectivity description: | Child wrapper object for Tier1Interface, used in hierarchical API. title: |- Wrapper object for Tier1Interface x-vmw-nsx-module: PolicyConnectivity ChildTlsCertificate: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: TlsCertificate: $ref: '#/definitions/TlsCertificate' description: | Contains the actual TlsCertificate object. title: |- TlsCertificate required: - TlsCertificate type: object x-vmw-nsx-module: PolicyCertificate description: |- Child wrapper for TlsCertificate, used in hierarchical API. title: |- Wrapper object for TlsCertificate x-vmw-nsx-module: PolicyCertificate ChildTlsCrl: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: TlsCrl: $ref: '#/definitions/TlsCrl' description: |- Contains the actual TlsCrl object. title: |- TlsCrl required: - TlsCrl type: object x-vmw-nsx-module: PolicyCertificate description: |- Child wrapper for TlsCrl, used in hierarchical API. title: |- Wrapper object for TlsCrl x-vmw-nsx-module: PolicyCertificate ChildTlsTrustData: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: TlsTrustData: $ref: '#/definitions/TlsTrustData' description: | Contains the actual TlsTrustData object. title: |- TlsTrustData required: - TlsTrustData type: object x-vmw-nsx-module: PolicyCertificate description: |- Child wrapper for TlsTrustData, used in hierarchical API. title: |- Wrapper object for TlsTrustData x-vmw-nsx-module: PolicyCertificate ChildTraceflowConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: TraceflowConfig: $ref: '#/definitions/TraceflowConfig' description: | Contains the actual TraceflowConfig object. title: |- TraceflowConfig required: - TraceflowConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper for TraceflowConfig, used in hierarchical API title: |- Wrapper object for TraceflowConfig x-vmw-nsx-module: PolicyConnectivity ChildVirtualEndpoint: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: VirtualEndpoint: $ref: '#/definitions/VirtualEndpoint' description: | Contains reference to actual VirtualEndpoint. title: |- VirtualEndpoint required: - VirtualEndpoint type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Child wrapper object for VirtualEndpoint used in hierarchical API. title: |- Wrapper object for VirtualEndpoint x-vmw-nsx-module: PolicyServiceInsertion ChildVniPoolConfig: allOf: - $ref: '#/definitions/ChildPolicyConfigResource' - properties: VniPoolConfig: $ref: '#/definitions/VniPoolConfig' description: | Contains the actual VniPoolConfig object. title: |- VniPoolConfig required: - VniPoolConfig type: object x-vmw-nsx-module: PolicyConnectivity description: |- Child wrapper object for VniPoolConfig, used in hierarchical API. title: |- Wrapper object for VniPoolConfig x-vmw-nsx-module: PolicyConnectivity ClasslessStaticRoute: description: |- DHCP classless static route option. properties: network: description: |- Destination network in CIDR format. format: address-or-block-or-range type: string next_hop: description: |- IP address of next hop of the route. format: ip type: string required: - next_hop - network title: |- DHCP classless static route option type: object x-vmw-nsx-module: Dhcp CloudNativeServiceInstance: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: external_id: description: | Id of service instance fetched from public cloud. readOnly: true title: |- External id of cloud native service instance in the system. type: string service_type: description: |- Type of cloud native service. readOnly: true title: |- Type of cloud native service; possible values are ELB, RDS type: string source: $ref: '#/definitions/ResourceReference' description: |- Reference of the public cloud gateway that reported the service instance. readOnly: true title: |- Reference of the public cloud gateway type: object x-vmw-nsx-module: InventoryCloudObj description: |- Stores the information about cloud native service instance. x-vmw-nsx-module: InventoryCloudObj ClusterBackupInfo: description: |- Cluster backup details properties: ip_address: description: |- IP address or FQDN of the node from which the backup was taken format: hostname-or-ip readOnly: true title: |- IP address or FQDN of the node from which the backup was taken type: string node_id: description: |- ID of the node from which the backup was taken readOnly: true title: |- ID of the node from which the backup was taken type: string restore_type: default: [] description: |- Type of restore allowed items: enum: - REGULAR_RESTORE - POLICY_ONLY_RESTORE type: string readOnly: true title: |- Type of restore allowed type: array uniqueItems: true timestamp: description: |- timestamp of the cluster backup file format: int64 readOnly: true type: integer title: |- Cluster backup details type: object x-vmw-nsx-module: ClusterRestore ClusterBackupInfoListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List of timestamps of backed-up cluster files items: $ref: '#/definitions/ClusterBackupInfo' readOnly: true title: |- List of timestamps of backed-up cluster files type: array type: object x-vmw-nsx-module: ClusterRestore x-vmw-nsx-module: ClusterRestore ClusterRestoreStatus: description: |- Cluster restore status properties: backup_timestamp: description: |- Timestamp when backup was initiated in epoch millisecond format: int64 readOnly: true type: integer endpoints: description: | The list of allowed endpoints, based on the current state of the restore process items: $ref: '#/definitions/ResourceLink' readOnly: true title: | The list of allowed endpoints, based on the current state of the restore process type: array id: description: |- Unique id for backup request readOnly: true title: |- Unique id for backup request type: string instructions: description: |- Instructions for users to reconcile Restore operations items: $ref: '#/definitions/InstructionInfo' readOnly: true title: |- Instructions for users to reconcile Restore operations type: array restore_end_time: description: |- Timestamp when restore was completed in epoch millisecond format: int64 readOnly: true type: integer restore_start_time: description: |- Timestamp when restore was started in epoch millisecond format: int64 readOnly: true type: integer status: $ref: '#/definitions/GlobalRestoreStatus' step: $ref: '#/definitions/RestoreStep' total_steps: description: |- Total number of steps in the entire restore process format: int64 readOnly: true title: |- Total number of steps in the entire restore process type: integer title: |- Cluster restore status type: object x-vmw-nsx-module: ClusterRestore ColumnItem: description: |- Represents a column of the Grid properties: column_identifier: description: |- Identifies the column and used for fetching content upon an user click or drilldown. If column identifier is not provided, the column's data will not participate in searches and drilldowns. title: |- Identifier for this column type: string drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. maxLength: 255 title: |- Id of drilldown widget type: string field: description: |- Field from which values of the column will be derived. maxLength: 1024 title: |- Column Field type: string hidden: default: false description: |- If set to true, hides the column title: |- Hide the column type: boolean label: $ref: '#/definitions/Label' description: |- Label of the column. readOnly: false title: |- Column Label navigation: description: |- Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used. maxLength: 1024 title: |- Navigation to a specified UI page type: string render_configuration: description: |- Render configuration to be applied, if any. items: $ref: '#/definitions/RenderConfiguration' title: |- Render Configuration type: array sort_ascending: default: true description: |- If true, the value of the column are sorted in ascending order. Otherwise, in descending order. title: |- Represents order of sorting the values type: boolean sort_key: description: |- Sorting on column is based on the sort_key. sort_key represents the field in the output data on which sort is requested. maxLength: 255 title: |- Key for sorting on this column type: string tooltip: description: |- Multi-line text to be shown on tooltip while hovering over a cell in the grid. items: $ref: '#/definitions/Tooltip' title: |- Multi-line tooltip type: array type: default: String description: |- Data type of the field. enum: - String - Number - Date maxLength: 255 title: |- Field data type type: string required: - field - type - label title: |- Grid Column type: object x-vmw-nsx-module: NsxDashboard CommunicationEntry: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: description: | The action to be applied to all the services. enum: - ALLOW - DROP - REJECT title: |- Action type: string destination_groups: description: | We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Destination group paths type: array direction: default: IN_OUT description: | Define direction of traffic. enum: - IN - OUT - IN_OUT title: |- Direction type: string disabled: default: false description: |- Flag to disable the rule. Default is enabled. readOnly: false title: |- Flag to disable the rule type: boolean logged: default: false description: |- Flag to enable packet logging. Default is disabled. readOnly: false title: |- Enable logging flag type: boolean notes: description: |- Text for additional notes on changes. title: |- Text for additional notes on changes type: string scope: description: | The list of policy paths where the communication entry is applied Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied on multiple LRs/LRPs. items: type: string maxItems: 128 type: array sequence_number: description: | This field is used to resolve conflicts between multiple CommunicationEntries under CommunicationMap for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple communication entries with the same sequence number then their order is not deterministic. If a specific order of communication entry is desired, then one has to specify unique sequence numbers or use the POST request on the communication entry entity with a query parameter action=revise to let the framework assign a sequence number format: int32 title: |- Sequence number of the this CommunicationEntry type: integer services: description: | In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Names of services type: array source_groups: description: | We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 128 title: |- Source group paths type: array tag: description: | User level field which will be printed in CLI and packet logs. maxLength: 32 title: |- Tag applied on the communication entry type: string type: object x-vmw-nsx-module: Policy description: |- A communication entry indicates the action to be performed for various types of traffic flowing between workload groups. This type is deprecated. Use the type Rule instead. title: |- A communication entry specifies the security policy between the workload groups x-vmw-nsx-module: Policy CommunicationMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: category: description: | - Distributed Firewall - Policy framework for Distributed Firewall provides four pre-defined categories for classifying a communication map. They are "Emergency", "Infrastructure", "Environment" and "Application". Amongst the layer 3 communication maps,there is a pre-determined order in which the policy framework manages the priority of these communication maps. Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a communication map into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four layer 3 categories. title: |- A way to classify a communication map, if needed. type: string communication_entries: description: |- CommunicationEntries that are a part of this CommunicationMap items: $ref: '#/definitions/CommunicationEntry' title: |- CommunicationEntries that are a part of this CommunicationMap type: array precedence: description: | This field is used to resolve conflicts between communication maps across domains. In order to change the precedence of a communication map one can fire a POST request on the communication map entity with a query parameter action=revise The precedence field will reflect the value of the computed precedence upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several communication maps, the only way to set the precedence is to explicitly specify the precedence number for each communication map. If no precedence is specified in the payload, a value of 0 is assigned by default. If there are multiple communication maps with the same precedence then their order is not deterministic. If a specific order of communication map is desired, then one has to specify a unique precedence or use the POST request on the communication map entity with a query parameter action=revise to let the framework assign a precedence format: int32 title: |- Precedence to resolve conflicts across Domains type: integer type: object x-vmw-nsx-module: Policy description: | Ordered list of CommunicationEntries. This object is created by default along with the Domain. This type is deprecated. Use the type SecurityPolicy instead. title: |- Contains ordered list of CommunicationEntries x-vmw-nsx-module: Policy CommunityList: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: communities: description: | List of BGP community entries. Both standard and large communities are supported. Standard community format: aa:nn where aa and nn must be within the range [1 - 65536]. Large BGP Community format: aa:bb:nn where aa (Global Administrator), bb (Local Data Part 1) and nn (Local Data Part 2) must be within the range [1 - 4294967295]. In additon to numbered communites (e.g. 3356:2040), predefined communities (NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED) are supported. items: type: string minItems: 1 title: |- List of BGP community entries type: array required: - communities type: object x-vmw-nsx-module: PolicyConnectivity description: |- Community list for BGP routing configuration title: |- Community list for BGP routing configuration x-vmw-nsx-module: PolicyConnectivity CommunityListListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- CommunityList results items: $ref: '#/definitions/CommunityList' title: |- CommunityList results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of CommunityLists title: |- Paged collection of CommunityLists x-vmw-nsx-module: PolicyConnectivity CommunityMatchCriteria: description: |- Match criteria based on a community list properties: criteria: description: | Match criteria specified as a community list path or a regular expression. title: |- Match criteria based on community list path or a regular expression type: string match_operator: description: | Match operator for community list entries. Not valid when a regular expression is specified for criteria. enum: - MATCH_ANY - MATCH_ALL - MATCH_EXACT - MATCH_COMMUNITY_REGEX - MATCH_LARGE_COMMUNITY_REGEX title: |- Match operator for community list entries type: string required: - criteria title: |- Match criteria based on a community list type: object x-vmw-nsx-module: PolicyConnectivity ComputeClusterIdfwConfiguration: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cluster_idfw_enabled: description: |- If set to true, idfw is enabled for this cluster readOnly: false title: |- Idfw enabled flag type: boolean member: $ref: '#/definitions/PolicyResourceReference' description: |- Contains actual policy resource reference object title: |- PolicyResourceReference required: - member - cluster_idfw_enabled type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: | Idfw configuration for enable/disable idfw on cluster level. title: |- Compute cluster idfw configuration x-vmw-nsx-module: PolicyFirewallConfiguration ComputeCollection: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cm_local_id: description: |- Local Id of the compute collection in the Compute Manager readOnly: true title: |- Local Id of the compute collection in the Compute Manager type: string external_id: description: | External ID of the ComputeCollection in the source Compute manager, e.g. mo-ref in VC readOnly: true title: | External ID of the ComputeCollection in the source Compute manager, e.g. mo-ref in VC type: string origin_id: description: |- Id of the compute manager from where this Compute Collection was discovered readOnly: true title: |- Id of the compute manager from where this Compute Collection was discovered type: string origin_properties: description: | Key-Value map of additional specific properties of compute collection in the Compute Manager items: $ref: '#/definitions/KeyValuePair' readOnly: true title: | Key-Value map of additional specific properties of compute collection in the Compute Manager type: array origin_type: description: | ComputeCollection type like VC_Cluster. Here the Compute Manager type prefix would help in differentiating similar named Compute Collection types from different Compute Managers readOnly: true title: | ComputeCollection type like VC_Cluster. Here the Compute Manager type prefix would help in differentiating similar named Compute Collection types from different Compute Managers type: string owner_id: description: |- Id of the owner of compute collection in the Compute Manager readOnly: true title: |- Id of the owner of compute collection in the Compute Manager type: string type: object x-vmw-nsx-module: InventoryCmObj x-vmw-nsx-module: InventoryCmObj Condition: allOf: - $ref: '#/definitions/Expression' - properties: key: description: |- Key enum: - Tag - Name - OSName - ComputerName title: |- Key type: string member_type: description: |- Group member type enum: - IPSet - VirtualMachine - LogicalPort - LogicalSwitch - Segment - SegmentPort title: |- Group member type type: string operator: description: |- operator enum: - EQUALS - CONTAINS - STARTSWITH - ENDSWITH - NOTEQUALS title: |- operator type: string value: description: |- Value minLength: 1 title: |- Value type: string required: - operator - value - key - member_type type: object x-vmw-nsx-module: Policy description: | Represents the leaf level condition. Evaluation of the condition expression will be case insensitive. title: |- Represents the leaf level condition x-vmw-nsx-module: Policy ConditionalValueConstraintExpression: description: | Represents the leaf level expression to restrict the target attribute value based on the set of existing values. Generally, used in combination with RelatedAttributeConditionalExpression to constraint the values related to another attribute on the same resource. This object is always used in conjunction with some exression. Example - { "condition" : { "operator":"INCLUDES", "rhs_value": ["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"], "value_constraint": { "resource_type": "ValueConstraintExpression", "operator":"EXCLUDES", "values":["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"] } } properties: operator: description: |- Set operation to constraint values. enum: - INCLUDES - EXCLUDES - EQUALS title: |- Set operation to constraint values. type: string rhs_value: description: |- List of values. items: type: string title: |- Array of values to perform operation. type: array value_constraint: $ref: '#/definitions/ValueConstraintExpression' description: | Values to apply the conditional constraint on target. title: |- Value Constraint required: - operator - value_constraint - rhs_value title: |- Represents the leaf level conditional value constraint. type: object x-vmw-nsx-module: PolicyConstraints ConfigurationState: description: |- Describes status of configuration of an entity properties: details: description: |- Array of configuration state of various sub systems items: $ref: '#/definitions/ConfigurationStateElement' readOnly: true title: |- Array of configuration state of various sub systems type: array failure_code: description: |- Error code format: int64 readOnly: true title: |- Error code type: integer failure_message: description: |- Error message in case of failure readOnly: true title: |- Error message in case of failure type: string state: description: | Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. enum: - pending - in_progress - success - failed - partial_success - orphaned - unknown - error - in_sync - NOT_AVAILABLE - VM_DEPLOYMENT_QUEUED - VM_DEPLOYMENT_IN_PROGRESS - VM_DEPLOYMENT_FAILED - VM_POWER_ON_IN_PROGRESS - VM_POWER_ON_FAILED - REGISTRATION_PENDING - NODE_NOT_READY - NODE_READY - VM_POWER_OFF_IN_PROGRESS - VM_POWER_OFF_FAILED - VM_UNDEPLOY_IN_PROGRESS - VM_UNDEPLOY_FAILED - VM_UNDEPLOY_SUCCESSFUL - EDGE_CONFIG_ERROR - VM_DEPLOYMENT_RESTARTED - REGISTRATION_FAILED - TRANSPORT_NODE_SYNC_PENDING - TRANSPORT_NODE_CONFIGURATION_MISSING - EDGE_HARDWARE_NOT_SUPPORTED - MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED - TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER - TZ_ENDPOINTS_NOT_SPECIFIED - NO_PNIC_PREPARED_IN_EDGE - APPLIANCE_INTERNAL_ERROR - VTEP_DHCP_NOT_SUPPORTED - UNSUPPORTED_HOST_SWITCH_PROFILE - UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED - HOSTSWITCH_PROFILE_NOT_FOUND - LLDP_SEND_ENABLED_NOT_SUPPORTED - UNSUPPORTED_NAMED_TEAMING_POLICY - LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM - LACP_NOT_SUPPORTED_FOR_EDGE_VM - STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM - MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE - UNSUPPORTED_LACP_LB_ALGO_FOR_NODE - EDGE_NODE_VERSION_NOT_SUPPORTED - NO_PNIC_SPECIFIED_IN_TN - INVALID_PNIC_DEVICE_NAME - TRANSPORT_NODE_READY - VM_NETWORK_EDIT_PENDING - UNSUPPORTED_DEFAULT_TEAMING_POLICY - MPA_DISCONNECTED - VM_RENAME_PENDING - VM_CONFIG_EDIT_PENDING - VM_NETWORK_EDIT_FAILED - VM_RENAME_FAILED - VM_CONFIG_EDIT_FAILED - VM_CONFIG_DISCREPANCY - VM_NODE_REFRESH_FAILED - VM_PLACEMENT_REFRESH_FAILED - REGISTRATION_TIMEDOUT readOnly: true title: |- Overall state of desired configuration type: string title: |- Describes status of configuration of an entity type: object x-vmw-nsx-module: Common ConfigurationStateElement: description: |- Describes status of configuration of an entity properties: failure_code: description: |- Error code format: int64 readOnly: true title: |- Error code type: integer failure_message: description: |- Error message in case of failure readOnly: true title: |- Error message in case of failure type: string state: description: |- State of configuration on this sub system enum: - in_progress - success - failed - partial_success - in_sync - VM_DEPLOYMENT_FAILED - VM_POWER_ON_FAILED - VM_POWER_OFF_FAILED - VM_UNDEPLOY_FAILED - EDGE_CONFIG_ERROR - REGISTRATION_FAILED - TRANSPORT_NODE_CONFIGURATION_MISSING - EDGE_HARDWARE_NOT_SUPPORTED - MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED - TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER - TZ_ENDPOINTS_NOT_SPECIFIED - NO_PNIC_PREPARED_IN_EDGE - APPLIANCE_INTERNAL_ERROR - VTEP_DHCP_NOT_SUPPORTED - UNSUPPORTED_HOST_SWITCH_PROFILE - UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED - HOSTSWITCH_PROFILE_NOT_FOUND - LLDP_SEND_ENABLED_NOT_SUPPORTED - UNSUPPORTED_NAMED_TEAMING_POLICY - LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM - LACP_NOT_SUPPORTED_FOR_EDGE_VM - STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM - MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE - UNSUPPORTED_LACP_LB_ALGO_FOR_NODE - EDGE_NODE_VERSION_NOT_SUPPORTED - NO_PNIC_SPECIFIED_IN_TN - INVALID_PNIC_DEVICE_NAME - UNSUPPORTED_DEFAULT_TEAMING_POLICY - MPA_DISCONNECTED - VM_NETWORK_EDIT_PENDING - VM_RENAME_PENDING - VM_CONFIG_EDIT_PENDING - VM_NETWORK_EDIT_FAILED - VM_RENAME_FAILED - VM_CONFIG_EDIT_FAILED - VM_CONFIG_DISCREPANCY - VM_NODE_REFRESH_FAILED - VM_PLACEMENT_REFRESH_FAILED - NOT_AVAILABLE - REGISTRATION_TIMEDOUT - pending - orphaned - unknown - error readOnly: true title: |- State of configuration on this sub system type: string sub_system_address: description: |- URI of backing resource on sub system readOnly: true title: |- URI of backing resource on sub system type: string sub_system_id: description: |- Identifier of backing resource on sub system readOnly: true title: |- Identifier of backing resource on sub system type: string sub_system_name: description: |- Name of backing resource on sub system readOnly: true title: |- Name of backing resource on sub system type: string sub_system_type: description: |- Type of backing resource on sub system readOnly: true title: |- Type of backing resource on sub system type: string title: |- Describes status of configuration of an entity type: object x-vmw-nsx-module: Common ConjunctionOperator: allOf: - $ref: '#/definitions/Expression' - properties: conjunction_operator: description: |- Conjunction Operator Node enum: - OR - AND title: |- Conjunction Operator Node type: string required: - conjunction_operator type: object x-vmw-nsx-module: Policy description: |- Represents the operators AND or OR. title: |- Represents the operators AND or OR x-vmw-nsx-module: Policy ConnectivityAdvancedConfig: description: |- Advanced configuration for Policy connectivity properties: connectivity: default: 'ON' description: | Connectivity configuration to manually connect (ON) or disconnect (OFF) a Tier1 segment from corresponding Tier1 gateway. Only valid for Tier1 Segments. This property is ignored for L2 VPN extended segments when subnets property is not specified. enum: - 'ON' - 'OFF' title: |- Connectivity configuration type: string title: |- Advanced configuration for Policy connectivity type: object x-vmw-nsx-module: PolicyConnectivity ConsolidatedEffectiveIPAddressMemberListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of site wise consolidated effective ip addresses for the given NSGroup items: $ref: '#/definitions/EffectiveIPInfo' title: |- Paged Collection of site wise consolidated effective ip addresses for the given NSGroup type: array required: - results type: object x-vmw-nsx-module: GroupingObjectsProviders x-vmw-nsx-module: GroupingObjectsProviders ConsolidatedRealizedStatus: allOf: - $ref: '#/definitions/AggregatePolicyRuntimeInfo' - properties: consolidated_status: $ref: '#/definitions/ConsolidatedStatus' description: |- Consolidated Realized Status across enforcement points. readOnly: true title: |- Consolidated Realized Status consolidated_status_per_enforcement_point: description: |- List of Consolidated Realized Status per enforcement point. items: $ref: '#/definitions/ConsolidatedStatusPerEnforcementPoint' readOnly: true title: |- List of Consolidated Realized Status per Enforcement Point type: array type: object x-vmw-nsx-module: PolicyRealizedState description: | Consolidated Realized Status of an intent object across enforcement points. title: |- Consolidated Realized Status for an Intent Object x-vmw-nsx-module: PolicyRealizedState ConsolidatedStatus: description: | Consolidated Status of an intent object. Status Consolidation of an intent happens at multiple levels: - Per Enforcement Point: calculation of the consolidated status is performed using all realized entities that the intent objet maps to on a specific enforcement point. - Across Enforcement Points: calculation of the consolidated status is performend aggregating the consolidated status from each enforcement point. properties: consolidated_status: description: |- Consolidated Realized Status of an intent object. enum: - SUCCESS - IN_PROGRESS - ERROR - UNKNOWN - UNINITIALIZED readOnly: true type: string title: |- Consolidated Status type: object x-vmw-nsx-module: PolicyRealizedState ConsolidatedStatusNsxT: allOf: - $ref: '#/definitions/ConsolidatedStatusPerEnforcementPoint' - properties: enforced_status: $ref: '#/definitions/EnforcedStatusDetailsNsxT' description: | Detailed Realized Status inherent to an NSX-T Enforcement Point. readOnly: true title: |- Enforced Realized Status type: object x-vmw-nsx-module: PolicyRealizationStatus description: | Detailed Realized Status of an intent object on an NSX-T type of enforcement point. title: |- NSX-T Consolidated Status x-vmw-nsx-module: PolicyRealizationStatus ConsolidatedStatusPerEnforcementPoint: allOf: - $ref: '#/definitions/BaseConsolidatedStatusPerEnforcementPoint' - type: object x-vmw-nsx-module: PolicyRealizedState description: | Consolidated Realized Status Per Enforcement Point. title: |- Consolidated Realized Status Per Enforcement Point x-vmw-nsx-module: PolicyRealizedState ConstantFieldValue: allOf: - $ref: '#/definitions/FieldSettingValue' - properties: constant: description: | Constant Value that the field must be set to. title: |- Constant Value type: object type: object x-vmw-nsx-module: PolicyReaction description: |- Constant Field Value. title: |- Constant Field Value x-vmw-nsx-module: PolicyReaction Constraint: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: constraint_expression: $ref: '#/definitions/ConstraintExpression' description: |- Expression to constrain the target attribute value. title: |- Expression to constrain the target attribute value. message: description: |- User friendly message to be shown to users upon violation. title: |- User friendly message to be shown to users upon violation. type: string target: $ref: '#/definitions/ConstraintTarget' description: |- Target resource attribute details. title: |- Target resource attribute details. required: - constraint_expression - target type: object x-vmw-nsx-module: PolicyConstraints description: | Constraint object to constraint any attribute on a resource based on specified expression. Example- Restrict the allowed services in Edge Communication Entry to list of services, if the destinationGroups contain vCenter. { "target":{ "target_resource_type":"CommunicationEntry", "attribute":"services", "path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries" } "constraint_expression":{ "related_attribute":{ "attribute":"destinationGroups" } "condition":{ "operator":"INCLUDES", "rhs_value":{"vCenter"} "value_constraint":{ "operator":"ALLOW", "values":{"/ref/services/HTTPS", "/ref/services/HTTOP", ...} } } } } title: |- Constraint definition. x-vmw-nsx-module: PolicyConstraints ConstraintExpression: allOf: - $ref: '#/definitions/ManagedResource' - discriminator: resource_type properties: resource_type: enum: - ValueConstraintExpression - RelatedAttributeConditionalExpression - EntityInstanceCountConstraintExpression - FieldSanityConstraintExpression type: string required: - resource_type type: object x-vmw-nsx-module: PolicyConstraints description: | All the types of the expression extend from this abstract class. This is present for extensibility. title: |- Base class for constraint expression x-vmw-nsx-module: PolicyConstraints ConstraintListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Constraint list results items: $ref: '#/definitions/Constraint' title: |- Constraint list results type: array required: - results type: object x-vmw-nsx-module: PolicyConstraints description: |- Paged Collection of Constraints title: |- Paged Collection of Constraints x-vmw-nsx-module: PolicyConstraints ConstraintTarget: description: | Resource attribute on which constraint should be applied. Example - sourceGroups attribute of Edge CommunicationEntry to be restricted, is given as: { "target_resource_type":"CommunicationEntry", "attribute":"sourceGroups", "path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries" } properties: attribute: description: |- Attribute name of the target entity. title: |- Attribute name of the target entity. type: string path_prefix: description: | Path prefix of the entity to apply constraint. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. title: | Path prefix of the entity to apply constraint. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. type: string target_resource_type: description: |- Resource type of the target entity. title: |- Resource type of the target entity. type: string required: - target_resource_type title: |- Resource attribute on which constraint should be applied. type: object x-vmw-nsx-module: PolicyConstraints ContainerApplication: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_cluster_id: description: |- Identifier of the container cluster this container application belongs to. readOnly: true title: |- Identifier of the container cluster type: string container_project_id: description: |- Identifier of the project which this container application belongs to. readOnly: false title: |- Identifier of the project type: string external_id: description: | Identifier of the container application on container cluster e.g. PCF app id, k8s service id. readOnly: false title: |- External identifier of the container application type: string network_errors: description: |- List of network errors related to container application. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container application. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container application type: string origin_properties: description: | Array of additional specific properties of container application in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array status: description: |- Status of the container application. enum: - UNKNOWN - HEALTHY - UP - DOWN - DEGRADED readOnly: false title: |- Status of the container application type: string required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Container application within a project. title: |- Container application within a project x-vmw-nsx-module: InventoryContainerObj ContainerApplicationInstance: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cluster_node_id: description: |- Cluster node id where application instance is running. readOnly: false title: |- Cluster node id type: string container_application_ids: description: |- List of identifiers of the container application. items: type: string readOnly: false title: |- Identifiers of the container application type: array container_cluster_id: description: |- Identifier of the container cluster this application instance belongs to. readOnly: true title: |- Identifier of the container cluster type: string container_project_id: description: | Identifier of the container project which this container application instance belongs to. readOnly: false title: |- Identifier of the project type: string external_id: description: |- Identifier of the container application instance on container cluster. readOnly: false title: |- External identifier of the container application instance type: string network_errors: description: |- List of network errors related to container application instance. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container application instance. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container application instance type: string origin_properties: description: | Array of additional specific properties of container application instance in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array status: description: |- Status of the container application instance. enum: - UNKNOWN - HEALTHY - UP - DOWN - DEGRADED readOnly: false title: |- Status of the container application instance type: string required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Container application instance within a project. title: |- Container Application Instance x-vmw-nsx-module: InventoryContainerObj ContainerCluster: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cluster_type: description: | Type of the container cluster. In case of creating container cluster first time, it is expected to pass the valid cluster-type. In case of update, if there is no change in cluster-type, then this field can be omitted in the request. enum: - PAS - PKS - Kubernetes - Openshift - WCP - WCP_Guest - Other readOnly: false title: |- Type of the container cluster type: string external_id: description: |- External identifier of the container cluster. readOnly: false title: |- External identifier of the container cluster type: string infrastructure: $ref: '#/definitions/ContainerInfrastructureInfo' description: | Details of underlying infrastructure that hosts the container cluster. In case of creating container cluster first time, it is expected to pass the valid infrastructure. In case of update, if there is no change in cluster-type, then this field can be omitted in the request. readOnly: false title: |- Details of infrastructure for the container cluster network_errors: description: |- List of network errors related to container cluster. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container cluster. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container cluster type: string origin_properties: description: | Array of additional specific properties of container cluster in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array type: object x-vmw-nsx-module: InventoryContainerObj description: |- Details of container cluster. title: |- Container cluster x-vmw-nsx-module: InventoryContainerObj ContainerClusterNode: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_cluster_id: description: |- External identifier of the container cluster. readOnly: false title: |- External identifier of the container cluster type: string external_id: description: | External identifier of the container cluster node in K8S/PAS. readOnly: false title: |- External identifier of the container cluster node type: string ip_addresses: description: |- List of IP addresses of container cluster node. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: false title: |- IP Addresses of Node type: array network_errors: description: |- List of network errors related to container cluster node. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container cluster node. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container cluster node type: string origin_properties: description: | Array of additional specific properties of container cluster node in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Details of container cluster node i.e. container host. title: |- Container cluster node x-vmw-nsx-module: InventoryContainerObj ContainerConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: header: $ref: '#/definitions/Header' labels: description: |- Labels for the container. items: $ref: '#/definitions/Label' minItems: 0 title: |- Labels type: array layout: $ref: '#/definitions/Layout' description: |- Layout of widgets can be either vertical or horizontal. If layout is not specified a default horizontal layout is applied. title: |- Layout of widgets inside container navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string widgets: description: |- If not specified, creates an empty container. items: $ref: '#/definitions/WidgetItem' minItems: 0 title: |- Widgets held by the container type: array type: object x-vmw-nsx-module: NsxDashboard description: |- Represents a container to group widgets that belong to a common category or have a common purpose. title: |- Container that holds widgets x-vmw-nsx-module: NsxDashboard ContainerInfrastructureInfo: description: | Details of infrastructure hosting the container cluster e.g. vSphere, AWS, VMC etc.. properties: infra_type: description: |- Type of the infrastructure. enum: - vSphere - AWS - Azure - VMC - KVM - Baremetal readOnly: false title: |- Type of the infrastructure type: string required: - infra_type title: |- Details of container infrastructure type: object x-vmw-nsx-module: InventoryContainerObj ContainerIngressPolicy: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_application_ids: description: | List of identifiers of the container application , on which ingress policy is applied. e.g. IDs of all services on which the ingress is applied in kubernetes. items: type: string readOnly: false title: |- Identifiers of the container application type: array container_cluster_id: description: |- Identifier of the container cluster this ingress policy belongs to. readOnly: false title: |- Identifier of the container cluster type: string container_project_id: description: |- Identifier of the project which this container ingress belongs to. readOnly: false title: |- Identifier of the project type: string external_id: description: |- Identifier of the container ingress policy. readOnly: false title: |- External identifier of the container ingress policy type: string network_errors: description: |- List of network errors related to container ingress. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container ingress. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container ingress type: string origin_properties: description: | Array of additional specific properties of container ingress in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array spec: description: |- Container ingress policy specification. readOnly: false title: |- Container ingress policy specification type: string required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Details of Container Ingress Policy. title: |- Container Ingress Policy x-vmw-nsx-module: InventoryContainerObj ContainerNetworkPolicy: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_cluster_id: description: |- Identifier of the container cluster this network policy belongs to. readOnly: false title: |- Identifier of the container cluster type: string container_project_id: description: |- Identifier of the project which this network policy belongs to. readOnly: false title: |- Identifier of the project type: string external_id: description: |- Identifier of the container network policy. readOnly: false title: |- External identifier of the container network policy type: string network_errors: description: |- List of network errors related to container network policy. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container network policy. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container network policy type: string origin_properties: description: | Array of additional specific properties of container network policy in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array policy_type: description: |- Type e.g. Network Policy, ASG. enum: - NETWORK_POLICY - ASG readOnly: false title: |- Type type: string spec: description: |- Container network policy specification. readOnly: false title: |- Container network policy specification type: string required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Network policy applied to container. title: |- Container Network Policy x-vmw-nsx-module: InventoryContainerObj ContainerProject: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: container_cluster_id: description: |- Identifier of the container cluster to which this project/namespace belongs. readOnly: false title: |- Identifier of the container cluster type: string external_id: description: |- External identifier of the container project. readOnly: false title: |- External identifier of the container project type: string network_errors: description: |- List of network errors related to container project. items: $ref: '#/definitions/NetworkError' readOnly: false title: |- Network errors type: array network_status: description: |- Network status of container project. enum: - HEALTHY - UNHEALTHY readOnly: false title: |- Network status of container project type: string origin_properties: description: | Array of additional specific properties of container project in key-value format. items: $ref: '#/definitions/KeyValuePair' readOnly: false title: |- Origin properties type: array required: - external_id type: object x-vmw-nsx-module: InventoryContainerObj description: |- Details of org/namespace within a container cluster. title: |- Container project within a container cluster x-vmw-nsx-module: InventoryContainerObj Criterion: description: | Event Criterion is the logical evaluations by which the event may be deemed fulfilled. All the evaluations must be met in order for the criterion to be met (implicit AND). properties: evaluations: description: | Criterion Evaluations. items: $ref: '#/definitions/Evaluation' minItems: 1 title: |- Criterion Evaluations type: array required: - evaluations title: |- Event Criterion type: object x-vmw-nsx-module: PolicyReaction CsvListResult: description: |- Base type for CSV result. properties: file_name: description: |- File name set by HTTP server if API returns CSV result as a file. title: |- File name type: string type: object x-vmw-nsx-module: CsvTypes CsvRecord: description: |- Base type for CSV records. type: object x-vmw-nsx-module: CsvTypes CurrentBackupOperationStatus: description: |- Current backup operation status properties: backup_id: description: |- Unique identifier of current backup title: |- Unique identifier of current backup type: string current_step: description: |- Current step of operation enum: - BACKUP_CREATING_CLUSTER_BACKUP - BACKUP_CREATING_NODE_BACKUP title: |- Current step of operation type: string current_step_message: description: |- Additional human-readable status information about current step title: |- Additional human-readable status information about current step type: string end_time: description: |- Time when operation is expected to end format: int64 type: integer operation_type: description: | Type of operation that is in progress. Returns none if no operation is in progress, in which case none of the other fields will be set. enum: - NONE - BACKUP title: | Type of operation that is in progress. Returns none if no operation is in progress, in which case none of the other fields will be set. type: string start_time: description: |- Time when operation was started format: int64 type: integer required: - operation_type title: |- Current backup operation status type: object x-vmw-nsx-module: BackupConfiguration CustomPolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/PolicyLbPersistenceProfile' - properties: persistence: description: | This field indicates the persistence method used for the PolicyLbVirtualServer. - COOKIE persistence allows related client connections, identified by the same cookie in HTTP requests [Refer to HTTP Cookie for details on HTTP cookies], to be redirected to the same server. Load balancer does not maintain any persistence table for cookie persistence. Instead, it encodes the necessary information in the HTTP cookie value sent to client and relies on the client to store it and send it back in subsequent related HTTP requests. Hence there is no limit on the number of cookie persistence entries that can be supported. - SOURCE_IP persistence ensures all connections from a client (identified by IP address) are sent to the same backend server for a specified period. - This object is not required and without creation of this object the virtual server persistence is disabled by default enum: - COOKIE - SOURCE_IP title: |- Persistence method used by PolicyLbVirtualServer(s) type: string persistence_shared: default: false description: | Persistence shared setting indicates that all PolicyLbVirtualServers that consume this PolicyLbPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistenct type, the persistence table will be shared across virtual servers. title: |- Persistence shared across PolicyLbVirtualServers type: boolean required: - persistence type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a PolicyLbVirtualServer by binding a persistence profile to it. title: |- PolicyLbPersistenceProflie for Custom type PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer CustomPolicyLbVirtualServer: allOf: - $ref: '#/definitions/HttpPolicyLbVirtualServer' - properties: app_protocol: description: | As the custom type allows for more complex settings than the simplified PolicyLbVirtualServer types, also specify the desired protocol for receiving all client connections. enum: - TCP - UDP - HTTP - HTTPS title: |- Application protocol for receiving client connections type: string client_ssl_certificate_ids: description: | Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. The setting is used when load balancer acts as an SSL server and terminating the client SSL connection items: type: string title: |- ssl certificates type: array client_ssl_settings: default: HIGH_SECURE_111317 description: | Security settings representing various security settings when the VirtualServer acts as an SSL server - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 enum: - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 title: |- Security profile setting type: string default_client_ssl_certificate_id: description: | The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. title: |- ssl certificate type: string server_auth_ca_certificate_ids: description: | To support client authentication (load balancer acting as a client authenticating to the backend server), server_ssl_certificate_id can be specified. When supplied, the backend server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP. items: type: string title: |- ssl certificate type: array server_ssl_settings: default: DISABLED description: | Indicates whether to enable server side SSL. Server side SSL will be enabled when a specific security setting is selected. The selected security setting or profile represents various configurations related to SSL when the VirtualServer acts as a client connecting over SSL to the backend server. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP. - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 - DISABLED enum: - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 - DISABLED title: |- Security profile setting type: string required: - app_protocol type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over a specified protocol and distributes them among the backend servers. This custom type allows for more complex settings than the simplified PolicyLbVirtualServer types. This object allows for complex configurations for PolicyLbVirtualServers of all types. All HTTP specific inputs will be rejected when combined with TPC or UDP protocols. title: |- PolicyLbVirtualServer handling connections over HTTP or HTTPS x-vmw-nsx-module: TempPolicyLoadBalancer CustomWidgetConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: ui_component_identifier: description: |- User defined component selector to be rendered inside view/container. title: |- UI identifier for component to be rendered inside view/container type: string type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration for custom widget. For this widget the data source is not applicable. It defines ui identifer to identify UI component and render it on dashboard view. This configuration can only be used for system owned widgets. title: |- Custom widget Configuration x-vmw-nsx-module: NsxDashboard CvxConnectionInfo: allOf: - $ref: '#/definitions/EnforcementPointConnectionInfo' - properties: password: description: |- Password. title: |- Password type: string thumbprint: description: | Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string username: description: |- Username. title: |- Username type: string type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Credential info to connect to a CVX type of enforcement point. title: |- CVX Connection Info x-vmw-nsx-module: PolicyEnforcementPointManagement DNSForwarderStatisticsPerEnforcementPoint: description: | DNS forwarder statistics per enforcement point. discriminator: resource_type properties: enforcement_point_path: description: | Policy path referencing the enforcement point from where the statistics are fetched. readOnly: true title: |- Enforcement point path type: string resource_type: enum: - NsxTDNSForwarderStatistics type: string required: - resource_type title: |- DNS forwarder statistics per enforcement point type: object x-vmw-nsx-module: PolicyDNSStatistics DNSForwarderStatusPerEnforcementPoint: description: | DNS forwarder status per enforcement point. discriminator: resource_type properties: enforcement_point_path: description: | Policy path referencing the enforcement point from where the status is fetched. readOnly: true title: |- Enforcement point path type: string resource_type: enum: - NsxTDNSForwarderStatus type: string required: - resource_type title: |- DNS forwarder status per enforcement point type: object x-vmw-nsx-module: PolicyDNSStatistics DataCounter: properties: dropped: description: |- The dropped packets or bytes format: int64 title: |- The dropped packets or bytes type: integer multicast_broadcast: description: |- The multicast and broadcast packets or bytes format: int64 title: |- The multicast and broadcast packets or bytes type: integer total: description: |- The total packets or bytes format: int64 title: |- The total packets or bytes type: integer required: - total type: object x-vmw-nsx-module: AggSvcL2Types Datasource: description: |- An instance of a datasource configuration. properties: display_name: description: |- Name of a datasource instance. maxLength: 255 title: |- Datasource instance's display name type: string urls: description: |- Array of urls relative to the datasource configuration. For example, api/v1/fabric/nodes is a relative url of nsx-manager instance. items: $ref: '#/definitions/UrlAlias' title: |- Array of relative urls and their aliases type: array required: - display_name - urls title: |- Datasource Instance type: object x-vmw-nsx-module: NsxDashboard DefaultFilterValue: description: |- An instance of a datasource configuration. properties: alias: description: |- Filter alias. title: |- Filter alias type: string value: description: |- Filter default value. title: |- Filter default value type: string required: - alias - value title: |- Default filter values type: object x-vmw-nsx-module: NsxDashboard DeleteRequestParameters: description: |- Parameters that affect how delete operations are processed properties: force: default: false description: | If true, deleting the resource succeeds even if it is being referred as a resource reference. title: | Force delete the resource even if it is being used somewhere type: boolean title: |- Parameters that affect how delete operations are processed type: object x-vmw-nsx-module: Common DeploymentZone: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enforcement_points: description: |- Logical grouping of enforcement points items: $ref: '#/definitions/EnforcementPoint' title: |- Logical grouping of enforcement points type: array type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Logical grouping of enforcement points. This is a deprecated type. DeploymentZone has been renamed to Site. Use Site. title: |- Deployment zone x-vmw-nsx-module: PolicyEnforcementPointManagement DfwFirewallConfiguration: allOf: - $ref: '#/definitions/FirewallConfiguration' - properties: idfw_enabled: default: false description: | If set to true, identity firewall is enabled. title: |- Identity firewall enable flag type: boolean type: object x-vmw-nsx-module: Policy description: |- DFW Firewall related configurations title: |- DFW Firewall related configurations x-vmw-nsx-module: Policy DhcpHeader: properties: op_code: default: BOOTREQUEST description: |- This is used to specify the general type of message. A client sending request to a server uses an op code of BOOTREQUEST, while a server replying uses an op code of BOOTREPLY. enum: - BOOTREQUEST - BOOTREPLY title: |- Message op code / message type type: string type: object x-vmw-nsx-module: Traceflow DhcpIpPoolUsage: properties: allocated_number: description: |- allocated number. COULD BE INACCURATE, REFERENCE ONLY. format: int64 title: |- allocated number. COULD BE INACCURATE, REFERENCE ONLY. type: integer allocated_percentage: description: |- allocated percentage. COULD BE INACCURATE, REFERENCE ONLY. format: int64 title: |- allocated percentage. COULD BE INACCURATE, REFERENCE ONLY. type: integer dhcp_ip_pool_id: description: |- uuid of dhcp ip pool title: |- uuid of dhcp ip pool type: string pool_size: description: |- pool size format: int64 title: |- pool size type: integer required: - allocated_percentage - pool_size - allocated_number - dhcp_ip_pool_id type: object x-vmw-nsx-module: AggSvcDhcp DhcpLeasePerIP: properties: expire_time: description: |- expire time of the lease title: |- expire time of the lease type: string ip_address: description: |- ip address of client title: |- ip address of client type: string lease_time: description: |- lease time of the ip address, in seconds title: |- lease time of the ip address, in seconds type: string mac_address: description: |- mac address of client title: |- mac address of client type: string start_time: description: |- start time of lease title: |- start time of lease type: string subnet: description: |- subnet of client network title: |- subnet of client network type: string required: - start_time - ip_address - mac_address type: object x-vmw-nsx-module: AggSvcDhcp DhcpLeases: properties: dhcp_server_id: description: |- dhcp server uuid title: |- dhcp server uuid type: string leases: description: |- The lease info list of the server items: $ref: '#/definitions/DhcpLeasePerIP' maxItems: 65535 minItems: 0 title: |- The lease info list of the server type: array timestamp: description: |- timestamp of the lease info format: int64 type: integer type: object x-vmw-nsx-module: AggSvcDhcp DhcpLeasesResult: allOf: - $ref: '#/definitions/DhcpLeases' - properties: connectivity_path: description: | Policy path to Segment, Tier0 or Tier1 gateway where DHCP server is attached. title: |- Policy path to Segment, Tier0 or Tier1 gateway type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics DhcpOption121: description: |- DHCP option 121 to define classless static route. properties: static_routes: description: |- Classless static route of DHCP option 121. items: $ref: '#/definitions/ClasslessStaticRoute' maxItems: 27 minItems: 1 title: |- DHCP classless static routes type: array required: - static_routes title: |- DHCP option 121 type: object x-vmw-nsx-module: Dhcp DhcpRelayConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: server_addresses: description: | DHCP server IP addresses for DHCP relay configuration. Both IPv4 and IPv6 addresses are supported. items: description: |- IPv4 or IPv6 address format: ip type: string title: |- DHCP relay addresses type: array required: - server_addresses type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP relay configuration. Please note, the realized-state of this entity returned by the "GET /policy/api/v1/infra/realized-state/realized-entity" with this entity policy-path is irrelevant with the application status of this entity. Please do not rely on this returned realized-state to determine how this dhcp-relay-config was applied. The dhcp realization information was reflected in the realization states of the referencing Segment or T0/T1 gateway. title: |- DHCP relay configuration x-vmw-nsx-module: PolicyConnectivity DhcpRelayConfigListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- DhcpRelayConfig results items: $ref: '#/definitions/DhcpRelayConfig' title: |- DhcpRelayConfig results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of DhcpRelayConfigs title: |- Paged collection of DhcpRelayConfigs x-vmw-nsx-module: PolicyConnectivity DhcpServerConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: edge_cluster_path: description: | Edge cluster path. Auto assigned if only one edge cluster is configured on enforcement-point. Modifying edge cluster will reallocate DHCP server to the new edge cluster. Please note that re-allocating edge-cluster will result in losing of all exisitng DHCP lease information. Change edge cluster only when losing DHCP leases is not a real problem, e.g. cross-site migration or failover and all client hosts will be reboot and get new IP addresses. title: |- Edge cluster path type: string lease_time: default: 86400 description: | IP address lease time in seconds. format: int64 maximum: 4294967295 minimum: 60 title: |- IP address lease time in seconds type: integer preferred_edge_paths: description: | Policy paths to edge nodes on which the DHCP servers run. The first edge node is assigned as active edge, and second one as stanby edge. If only one edge node is specified, the DHCP servers will run without HA support. When this property is not specified, edge nodes are auto-assigned during realization of the DHCP server. items: type: string maxItems: 2 title: |- Edge node path type: array server_address: description: | DHCP server address in CIDR format. Prefix length should be less than or equal to 30. DHCP server is deployed as DHCP relay service. This property is deprecated, use server_addresses instead. Both properties cannot be specified together with different new values. format: ip-cidr-block title: |- DHCP server address in CIDR format type: string x-deprecated: true server_addresses: description: | DHCP server address in CIDR format. Both IPv4 and IPv6 address families are supported. Prefix length should be less than or equal to 30 for IPv4 address family and less than or equal to 126 for IPv6. When not specified, IPv4 value is auto-assigned to 100.96.0.1/30. Ignored when this object is configured at a Segment. items: format: ip-cidr-block type: string maxItems: 2 title: |- DHCP server address in CIDR format type: array type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP server configuration. Please note, the realized-state of this entity returned by the "GET /policy/api/v1/infra/realized-state/realized-entity" with this entity policy-path is irrelevant with the application status of this entity. Please do not rely on this returned realized-state to determine how this dhcp-server-config was applied. The dhcp realization information was reflected in the realization states of the referencing Segment or T0/T1 gateway. title: |- DHCP server configuration x-vmw-nsx-module: PolicyConnectivity DhcpServerConfigListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- DhcpServerConfig results items: $ref: '#/definitions/DhcpServerConfig' title: |- DhcpServerConfig results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of DhcpServerConfigs title: |- Paged collection of DhcpServerConfigs x-vmw-nsx-module: PolicyConnectivity DhcpServerState: allOf: - $ref: '#/definitions/ConfigurationState' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics DhcpServerStatistics: allOf: - $ref: '#/definitions/DhcpStatistics' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics DhcpServerStatus: properties: active_node: description: |- uuid of active transport node title: |- uuid of active transport node type: string error_message: description: |- Error message, if available title: |- Error message, if available type: string service_status: description: | UP means the dhcp service is working fine on both active transport-node and stand-by transport-node (if have), hence fail-over can work at this time if there is failure happens on one of the transport-node; DOWN means the dhcp service is down on both active transport-node and stand-by node (if have), hence the dhcp-service will not repsonse any dhcp request; Error means error happens on transport-node(s) or no status is reported from transport-node(s). The dhcp service may be working (or not working); NO_STANDBY means dhcp service is working in one of the transport node while not in the other transport-node (if have). Hence if the dhcp service in the working transport-node is down, fail-over will not happen and the dhcp service will go down. enum: - UP - DOWN - ERROR - NO_STANDBY type: string stand_by_node: description: |- uuid of stand_by transport node. null if non-HA mode title: |- uuid of stand_by transport node. null if non-HA mode type: string required: - service_status - active_node type: object x-vmw-nsx-module: AggSvcDhcp DhcpStaticBindingConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - DhcpV4StaticBindingConfig - DhcpV6StaticBindingConfig type: string required: - resource_type type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP IPv4 and IPv6 static bindings are extended from this abstract class. title: |- Base class for DHCP options x-vmw-nsx-module: PolicyConnectivity DhcpStaticBindingConfigListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of DhcpStaticBindingConfig items: $ref: '#/definitions/DhcpStaticBindingConfig' title: |- Paginated list of DhcpStaticBindingConfig type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity DhcpStaticBindingState: allOf: - $ref: '#/definitions/ConfigurationState' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics DhcpStatistics: properties: acks: description: |- The total number of DHCP ACK packets format: int64 title: |- The total number of DHCP ACK packets type: integer declines: description: |- The total number of DHCP DECLINE packets format: int64 title: |- The total number of DHCP DECLINE packets type: integer dhcp_server_id: description: |- dhcp server uuid title: |- dhcp server uuid type: string discovers: description: |- The total number of DHCP DISCOVER packets format: int64 title: |- The total number of DHCP DISCOVER packets type: integer errors: description: |- The total number of DHCP errors format: int64 title: |- The total number of DHCP errors type: integer informs: description: |- The total number of DHCP INFORM packets format: int64 title: |- The total number of DHCP INFORM packets type: integer ip_pool_stats: description: |- The DHCP ip pool usage statistics items: $ref: '#/definitions/DhcpIpPoolUsage' title: |- The DHCP ip pool usage statistics type: array nacks: description: |- The total number of DHCP NACK packets format: int64 title: |- The total number of DHCP NACK packets type: integer offers: description: |- The total number of DHCP OFFER packets format: int64 title: |- The total number of DHCP OFFER packets type: integer releases: description: |- The total number of DHCP RELEASE packets format: int64 title: |- The total number of DHCP RELEASE packets type: integer requests: description: |- The total number of DHCP REQUEST packets format: int64 title: |- The total number of DHCP REQUEST packets type: integer timestamp: description: |- timestamp of the statistics format: int64 type: integer required: - errors - releases - informs - timestamp - dhcp_server_id - nacks - offers - discovers - acks - declines - requests type: object x-vmw-nsx-module: AggSvcDhcp DhcpV4Options: description: |- DHCP options for IPv4 server. properties: option121: $ref: '#/definitions/DhcpOption121' description: | DHCP option 121 to define classless static routes. title: |- DHCP option 121 others: description: | To define DHCP options other than option 121 in generic format. Please note, only the following options can be defined in generic format. Those other options will be accepted without validation but will not take effect. -------------------------- Code Name -------------------------- 2 Time Offset 6 Domain Name Server 13 Boot File Size 19 Forward On/Off 26 MTU Interface 28 Broadcast Address 35 ARP Timeout 40 NIS Domain 41 NIS Servers 42 NTP Servers 44 NETBIOS Name Srv 45 NETBIOS Dist Srv 46 NETBIOS Node Type 47 NETBIOS Scope 58 Renewal Time 59 Rebinding Time 64 NIS+-Domain-Name 65 NIS+-Server-Addr 66 TFTP Server-Name (used by PXE) 67 Bootfile-Name (used by PXE) 93 PXE: Client system architecture 94 PXE: Client NDI 97 PXE: UUID/UNDI 117 Name Service Search 119 Domain Search 150 TFTP server address (used by PXE) 175 Etherboot 209 PXE Configuration File 210 PXE Path Prefix 211 PXE Reboot Time items: $ref: '#/definitions/GenericDhcpOption' maxItems: 255 minItems: 0 title: |- Other DHCP options type: array title: |- DHCP options for IPv4 address family type: object x-vmw-nsx-module: PolicyConnectivity DhcpV4StaticBindingConfig: allOf: - $ref: '#/definitions/DhcpStaticBindingConfig' - properties: gateway_address: description: | When not specified, gateway address is auto-assigned from segment configuration. format: ipv4 type: string host_name: description: | Hostname to assign to the host. maxLength: 63 title: |- Host name type: string ip_address: description: | IP assigned to host. The IP address must belong to the subnet, if any, configured on Segment. format: ipv4 type: string lease_time: default: 86400 description: | DHCP lease time in seconds. format: int64 maximum: 4294967295 minimum: 60 title: |- Lease time type: integer mac_address: description: | MAC address of the host. format: mac-address type: string options: $ref: '#/definitions/DhcpV4Options' description: | IPv4 DHCP options. title: |- DHCP options required: - ip_address - mac_address type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP IPv4 static bindings are configured for each segment. title: |- DHCP static binding x-vmw-nsx-module: PolicyConnectivity DhcpV6Options: description: |- DHCP options for IPv6 server. title: |- DHCP options for IPv6 address family type: object x-vmw-nsx-module: PolicyConnectivity DhcpV6StaticBindingConfig: allOf: - $ref: '#/definitions/DhcpStaticBindingConfig' - properties: dns_nameservers: description: | When not specified, no DNS nameserver will be set to client host. items: type: string maxItems: 2 minItems: 0 title: |- DNS nameservers to be set to client host type: array domain_names: description: | When not specified, no domain name will be assigned to client host. items: type: string title: |- Domain names to be assigned to client host type: array ip_addresses: description: | When not specified, no ip address will be assigned to client host. items: description: |- IPv6 address format: ipv6 type: string maxItems: 1 minItems: 0 title: |- IP addresses to be assigned to client host type: array lease_time: default: 86400 description: |- Lease time, in seconds. format: int64 maximum: 4294967295 minimum: 60 title: |- Lease time type: integer mac_address: description: | The MAC address of the client host. Either client-duid or mac-address, but not both. format: mac-address type: string preferred_time: description: | Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used. format: int64 maximum: 4294967295 minimum: 48 title: |- Preferred time type: integer sntp_servers: description: |- SNTP server IP addresses. items: description: |- IPv6 address format: ipv6 type: string maxItems: 2 minItems: 0 title: |- SNTP server ips type: array required: - mac_address type: object x-vmw-nsx-module: PolicyConnectivity description: | DHCP IPv6 static bindings are configured for each segment. title: |- DHCP static binding x-vmw-nsx-module: PolicyConnectivity Dhcpv6Header: properties: msg_type: default: SOLICIT description: |- This is used to specify the DHCP v6 message. To request the assignment of one or more IPv6 addresses, a client first locates a DHCP server and then requests the assignment of addresses and other configuration information from the server. The client sends a Solicit message to the All_DHCP_Relay_Agents_and_Servers address to find available DHCP servers. Any server that can meet the client's requirements responds with an Advertise message. The client then chooses one of the servers and sends a Request message to the server asking for confirmed assignment of addresses and other configuration information. The server responds with a Reply message that contains the confirmed addresses and configuration. SOLICIT - A client sends a Solicit message to locate servers. ADVERTISE - A server sends and Advertise message to indicate that it is available. REQUEST - A client sends a Request message to request configuration parameters. REPLY - A server sends a Reply message containing assigned addresses and configuration parameters. enum: - SOLICIT - ADVERTISE - REQUEST - REPLY title: |- DHCP message type type: string type: object x-vmw-nsx-module: Traceflow DiscoveredNode: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: certificate: description: |- Certificate of the discovered node title: |- Certificate of the discovered node type: string cm_local_id: description: |- Local Id of the discovered node in the Compute Manager readOnly: true title: |- Local Id of the discovered node in the Compute Manager type: string external_id: description: |- External id of the discovered node, ex. a mo-ref from VC readOnly: true title: |- External id of the discovered node, ex. a mo-ref from VC type: string hardware_id: description: |- Hardware Id is generated using system hardware info. It is used to retrieve fabric node of the esx. readOnly: true title: |- Hardware Id of the discovered node type: string ip_addresses: description: |- IP Addresses of the the discovered node. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- IP Addresses of the the discovered node. type: array node_type: description: |- Discovered Node type like Host readOnly: true title: |- Discovered Node type like Host type: string origin_id: description: |- Id of the compute manager from where this node was discovered readOnly: true title: |- Id of the compute manager from where this node was discovered type: string origin_properties: description: | Key-Value map of additional specific properties of discovered node in the Compute Manager items: $ref: '#/definitions/KeyValuePair' readOnly: true title: | Key-Value map of additional specific properties of discovered node in the Compute Manager type: array os_type: description: |- OS type of the discovered node readOnly: true title: |- OS type of the discovered node type: string os_version: description: |- OS version of the discovered node readOnly: true title: |- OS version of the discovered node type: string parent_compute_collection: description: |- External id of the compute collection to which this node belongs readOnly: true title: |- External id of the compute collection to which this node belongs type: string stateless: description: |- The stateless property describes whether host persists its state across reboot or not. If state persists, value is set as false otherwise true. readOnly: true title: |- Specifies whether host is stateless type: boolean type: object x-vmw-nsx-module: InventoryCmObj x-vmw-nsx-module: InventoryCmObj DiscoveredResource: allOf: - $ref: '#/definitions/Resource' - discriminator: resource_type properties: _last_sync_time: description: |- Timestamp of last modification format: int64 readOnly: true type: integer description: description: |- Description of this resource maxLength: 1024 title: |- Description of this resource type: string display_name: description: |- Defaults to ID if not set maxLength: 255 title: |- Identifier to use when displaying entity in logs or GUI type: string resource_type: description: |- The type of this resource. readOnly: false type: string tags: description: |- Opaque identifiers meaningful to the API user items: $ref: '#/definitions/Tag' maxItems: 30 title: |- Opaque identifiers meaningful to the API user type: array required: - resource_type type: object x-vmw-nsx-module: Common description: |- Base class for resources that are discovered and automatically updated title: |- Base class for resources that are discovered and automatically updated x-vmw-nsx-module: Common DiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Base Discovery Profile Binding Map title: |- Base Discovery Profile Binding Map x-vmw-nsx-module: PolicyDiscoveryProfileBinding DistributedFloodProtectionProfile: allOf: - $ref: '#/definitions/FloodProtectionProfile' - properties: enable_rst_spoofing: default: false description: |- If set to true, rst spoofing will be enabled. Flag is used only for distributed firewall profiles. readOnly: false title: |- Flag to indicate rst spoofing is enabled type: boolean enable_syncache: default: false description: |- If set to true, sync cache will be enabled. Flag is used only for distributed firewall profiles. readOnly: false title: |- Flag to indicate syncache is enabled type: boolean type: object x-vmw-nsx-module: PolicyProfile x-vmw-nsx-module: PolicyProfile DistributedVirtualPortgroup: allOf: - $ref: '#/definitions/VirtualPortgroup' - properties: backing_type: description: | For distributed virtual portgroup, backing type is standard. For logical switch portgroup, the backing type is set to nsx. readOnly: true title: |- Backing type for portgroup type: string key: description: |- Generated UUID of the portgroup readOnly: true title: |- Generated UUID of the portgroup type: string overall_status: description: | This parameters reflects the managed entity status of the portgroup as reported by VC. enum: - RED - YELLOW - GREEN - GRAY readOnly: true title: |- General status of the virtual portgroup type: string type: object x-vmw-nsx-module: InventoryCmObj description: |- Distributed virtual portgroup on a VC title: |- Distributed virtual portgroup on a VC x-vmw-nsx-module: InventoryCmObj DistributedVirtualSwitch: allOf: - $ref: '#/definitions/VirtualSwitch' - properties: discovered_nodes: description: |- Array of discovered nodes connected to this switch. items: $ref: '#/definitions/DiscoveredNode' readOnly: true title: |- Array of discovered nodes connected type: array lacp_group_configs: description: | It contains information about VMware specific multiple dynamic LACP groups. items: $ref: '#/definitions/LacpGroupConfigInfo' readOnly: false title: |- Array of Link Aggregation Control Protocol (LACP) configuration type: array origin_properties: description: |- Key-Value map of additional properties of switch items: $ref: '#/definitions/KeyValuePair' readOnly: true title: |- Key-Value map of additional properties of switch type: array uplink_port_names: description: |- The uniform name of uplink ports on each host. items: type: string readOnly: true title: |- Uplink port names type: array uplink_portgroup: $ref: '#/definitions/DistributedVirtualPortgroup' description: |- Uplink portgroup of distributed virtual switch readOnly: true title: |- Uplink portgroup of distributed virtual switch uuid: description: |- UUID of the switch readOnly: true title: |- UUID of the switch type: string type: object x-vmw-nsx-module: InventoryCmObj description: |- DistributedVirtualSwitch on a VC title: |- DistributedVirtualSwitch on a VC x-vmw-nsx-module: InventoryCmObj DnsHeader: properties: address: description: |- This is used to define what is being asked or responded. format: hostname-or-ip title: |- Domain name/IP to query/response type: string address_type: default: V4 description: |- This is used to specify the type of the address. V4 - The address provided is an IPv4 domain name/IP address, the Type in query or response will be A V6 - The address provided is an IPv6 domain name/IP address, the Type in query or response will be AAAA enum: - V4 - V6 type: string message_type: default: QUERY description: |- Specifies the message type whether it is a query or a response. enum: - QUERY - RESPONSE title: |- Specifies the message type whether it is a query or a response. type: string type: object x-vmw-nsx-module: Traceflow DnsSecurityProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ttl: default: 86400 description: | Time to live for DNS cache entry in seconds. Valid TTL values are between 3600 to 864000. However, this field accepts values between 0 through 864000. We define TTL type based on the value of TTL as follows: TTL 0 - cached entry never expires. TTL 1 to 3599 - invalid input and error is thrown TTL 3600 to 864000 - ttl is set to user input TTL field not set by user - TTL type is 'AUTO' and ttl value is set from DNS response packet. User defined TTL value is used only when it is betweeen 3600 to 864000. format: int64 maximum: 864000 minimum: 0 title: |- Time to live for DNS cache entry type: integer type: object x-vmw-nsx-module: PolicyProfile description: |- Used to configure DNS security profile title: |- DNS security profile x-vmw-nsx-module: PolicyProfile DnsSecurityProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - properties: sequence_number: description: | Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000. format: int64 maximum: 100000 minimum: 1 title: |- Sequence number DNS Security Profile Binding Map type: integer type: object x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding description: | This entity will be used to establish association between DNS security profile and Group. With this entity, user can specify intent for applying DNS security profile profile to particular Group. title: |- Binding Map for DNS Security Profile x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding DnsSecurityProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- DNS Security Profile Binding Map List Results items: $ref: '#/definitions/DnsSecurityProfileBindingMap' title: |- DNS Security Profile Binding Map List Results type: array type: object x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding description: |- Paged collection of DNS Security Profile Binding Map title: |- Paged collection of DNS Security Profile Binding Map x-vmw-nsx-module: PolicyFirewallDnsSecurityProfileBinding DnsSecurityProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- DnsSecurityProfile list results items: $ref: '#/definitions/DnsSecurityProfile' title: |- DnsSecurityProfile list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of DnsSecurityProfile title: |- Paged Collection of DnsSecurityProfile x-vmw-nsx-module: PolicyProfile Domain: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: Policy description: |- Domain. title: |- Domain x-vmw-nsx-module: Policy DomainDeploymentMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enforcement_point_path: description: |- Path of enforcement point on which domain shall be enforced. title: |- Absolute path of enforcement point type: string required: - enforcement_point_path type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Binding of domain to the enforcement point. title: |- Domain Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement DomainDeploymentMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Domain Deployment Map list result. items: $ref: '#/definitions/DomainDeploymentMap' title: |- Domain Deployment Map List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged collection of Domain Deployment Map. title: |- Paged Collection of Domain Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement DomainListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Domain list results items: $ref: '#/definitions/Domain' title: |- Domain list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Domains title: |- Paged Collection of Domains x-vmw-nsx-module: Policy DonutConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: count: description: |- Expression to retrieve count to be shown on Donut. title: |- Expression to retrieve count to be shown on Donut type: string display_count: default: true description: |- If true, displays the count of entities in the donut title: |- Show or hide the count of entities type: boolean label: $ref: '#/definitions/Label' description: |- Displayed at the middle of the donut, by default. It labels the entities of donut. title: |- Label of the Donut Configuration navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string sections: description: |- Sections items: $ref: '#/definitions/DonutSection' minItems: 1 title: |- Sections type: array required: - sections type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration of a Donut title: |- Donut Configuration x-vmw-nsx-module: NsxDashboard DonutPart: description: |- Represents an entity or portion to be plotted on a donut or stats chart. properties: condition: description: |- If the condition is met then the part will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. title: |- Expression for evaluating condition type: string drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. title: |- Id of drilldown widget type: string field: description: |- A numerical value that represents the portion or entity of the donut or stats chart. maxLength: 1024 title: |- Value of the portion or entity of donut or stats chart type: string hide_empty_legend: default: false description: |- If true, legend will be shown only if the data for the part is available. This is applicable only if legends are specified in widget configuration. title: |- Hide the legend if the data for the part is not available type: boolean label: $ref: '#/definitions/Label' description: |- If a section 'template' holds this donut or stats part, then the label is auto-generated from the fetched field values after applying the template. title: |- Label of the portion or entity of donut or stats chart navigation: description: |- Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used. title: |- Navigation to a specified UI page type: string render_configuration: description: |- Additional rendering or conditional evaluation of the field values to be performed, if any. items: $ref: '#/definitions/RenderConfiguration' minItems: 0 title: |- Render Configuration type: array tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the portion. items: $ref: '#/definitions/Tooltip' minItems: 0 title: |- Multi-line tooltip type: array required: - field title: |- Portion of a donut or stats chart type: object x-vmw-nsx-module: NsxDashboard DonutSection: description: |- Represents high level logical grouping of portions or segments of a donut / stats chart. properties: parts: description: |- Array of portions or parts of the donut or stats chart. items: $ref: '#/definitions/DonutPart' minItems: 1 title: |- Parts of a donut / stats chart type: array row_list_field: description: |- Field of the root of the api result set for forming parts. maxLength: 1024 title: |- Field from which parts of the donut or stats chart are formed type: string template: default: false description: |- If true, the section will be appled as template for forming parts. Only one part will be formed from each element of 'row_list_field'. title: |- Template, if any, for automatically forming the donut or stats parts type: boolean required: - parts title: |- Section of a donut or stats chart type: object x-vmw-nsx-module: NsxDashboard DropdownFilterWidgetConfiguration: allOf: - $ref: '#/definitions/FilterWidgetConfiguration' - properties: default_value: description: |- Expression to specify default value of filter. title: |- Expression to specify default value type: string dropdown_item: $ref: '#/definitions/DropdownItem' description: |- Defines the item of a dropdown. title: |- Definition for item of a dropdown placeholder_msg: description: |- Placeholder message to be displayed in dropdown filter. title: |- Placeholder message to be shown in filter type: string static_filter_condition: description: |- If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally. title: |- Expression for evaluating condition type: string static_filters: description: |- Additional static items to be added in dropdown filter. Example can be 'ALL'. items: $ref: '#/definitions/StaticFilter' title: |- Additional static items to be added in dropdown filter type: array required: - dropdown_item type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration for dropdown filter widget. title: |- Dropdown Filter widget Configuration x-vmw-nsx-module: NsxDashboard DropdownItem: description: |- Dropdown item definition properties: display_name: description: |- expression to extract display name to be shown in the drop down. maxLength: 1024 title: |- Display name for item to be displayed in dropdown type: string field: description: |- An expression that represents the items of the dropdown filter. title: |- Expression for dropdown items of filter type: string value: description: |- Value of filter inside dropdown filter. title: |- Value for item to be displayed in dropdown type: string required: - field - value title: |- Dropdown item definition type: object x-vmw-nsx-module: NsxDashboard DuplicateIPDetectionOptions: description: |- Contains dupliacte IP detection related discovery options. properties: duplicate_ip_detection_enabled: default: false description: |- Indicates whether duplicate IP detection should be enabled title: |- Duplicate IP detection type: boolean title: |- Controls duplicate IP detection options type: object x-vmw-nsx-module: PolicyIpDiscovery EULAAcceptance: allOf: - $ref: '#/definitions/Resource' - properties: acceptance: description: |- Acceptance status of End User License Agreement title: |- End User License Agreement acceptance status type: boolean required: - acceptance type: object x-vmw-nsx-module: EULA description: |- Indicate the status of End User License Agreement acceptance title: |- EULA acceptance status x-vmw-nsx-module: EULA EULAContent: allOf: - $ref: '#/definitions/Resource' - properties: content: description: |- Content of End User License Agreement title: |- End User License Agreement content type: string type: object x-vmw-nsx-module: EULA description: |- End User License Agreement content title: |- EULA content x-vmw-nsx-module: EULA EdgeConfigurationState: allOf: - $ref: '#/definitions/ConfigurationState' - properties: pending_change_list: description: |- Request identifier of the API which modified the entity. items: type: string readOnly: true title: |- List of pending changes type: array type: object x-vmw-nsx-module: LogicalRouter description: | This contains fields that captures state of Trackable entities. Edge and VPN state entities extend this object. title: |- Configuration State for Edge and VPN entities. x-vmw-nsx-module: LogicalRouter EffectiveIPInfo: description: |- List of effective ip address along with site id properties: effective_ips: items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string type: array site_id: description: | Id of the site to which the effective IPs belong to title: | Id of the site to which the effective IPs belong to type: string required: - effective_ips - site_id title: |- List of effective ip address along with site id type: object x-vmw-nsx-module: GroupingObjectsProviders EgressRateLimiter: allOf: - $ref: '#/definitions/QoSBaseRateLimiter' - properties: average_bandwidth: default: 0 description: |- Average bandwidth in Mb/s format: int32 minimum: 0 title: |- Average bandwidth in Mb/s type: integer burst_size: default: 0 description: |- Burst size in bytes format: int32 minimum: 0 title: |- Burst size in bytes type: integer peak_bandwidth: default: 0 description: |- Peak bandwidth in Mb/s format: int32 minimum: 0 title: |- Peak bandwidth in Mb/s type: integer type: object x-vmw-nsx-module: PolicyQoS description: |- A shaper that specifies egress rate properties in Mb/s title: |- A shaper that specifies egress rate properties in Mb/s x-vmw-nsx-module: PolicyQoS EndpointPolicy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: endpoint_rules: description: |- Endpoint Rules that are a part of this EndpointPolicy items: $ref: '#/definitions/EndpointRule' title: |- Endpoint Rules that are a part of this EndpointPolicy type: array sequence_number: default: 0 description: | This field is used to resolve conflicts between maps across domains. format: int32 maximum: 499 minimum: 0 title: |- Precedence to resolve conflicts across Domains type: integer type: object x-vmw-nsx-module: PolicyGuestIntrospection description: | Ordered list of Endpoint Rules ordered by sequence number of the entries. The maximum number of policies is 25. title: | Contains ordered list of Endpoint Rules x-vmw-nsx-module: PolicyGuestIntrospection EndpointRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: groups: description: | We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. items: type: string maxItems: 50 title: |- group paths type: array sequence_number: default: 0 description: | This field is used to resolve conflicts between multiple entries under EndpointPolicy. It will be system default value when not specified by user. format: int32 maximum: 499 minimum: 0 title: |- Sequence number of this Entry type: integer service_profiles: description: | The policy paths of service profiles are listed here. It pecifies what services are applied on the group. Currently only one is allowed. items: type: string maxItems: 1 title: |- Names of service profiles type: array required: - service_profiles - groups type: object x-vmw-nsx-module: PolicyGuestIntrospection description: |- Endpoint Rule comes from user configuration. User configures Endpoint Rule to specify what services are applied on the groups. title: |- Endpoint Rule for guest introspection. x-vmw-nsx-module: PolicyGuestIntrospection EnforcedStatusDetailsNsxT: description: | Detailed Realized Status of an intent object on an NSX-T type of enforcement point. This is a detailed view of the Realized Status of an intent object from an NSX-T enforcement point perspective. properties: enforced_status_info: $ref: '#/definitions/EnforcedStatusInfoNsxT' description: | Information about the realized status of the intent on this enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info. readOnly: true title: |- Enforced Realized Status Info pending_changes_info: $ref: '#/definitions/PendingChangesInfoNsxT' description: | Information about pending changes, if any, that aren't reflected in the Enforced Realized Status. readOnly: true title: |- Pending Changes Info title: |- NSX-T Enforced Realized Status Details type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcedStatusInfoNsxT: description: | Information about the realized status of the intent object on an NSX-T type of enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info. In addition to the realized status across all scopes, this information holds details about enforced realized status per scope. properties: enforced_status: $ref: '#/definitions/EnforcedStatusNsxT' description: | Consolidated Realized Status of an Intent object across all scopes of an NSX-T type of enforcement point. readOnly: true title: |- Enforced Realized Status enforced_status_per_scope: description: |- List of Enforced Realized Status per Scope. items: $ref: '#/definitions/EnforcedStatusPerScopeNsxT' readOnly: true title: |- List of Enforced Realized Status per Scope type: array title: |- NSX-T Enforced Realized Status Information type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcedStatusNsxT: description: |- NSX-T Enforced Status. properties: status: description: |- Enforced Realized Status. enum: - UNINITIALIZED - UNKNOWN - UP - DOWN - DEGRADED - SUCCESS - FAILURE - IN_PROGRESS readOnly: true type: string status_message: description: | Status Message conveying hints depending on the status value. readOnly: true title: |- Status Message type: string title: |- NSX-T Enforced Status type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcedStatusPerScopeNsxT: description: | NSX-T Detailed Realized Status Per Scope. discriminator: resource_type properties: resource_type: description: | Enforced Realized Status Per Scope Resource Type. enum: - TransportNodeSpanEnforcedStatus readOnly: true title: |- Resource Type type: string required: - resource_type title: |- NSX-T Enforced Realized Status Per Scope type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcedStatusPerTransportNode: description: |- Detailed Realized Status Per Transport Node. properties: display_name: description: | Display name of the transport node. readOnly: true title: |- Transport Node Display Name type: string enforced_status: $ref: '#/definitions/EnforcedStatusNsxT' description: | Realized Status of an Intent object on this Transport Node. readOnly: true title: |- Enforced Realized Status nsx_id: description: | UUID identifying uniquely the Transport Node. readOnly: true title: |- Transport Node Identifier type: string path: description: | Policy Path referencing the transport node. readOnly: true title: |- Transport Node Path type: string title: |- Enforced Realized Status Per Transport Node type: object x-vmw-nsx-module: PolicyRealizationStatus EnforcementPoint: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: auto_enforce: default: true description: | Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps. title: |- Auto Enforce Flag type: boolean connection_info: $ref: '#/definitions/EnforcementPointConnectionInfo' description: |- Connection Info of the Enforcement Point. title: |- Enforcement Point Connection Info version: description: |- Version of the Enforcement point. readOnly: true title: |- Enforcement point Version type: string required: - connection_info type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Enforcement point is the endpoint where policy configurations are applied. title: |- Enforcement Point x-vmw-nsx-module: PolicyEnforcementPointManagement EnforcementPointConnectionInfo: description: |- Contains information required to connect to enforcement point. discriminator: resource_type properties: enforcement_point_address: description: | Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" title: |- Enforcement Point Address type: string resource_type: description: |- Resource Type of Enforcement Point Connection Info. enum: - NSXTConnectionInfo - NSXVConnectionInfo - CvxConnectionInfo title: |- Connection Info Resource Type type: string required: - enforcement_point_address - resource_type title: |- Enforcement Point Connection Info type: object x-vmw-nsx-module: PolicyEnforcementPointManagement EnforcementPointListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Enforcement Point list Results. items: $ref: '#/definitions/EnforcementPoint' title: |- Enforcement Point List Results type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged collection of enforcement points. title: |- Paged Collection of EnforcementPoints x-vmw-nsx-module: PolicyEnforcementPointManagement EntityInstanceCountConstraintExpression: allOf: - $ref: '#/definitions/ConstraintExpression' - properties: count: description: |- Instance count. format: int64 title: |- Instance count. type: integer operator: description: |- Operations supported '<' and '<='. title: |- Operations supported '<' and '<='. type: string required: - operator - count type: object x-vmw-nsx-module: PolicyConstraints description: | Represents the leaf level constraint to restrict the number instances of an entity type can be created. This is useful in restricting number of CGWs or MGWs or Providers that can created in a system. title: |- Represents the leaf level constraint to restrict the number instances of type. x-vmw-nsx-module: PolicyConstraints ErrorResolverInfo: description: |- Metadata related to a given error_id properties: error_id: description: |- The error id for which metadata information is needed format: int64 title: |- The error id for which metadata information is needed type: integer resolver_present: description: |- Indicates whether there is a resolver associated with the error or not title: |- Indicates whether there is a resolver associated with the error or not type: boolean user_metadata: $ref: '#/definitions/ErrorResolverUserMetadata' description: |- User supplied metadata that might be required by the resolver title: |- User supplied metadata that might be required by the resolver required: - error_id - resolver_present type: object x-vmw-nsx-module: ErrorResolver ErrorResolverInfoList: description: |- Collection of all registered ErrorResolverInfo properties: results: description: |- ErrorResolverInfo list items: $ref: '#/definitions/ErrorResolverInfo' title: |- ErrorResolverInfo list type: array required: - results title: |- Collection of all registered ErrorResolverInfo type: object x-vmw-nsx-module: ErrorResolver ErrorResolverMetadata: description: |- Error along with its metadata properties: entity_id: description: |- The entity/node UUID where the error has occurred. title: |- The entity/node UUID where the error has occurred. type: string error_id: description: |- The error id as reported by the entity where the error occurred. format: int64 title: |- The error id as reported by the entity where the error occurred. type: integer system_metadata: $ref: '#/definitions/ErrorResolverSystemMetadata' description: |- This can come from some external system like syslog collector title: |- This can come from some external system like syslog collector user_metadata: $ref: '#/definitions/ErrorResolverUserMetadata' description: |- User supplied metadata that might be required by the resolver title: |- User supplied metadata that might be required by the resolver required: - error_id - entity_id type: object x-vmw-nsx-module: ErrorResolver ErrorResolverMetadataList: description: |- List of errors with their metadata properties: errors: description: |- List of errors with their corresponding metadata. items: $ref: '#/definitions/ErrorResolverMetadata' title: |- List of errors with their corresponding metadata. type: array required: - errors type: object x-vmw-nsx-module: ErrorResolver ErrorResolverSystemMetadata: description: |- Metadata fetched from an external system like Syslog or LogInsight. properties: value: description: |- The value fetched from another system title: |- The value fetched from another system type: string type: object x-vmw-nsx-module: ErrorResolver ErrorResolverUserInputData: description: |- Corresponds to one property entered by the user properties: data_type: description: |- The datatype of the given property. Useful for data validation enum: - TEXT - NUMBER - PASSWORD title: |- The datatype of the given property. Useful for data validation type: string property_name: description: |- Name of the property supplied by the user title: |- Name of the property supplied by the user type: string property_value: description: |- The value associated with the above property title: |- The value associated with the above property type: string required: - data_type - property_name type: object x-vmw-nsx-module: ErrorResolver ErrorResolverUserMetadata: description: |- User supplied metadata needed for resolving errors properties: user_input_list: description: |- List of user supplied input data. items: $ref: '#/definitions/ErrorResolverUserInputData' title: |- List of user supplied input data. type: array type: object x-vmw-nsx-module: ErrorResolver EtherTypeServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: ether_type: description: |- Type of the encapsulated protocol format: int64 title: |- Type of the encapsulated protocol type: integer required: - ether_type type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents an ethertype protocol title: |- A ServiceEntry that represents an ethertype protocol x-vmw-nsx-module: Policy EthernetHeader: properties: dst_mac: description: | The destination MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. title: |- Destination MAC address of the Ethernet header type: string eth_type: default: 2048 description: |- This field defaults to IPv4. format: int64 maximum: 65535 minimum: 1 title: |- The value of the type field to be put into the Ethernet header type: integer src_mac: description: | The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. title: |- Source MAC address of the Ethernet header type: string type: object x-vmw-nsx-module: Traceflow Evaluation: description: | Criterion Evaluation is the basic logical condition to evaluate whether the event could be potentially met. discriminator: resource_type properties: resource_type: description: | Criterion Evaluation resource type. enum: - SourceFieldEvaluation title: |- Resource Type type: string required: - resource_type title: |- Criterion Evaluation type: object x-vmw-nsx-module: PolicyReaction Event: description: | The Event is the criterion or criteria applied to the source and, when met, prompt Policy to run the action. All Reaction Events are constructed with reference to the object, the "source", that is logically deemed to be the object upon which the Event in question initially occurred upon. Some example events include: - New object was created. - Change in realization state. - Specific API is called. properties: criteria: description: | Criteria applied to the source and, if satisfied, would trigger the action. Criteria is composed of criterions. In order for the Criteria to be met, only one of the criterion must be fulfilled (implicit OR). items: $ref: '#/definitions/Criterion' title: |- Event Criteria type: array source: $ref: '#/definitions/Source' description: | Source that is logically deemed to be the "object" upon which the Event in question initially occurred upon. title: |- Event Source required: - source title: |- Reaction Event type: object x-vmw-nsx-module: PolicyReaction EvpnConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: encapsulation_method: $ref: '#/definitions/EvpnEncapConfig' description: | Encapsulation method for EVPN service that is used by the transport layer. title: |- Encapsulation method for EVPN. mode: default: INLINE description: |- EVPN service mode enum: - INLINE title: |- EVPN service mode type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Evpn Configuration. title: |- Evpn Configuration x-vmw-nsx-module: PolicyConnectivity EvpnEncapConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: vni_pool_path: description: |- vni pool path title: |- vni pool path type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Encapsulation method for EVPN. title: |- Encapsulation method for EVPN x-vmw-nsx-module: PolicyConnectivity EvpnTunnelEndpointConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: edge_path: description: |- edge path title: |- edge path type: string local_addresses: description: |- local addresses items: description: |- IPv4 address format: ipv4 type: string maxItems: 1 minItems: 1 title: |- local addresses type: array mtu: description: |- MTU format: int32 maximum: 9100 minimum: 64 title: |- MTU type: integer required: - edge_path - local_addresses type: object x-vmw-nsx-module: PolicyConnectivity description: |- Evpn Tunnel Endpoint Configuration. title: |- Evpn Tunnel Endpoint Configuration x-vmw-nsx-module: PolicyConnectivity Expression: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - Condition - ConjunctionOperator - NestedExpression - IPAddressExpression - MACAddressExpression - ExternalIDExpression - PathExpression - IdentityGroupExpression type: string required: - resource_type type: object x-vmw-nsx-module: Policy description: | All the nodes of the expression extend from this abstract class. This is present for extensibility. title: |- Base class for each node of the expression x-vmw-nsx-module: Policy ExternalIDExpression: allOf: - $ref: '#/definitions/Expression' - properties: external_ids: description: |- This array can consist of one or more external IDs for the specified member type. items: type: string minItems: 1 title: |- Array of external IDs for the specified member type type: array member_type: description: |- External ID member type enum: - VirtualMachine - VirtualNetworkInterface - CloudNativeServiceInstance - PhysicalServer title: |- External ID member type type: string required: - external_ids - member_type type: object x-vmw-nsx-module: Policy description: |- Represents external ID expressions in the form of an array, to support addition of objects like virtual interfaces, virtual machines, CloudNativeServiceInstance PhysicalServer to a group. title: |- External ID expression node x-vmw-nsx-module: Policy FIPSGlobalConfig: description: |- Global configuration properties: lb_fips_enabled: default: false description: |- When this flag is set to true FIPS mode will be set on ssl encryptions of load balancer feature. title: |- A flag to turn on or turn off the FIPS compliance of load balancer feature. type: boolean title: |- Global configuration type: object x-vmw-nsx-module: Policy FeaturePermission: description: |- Feature Permission properties: feature: description: |- Feature Id title: |- Feature Id type: string feature_description: description: |- Feature Description title: |- Feature Description type: string feature_name: description: |- Feature Name title: |- Feature Name type: string is_execute_recommended: description: |- Is execute recommended readOnly: true title: |- Is execute recommended type: boolean is_internal: description: |- Is internal readOnly: true title: |- Is internal type: boolean permission: description: |- Permission enum: - crud - read - execute - none title: |- Permission type: string required: - feature - permission title: |- Feature Permission type: object x-vmw-nsx-module: AAA FederationComponentUpgradeStatus: properties: component_type: description: |- Component type for the upgrade status readOnly: true title: |- Component type for the upgrade status type: string current_version_node_summary: description: |- Mapping of current versions of nodes and counts of nodes at the respective versions. items: $ref: '#/definitions/FederationNodeSummary' readOnly: true title: |- Mapping of current versions of nodes and counts of nodes at the respective versions. type: array details: description: |- Details about the upgrade status readOnly: true title: |- Details about the upgrade status type: string percent_complete: description: |- Indicator of upgrade progress in percentage readOnly: true title: |- Indicator of upgrade progress in percentage type: number status: description: |- Upgrade status of component enum: - SUCCESS - FAILED - IN_PROGRESS - NOT_STARTED - PAUSED readOnly: true title: |- Upgrade status of component type: string target_version: description: |- Target component version readOnly: true title: |- Target component version type: string type: object x-vmw-nsx-module: FederationUpgrade FederationConfig: description: | Global Manager federation configuration. This configuration is distributed to all Sites participating in federation. properties: site_config: description: |- Federation configurations of all Sites items: $ref: '#/definitions/SiteFederationConfig' readOnly: true title: |- Federation configurations of all Sites type: array title: |- Global Manager federation configuration type: object x-vmw-nsx-module: PolicySiteGM FederationConnectivityConfig: description: |- Additional configuration required for federation. properties: global_overlay_id: description: | Global id for by Layer3 services for federation usecases. format: int64 title: |- Auto generated federation global 24-bit id type: integer title: |- Federation connectivity configuration type: object x-vmw-nsx-module: PolicyConnectivity FederationGatewayConfig: allOf: - $ref: '#/definitions/FederationConnectivityConfig' - properties: site_allocation_indices: description: | Indicies for cross site allocation for edge cluster and its members referred by gateway. items: $ref: '#/definitions/SiteAllocationIndexForEdge' readOnly: true title: | Indicies for cross site allocation type: array transit_segment_id: description: | Global UUID for transit segment id to be used by Layer2 services for federation usecases. title: |- Auto generated federation global id for transit segment type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Additional gateway configuration required for federation title: |- Federation gateway configuration x-vmw-nsx-module: PolicyConnectivity FederationNodeSummary: allOf: - $ref: '#/definitions/Resource' - properties: node_count: description: |- Number of nodes of the type and at the component version. format: int32 readOnly: true title: |- Count of nodes type: integer version: description: |- Component version readOnly: true title: |- Component version type: string type: object x-vmw-nsx-module: FederationUpgrade x-vmw-nsx-module: FederationUpgrade FederationUpgradeSummary: description: | Provides upgrade summary for a specific site. properties: component_status: description: |- List of component statuses items: $ref: '#/definitions/FederationComponentUpgradeStatus' readOnly: true title: |- List of component statuses type: array current_version: description: |- This is NSX version for the site. readOnly: true title: |- Current version of the site type: string gpm_name: description: |- Name of the global manager if present. readOnly: true title: |- Name of the global manager type: string id: description: |- Unique identifier of this resource. readOnly: true title: |- UUID of this resource type: string last_upgrade_timestamp: description: |- Indicates the time when the site was upgraded. readOnly: true title: |- Last upgrade timestamp type: string name: description: |- Name of the site. readOnly: true title: |- Name of the site type: string overall_upgrade_status: description: |- Status of upgrade enum: - SUCCESS - FAILED - IN_PROGRESS - NOT_STARTED - PAUSED readOnly: true title: |- Status of upgrade type: string site_id: description: |- This is the Site Manager generated UUID for every NSX deployment. readOnly: true title: |- UUID of the site type: string site_ip: description: |- IP address of the site. readOnly: true title: |- Site IP type: string site_type: description: |- Type of this site. enum: - ACTIVE_GM_SITE - STANDBY_GM_SITE - NON_GM_SITE readOnly: true title: |- Site type type: string target_version: description: |- This is NSX target version for the site, if it is undergoing upgrade. readOnly: true title: |- Target version for the site type: string title: |- Upgrade Summary type: object x-vmw-nsx-module: FederationUpgrade FederationUpgradeSummaryListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged collection of site upgrade information items: $ref: '#/definitions/FederationUpgradeSummary' readOnly: true title: |- Paged collection of site upgrade information type: array type: object x-vmw-nsx-module: FederationUpgrade description: |- Paged Collection of site upgrade information title: |- Paged Collection of site upgrade information x-vmw-nsx-module: FederationUpgrade FieldSanityConstraintExpression: allOf: - $ref: '#/definitions/ConstraintExpression' - properties: checks: description: |- List of sanity checks. items: enum: - ALL_PUBLIC_IPS - ALL_PRIVATE_IPS type: string title: |- Array of sanity checks to be performed on field value type: array operator: description: |- A conditional operator enum: - OR - AND title: |- A conditional operator type: string required: - operator - checks type: object x-vmw-nsx-module: PolicyConstraints description: | Represents the field value constraint to constrain specified field value based on defined sanity checks. Example - For DNS.upstream_servers, all the IP addresses must either be public or private. { "target": { "target_resource_type": "DnsForwarderZone", "attribute": "upstreamServers", "path_prefix": "/infra/dns-forwarder-zones/" }, "constraint_expression": { "resource_type": "FieldSanityConstraintExpression", "operator": "OR", "checks": ["ALL_PUBLIC_IPS", "ALL_PRIVATE_IPS"] } } title: |- Represents the field value sanity constraint x-vmw-nsx-module: PolicyConstraints FieldSetting: description: | Field Setting. properties: field_pointer: description: |- Field Pointer. title: |- Field Pointer type: string value: $ref: '#/definitions/FieldSettingValue' description: |- Value that the field must be set to. title: |- Value required: - value - field_pointer title: |- FieldSetting type: object x-vmw-nsx-module: PolicyReaction FieldSettingValue: description: | Field Setting Value. discriminator: resource_type properties: resource_type: description: | Field Setting Value resource type. enum: - ConstantFieldValue title: |- Resource Type type: string required: - resource_type title: |- Field Setting Value type: object x-vmw-nsx-module: PolicyReaction FieldsPacketData: allOf: - $ref: '#/definitions/PacketData' - properties: arp_header: $ref: '#/definitions/ArpHeader' description: |- The ARP header title: |- The ARP header eth_header: $ref: '#/definitions/EthernetHeader' description: |- The ethernet header title: |- The ethernet header ip_header: $ref: '#/definitions/Ipv4Header' description: |- The IPv4 header title: |- The IPv4 header ipv6_header: $ref: '#/definitions/Ipv6Header' description: |- The IPv6 header title: |- The IPv6 header payload: description: |- Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload contains any data the user wants to put after the transport header. maxLength: 1336 title: |- RFC3548 compatible base64-encoded payload type: string transport_header: $ref: '#/definitions/TransportProtocolHeader' description: |- This field contains a protocol that is above IP. It is not restricted to the 'transport' defined by the OSI model (e.g., ICMP is supported). title: |- The transport header type: object x-vmw-nsx-module: Traceflow x-vmw-nsx-module: Traceflow FileTransferAuthenticationScheme: description: |- Remote server authentication details properties: password: description: |- Password to authenticate with title: |- Password to authenticate with type: string scheme_name: description: |- Authentication scheme name enum: - PASSWORD title: |- Authentication scheme name type: string username: description: |- User name to authenticate with title: |- User name to authenticate with type: string required: - username - scheme_name title: |- Remote server authentication details type: object x-vmw-nsx-module: BackupConfiguration FileTransferProtocol: description: |- Protocol to transfer backup file to remote server properties: authentication_scheme: $ref: '#/definitions/FileTransferAuthenticationScheme' description: |- Scheme to authenticate if required title: |- Scheme to authenticate if required protocol_name: default: sftp description: |- Protocol name enum: - sftp title: |- Protocol name type: string ssh_fingerprint: description: | The expected SSH fingerprint of the server. If the server's fingerprint does not match this fingerprint, the connection will be terminated. Only ECDSA fingerprints hashed with SHA256 are supported. To obtain the host's ssh fingerprint, you should connect via some method other than SSH to obtain this information. You can use one of these commands to view the key's fingerprint: 1. ssh-keygen -l -E sha256 -f ssh_host_ecdsa_key.pub 2. awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64 | sed 's/.//44g' | awk '{print "SHA256:"$1}' title: |- SSH fingerprint of server type: string required: - protocol_name - ssh_fingerprint - authentication_scheme title: |- Protocol to transfer backup file to remote server type: object x-vmw-nsx-module: BackupConfiguration FilterWidgetConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: alias: description: |- Alias to be used when emitting filter value. title: |- Alias to be used when emitting filter value type: string type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration for filter widget. This is abstract representation of filter widget. title: |- Filter widget Configuration x-vmw-nsx-module: NsxDashboard FirewallConfiguration: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: disable_auto_drafts: default: false description: | To disable auto drafts, set it to true. By default, auto drafts are enabled. title: |- Auto draft disable flag type: boolean enable_firewall: default: true description: | If set to true, Firewall is enabled. title: |- Firewall enable flag type: boolean resource_type: enum: - DfwFirewallConfiguration type: string required: - resource_type type: object x-vmw-nsx-module: Policy description: |- Firewall related configurations title: |- Firewall related configurations x-vmw-nsx-module: Policy FirewallIdentityStore: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: base_distinguished_name: description: | Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head. title: |- Directory domain base distinguished name type: string ldap_servers: description: | Directory domain LDAP servers' information including host, name, port, protocol and so on. items: $ref: '#/definitions/FirewallIdentityStoreLdapServer' maxItems: 50 title: |- LDAP server of directory domain type: array name: description: | Directory domain name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains. title: |- Directory domain name type: string netbios_name: description: | NetBIOS names can contain all alphanumeric characters except for the certain disallowed characters. Names can contain a period, but names cannot start with a period. NetBIOS is similar to DNS in that it can serve as a directory service, but more limited as it has no provisions for a name hierarchy and names are limited to 15 characters. The netbios name is case insensitive and is stored in upper case regardless of input case. title: |- Directory domain NETBIOS name type: string selective_sync_settings: $ref: '#/definitions/FirewallIdentityStoreSelectiveSyncSettings' description: | SelectiveSync settings toggle the SelectiveSync feature and selected OrgUnits. If this is not specified, SelectiveSync is disabled by default. title: |- SelectiveSync settings sync_settings: $ref: '#/definitions/FirewallIdentityStoreSyncSettings' description: | Each domain sync settings can be changed using this object. It is not required since there are default values used if there is no specification for this object. title: |- Directory domain sync settings required: - ldap_servers - base_distinguished_name - name - netbios_name type: object x-vmw-nsx-module: PolicyIdentity description: | Represents a generic firewall identity store (e.g. Microsoft AD) The firewall identity store allow access to the directory group via LDAP protocol. title: |- Firewall identity Store x-vmw-nsx-module: PolicyIdentity FirewallIdentityStoreLdapServer: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: domain_name: description: | Directory domain name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique constraint for domain name among different domains. title: |- Directory domain name type: string host: description: | Directory LDAP server DNS host name or ip address which is reachable by NSX manager to be connected and do object synchronization. format: ip-or-hostname title: |- LDAP server host name type: string password: description: |- Directory LDAP server connection password. title: |- LDAP server password type: string port: default: 389 description: |- Directory LDAP server connection TCP/UDP port. format: int32 title: |- LDAP server TCP/UDP port type: integer protocol: default: LDAP description: | Directory LDAP server connection protocol which is either LDAP or LDAPS. enum: - LDAP - LDAPS title: |- LDAP server protocol type: string thumbprint: description: | Directory LDAP server certificate thumbprint used in secure LDAPS connection. title: |- LDAP server certificate thumbprint using SHA-256 algorithm type: string username: description: |- Directory LDAP server connection user name. title: |- LDAP server username type: string required: - host type: object x-vmw-nsx-module: PolicyIdentity description: |- Firewall identity LDAP server title: |- Firewall identity LDAP server x-vmw-nsx-module: PolicyIdentity FirewallIdentityStoreSelectiveSyncSettings: allOf: - $ref: '#/definitions/ListResult' - properties: enabled: description: |- Enable or disable SelectiveSync title: |- Enable or disable SelectiveSync type: boolean selected_org_units: description: | If SelectiveSync is enabled, this contains 1 or more OrgUnits, NSX will synchronize with in LDAP server. If SelectiveSync is disabled, do not define this or specify an empty list. items: type: string title: |- Selected OrgUnits for SelectiveSync type: array required: - enabled type: object x-vmw-nsx-module: PolicyIdentity description: |- Firewall identity selective sync settings title: |- Firewall identity selective sync settings x-vmw-nsx-module: PolicyIdentity FirewallIdentityStoreSyncSettings: description: |- Firewall identity synchronization settings properties: delta_sync_interval: default: 180 description: | Directory domain delta synchronization interval time between two delta sync in minutes. format: int64 maximum: 720 minimum: 5 title: |- Delta synchronization interval in minutes type: integer full_sync_cron_expr: description: | Directory domain full synchronization schedule using cron expression. For example, cron expression "0 0 12 ? * SUN *" means full sync is scheduled every Sunday midnight. If this object is null, it means there is no background cron job running for full sync. title: |- Full synchronization cron expression type: string sync_delay_in_sec: default: 30 description: | Sync delay after Directory domain has been successfully created. if delay is -1, initial full sync will not be triggered. format: int32 maximum: 600 minimum: -1 title: |- Sync delay (in second). type: integer title: |- Firewall identity synchronization settings type: object x-vmw-nsx-module: PolicyIdentity FloodProtectionProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: icmp_active_flow_limit: description: |- If this field is empty, firewall will not set a limit to active ICMP connections. format: int64 maximum: 1000000 minimum: 1 title: |- Active ICMP connections limit type: integer other_active_conn_limit: description: |- If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. format: int64 maximum: 1000000 minimum: 1 title: |- Timeout after first TN type: integer resource_type: description: | GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways. DistributedFloodProtectionProfile is used for all Transport Nodes. enum: - GatewayFloodProtectionProfile - DistributedFloodProtectionProfile type: string tcp_half_open_conn_limit: description: |- If this field is empty, firewall will not set a limit to half open TCP connections. format: int64 maximum: 1000000 minimum: 1 title: |- Active half open TCP connections limit type: integer udp_active_flow_limit: description: |- If this field is empty, firewall will not set a limit to active UDP connections. format: int64 maximum: 1000000 minimum: 1 title: |- Active UDP connections limit type: integer required: - resource_type type: object x-vmw-nsx-module: PolicyProfile description: |- A profile holding TCP, UDP and ICMP and other protcol connection limits. title: |- Flood Protection profile x-vmw-nsx-module: PolicyProfile FloodProtectionProfileBindingListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Flood protection profile binding maps list results items: $ref: '#/definitions/FloodProtectionProfileBindingMap' title: |- Flood protection profile binding maps list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of flood protection profile binding maps title: |- Paged Collection of flood protection profile binding maps x-vmw-nsx-module: PolicyProfile FloodProtectionProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - type: object x-vmw-nsx-module: PolicyProfile description: | This entity will be used to establish association between Flood Protection profile and Logical Routers. title: |- Policy Flood Protection Profile binding map x-vmw-nsx-module: PolicyProfile FloodProtectionProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Flood protection profile list results items: $ref: '#/definitions/FloodProtectionProfile' title: |- Flood protection profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of flood protection profiles title: |- Paged Collection of flood protection profiles x-vmw-nsx-module: PolicyProfile Footer: description: |- Footer of a widget that provides additional information or allows an action such as clickable url for navigation. An example usage of footer is provided under 'example_request' section of 'CreateWidgetConfiguration' API. properties: actions: description: |- Action to be performed at the footer of a widget. An action at the footer can be simple text description or a hyperlink to a UI page. Action allows a clickable url for navigation. An example usage of footer action is provided under 'example_request' section of 'CreateWidgetConfiguration' API. items: $ref: '#/definitions/FooterAction' minItems: 0 title: |- Footer Actions type: array condition: description: |- If the condition is met then the footer will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string title: |- Widget Footer type: object x-vmw-nsx-module: NsxDashboard FooterAction: description: |- Action specified at the footer of a widget to provide additional information or to provide a clickable url for navigation. An example usage of footer action is provided under the 'example_request' section of 'CreateWidgetConfiguration' API. properties: dock_to_container_footer: default: true description: |- If true, the footer will appear in the underlying container that holds the widget. title: |- Dock the footer at container type: boolean label: $ref: '#/definitions/Label' description: |- Label to be displayed against the footer action. title: |- Label for action url: description: |- Hyperlink to the UI page that provides details of action. maxLength: 1024 title: |- Clickable hyperlink, if any type: string required: - label title: |- Widget Footer Action type: object x-vmw-nsx-module: NsxDashboard ForwardingPolicy: allOf: - $ref: '#/definitions/Policy' - properties: rules: description: |- Rules that are a part of this ForwardingPolicy items: $ref: '#/definitions/ForwardingRule' title: |- Rules that are a part of this ForwardingPolicy type: array type: object x-vmw-nsx-module: PolicyForwarding description: | Contains ordered list of forwarding rules that determine when to forward traffic to / from the underlay for accessing cloud native services. title: | Forwarding Policy x-vmw-nsx-module: PolicyForwarding ForwardingPolicyListResult: allOf: - $ref: '#/definitions/PolicyListResult' - properties: results: description: |- ForwardingPolicy list results items: $ref: '#/definitions/ForwardingPolicy' title: |- ForwardingPolicy list results type: array required: - results type: object x-vmw-nsx-module: PolicyForwarding description: |- Paged Collection of ForwardingPolicy objects title: |- Paged Collection of ForwardingPolicy objects x-vmw-nsx-module: PolicyForwarding ForwardingRule: allOf: - $ref: '#/definitions/BaseRule' - properties: action: description: | The action to be applied to all the services enum: - ROUTE_TO_UNDERLAY - ROUTE_TO_OVERLAY - ROUTE_FROM_UNDERLAY - ROUTE_FROM_OVERLAY - NAT_FROM_UNDERLAY - NAT_TO_UNDERLAY title: |- Action type: string type: object x-vmw-nsx-module: PolicyForwarding description: | Forwarding rule that determine how to forward traffic from a VM. Traffic from VM can either be routed via Overlay or Underlay when VM is on hybrid port. Additionally NAT can be performed for VM or container on overlay to route traffic to/from underlay ROUTE_TO_UNDERLAY - Access a service on underlay space from a VM connected to hybrid port. Eg access to AWS S3 on AWS underlay ROUTE_TO_OVERLAY - Access a service on overlay space from a VM connected to hybrid port. ROUTE_FROM_UNDERLAY - Access a service hosted on a VM (that is connected to hybrid port) from underlay space. Eg access from AWS ELB to VM ROUTE_FROM_OVERLAY - Access a service hosted on a VM (that is connected to hybrid port) from overlay space NAT_FROM_UNDERLAY - Access a service on overlay VM/container from underlay space using DNAT from underlay IP to overlay IP NAT_TO_UNDERLAY - Access an underlay service from a VM/container on overlay space using SNAT from overlay IP to underlay IP title: |- Forwarding rule x-vmw-nsx-module: PolicyForwarding ForwardingRuleListResult: allOf: - $ref: '#/definitions/BaseRuleListResult' - properties: results: description: |- Rule list results items: $ref: '#/definitions/ForwardingRule' title: |- Rule list results type: array required: - results type: object x-vmw-nsx-module: PolicyForwarding description: |- Paged Collection of ForwardingRules title: |- Paged Collection of ForwardingRules x-vmw-nsx-module: PolicyForwarding FullSyncState: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: errors: description: | Errors occurred during full sync. items: type: string readOnly: true title: |- Errors occurred during full sync type: array full_sync_id: description: | Full sync id generated by Async Replicator (AR) service. readOnly: true title: |- Full sync id type: string last_completed_stage: description: | The current stage of full sync completion for ongoing sync. When Local Manager (LM) receives full sync data from AR, LM starts with workflow to prserve the state and restore the full sync from where it has left off in case of change of leadership of the service to different NSX node or LM is restarted. LM starts the full sync workflow with state INITIAL capturing the AR full sync id and data location details. The stage/state transition follows the order given below INITIAL - Full sync started PROCESSED_FULLSYNC_DATA - Compelted processing the full state data provided by AR PRCESSED_DELTAS - Completed processing pending delta changes provided by AR. DELETED_STALE_ENTITIES - Completed deletion of all global entities on LM that are not in GM anymore COMPLETED - Full sync handling is completed on LM ERROR - Full sync failed with errors on LM, in which case AR will re-attempt full sync later point in time for the LM ABORTED - Indicates that the full sync cancelled as per user request enum: - INITIAL - PAUSE_DCNS - DELETED_STALE_ENTITIES - PROCESSED_FULLSYNC_DATA - PROCESSED_DELTAS - UNPAUSE_DCNS - COMPLETED - ERROR - ABORTED readOnly: true title: |- Full sync stage that is last completed for this request. type: string last_upate_time: description: |- Timestamp of last update, could be progress or success or error. format: int64 readOnly: true type: integer start_time: description: |- Timestamp of Full Sync start. format: int64 readOnly: true type: integer type: object x-vmw-nsx-module: PolicyFullSync description: | Provides FullSync state for Local Manager from Global Manager. title: |- Full sync state x-vmw-nsx-module: PolicyFullSync FullSyncStateListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- FullSync states list. items: $ref: '#/definitions/FullSyncState' title: |- FullSync states list type: array required: - results type: object x-vmw-nsx-module: PolicyFullSync description: |- Paged Collection of FullSync states. title: |- Paged Collection of FullSync states. x-vmw-nsx-module: PolicyFullSync GatewayFloodProtectionProfile: allOf: - $ref: '#/definitions/FloodProtectionProfile' - type: object x-vmw-nsx-module: PolicyProfile x-vmw-nsx-module: PolicyProfile GatewayPolicy: allOf: - $ref: '#/definitions/Policy' - properties: rules: description: |- Rules that are a part of this SecurityPolicy items: $ref: '#/definitions/Rule' title: |- Rules that are a part of this SecurityPolicy type: array type: object x-vmw-nsx-module: Policy description: |- Contains ordered list of Rules for GatewayPolicy title: |- Contains ordered list of Rules for GatewayPolicy x-vmw-nsx-module: Policy GatewayPolicyListResult: allOf: - $ref: '#/definitions/PolicyListResult' - properties: results: description: |- GatewayPolicy list results items: $ref: '#/definitions/GatewayPolicy' title: |- GatewayPolicy list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of gateway policies title: |- Paged Collection of gateway policies x-vmw-nsx-module: Policy GatewayQosProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: burst_size: default: 1 description: | Burst size in bytes. format: int32 minimum: 1 title: |- Burst size in bytes type: integer committed_bandwitdth: default: 1 description: | Committed bandwidth in both directions specoficd in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate. format: int32 minimum: 1 title: |- Committed bandwidth in Mbps type: integer excess_action: description: | Action on traffic exceeding bandwidth. enum: - DROP title: |- Action on traffic exceeding bandwidth. type: string type: object x-vmw-nsx-module: PolicyConnectivity description: | QoS profile contains configuration of rate limiting properties which can be applied in ingress and egress directions at Tier1 gateways title: |- QoS configuration of Tier1 gateway x-vmw-nsx-module: PolicyConnectivity GatewayQosProfileConfig: description: |- Gateway QoS profile configuration properties: egress_qos_profile_path: description: | Policy path to gateway QoS profile in egress direction. title: |- Egress QoS profile type: string ingress_qos_profile_path: description: | Policy path to gateway QoS profile in ingress direction. title: |- Ingress QoS profile type: string title: |- Gateway QoS profile configuration type: object x-vmw-nsx-module: PolicyConnectivity GatewayQosProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of GatewayQosProfile items: $ref: '#/definitions/GatewayQosProfile' title: |- Paginated list of GatewayQosProfile type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity GatewayRouteCsvRecord: allOf: - $ref: '#/definitions/CsvRecord' - properties: admin_distance: description: |- The admin distance of the next hop format: int64 title: |- The admin distance of the next hop type: integer edge_path: description: | Edge node policy path. readOnly: true title: |- Edge path type: string interface: description: |- The policy path of the interface which is used as the next hop title: |- The policy path of the interface which is used as the next hop type: string lr_component_id: description: |- Logical router component(Service Router/Distributed Router) id title: |- Logical router component(Service Router/Distributed Router) id type: string lr_component_type: description: |- Logical router component(Service Router/Distributed Router) type title: |- Logical router component(Service Router/Distributed Router) type type: string network: description: |- CIDR network address format: ip-cidr-block type: string next_hop: description: |- The IP of the next hop format: ip type: string route_type: description: |- Route type (USER, CONNECTED, NSX_INTERNAL,..) title: |- Route type (USER, CONNECTED, NSX_INTERNAL,..) type: string required: - route_type - network type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics GatewayRouteTableInCsvFormat: allOf: - $ref: '#/definitions/CsvListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/GatewayRouteCsvRecord' type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics GenericDhcpOption: description: |- Define DHCP options other than option 121. properties: code: description: |- Code of the dhcp option. format: int64 maximum: 255 minimum: 0 title: |- DHCP option code, [0-255] type: integer values: description: |- Value of the option. items: type: string maxItems: 10 minItems: 1 title: |- DHCP option value type: array required: - code - values title: |- Generic DHCP option type: object x-vmw-nsx-module: Dhcp GenericPolicyRealizedResource: allOf: - $ref: '#/definitions/PolicyRealizedResource' - properties: enforcement_point_path: description: |- The path of the enforcement point. readOnly: true title: |- Enforcement Point Path type: string entity_type: description: |- Type of realized entity readOnly: true title: |- Type of realized entity type: string extended_attributes: description: |- Collection of type specific properties items: $ref: '#/definitions/AttributeVal' readOnly: true title: |- Collection of type specific properties type: array intent_paths: description: |- Collection of intent paths items: type: string readOnly: true title: |- Collection of intent paths type: array site_path: description: |- The site where this entity resides. readOnly: true title: |- Site Path type: string type: object x-vmw-nsx-module: PolicyRealizedState description: |- Represents realized entity title: |- Generic realized entity x-vmw-nsx-module: PolicyRealizedState GenericPolicyRealizedResourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List of realized resources items: $ref: '#/definitions/GenericPolicyRealizedResource' title: |- Paged Collection of GenericPolicyRealizedResources type: array type: object x-vmw-nsx-module: PolicyRealizedState description: |- GenericPolicyRealizedResource list result title: |- GenericPolicyRealizedResource list result x-vmw-nsx-module: PolicyRealizedState GlobalConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: fips: $ref: '#/definitions/FIPSGlobalConfig' description: | Contains the FIPSGlobalConfig object. title: |- FIPS enabled config l3_forwarding_mode: default: IPV4_ONLY description: | Configure forwarding mode for routing. This setting does not restrict configuration for other modes. enum: - IPV4_ONLY - IPV4_AND_IPV6 title: |- L3 forwarding mode type: string mtu: description: | Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. format: int32 minimum: 1280 title: |- MTU size type: integer type: object x-vmw-nsx-module: Policy description: |- Global configuration title: |- Global configuration x-vmw-nsx-module: Policy GlobalManager: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: connection_info: description: | To create a standby GM, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the GM has been successfully onboarded, the connection_info is discarded and authentication to the standby GM occurs using an X.509 client certificate. items: $ref: '#/definitions/SiteNodeConnectionInfo' maxItems: 3 title: |- Connection information type: array fail_if_rtt_exceeded: default: true description: | Fail onboarding if maximum RTT exceeded. title: |- Fail onboarding if maximum RTT exceeded type: boolean federation_id: description: | Internally generated UUID to the federation of Global Manager. readOnly: true title: |- Global manager federation UUID type: string maximum_rtt: default: 250 description: | If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value. format: int64 maximum: 1000 minimum: 0 title: |- Maximum acceptable packet round trip time (RTT) type: integer mode: description: | There can be at most one ACTIVE global manager and one STANDBY global manager. In order to add a STANDBY manager, there must be an ACTIVE manager defined. enum: - ACTIVE - STANDBY title: |- Mode of the global manager type: string site_id: description: | UUID of the site where Global manager is running. This is the Site Manager generated UUID for every NSX deployment. readOnly: true title: |- UUID of the site where Global manager is running type: string required: - mode type: object x-vmw-nsx-module: PolicySiteGM description: | Global Manager. title: |- Global Manager x-vmw-nsx-module: PolicySiteGM GlobalManagerConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: rtep_config: $ref: '#/definitions/GmRtepConfig' description: | Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation. title: |- Global Manager federation RTEP configuration type: object x-vmw-nsx-module: PolicySiteGM description: | This configuration is distributed to all Sites participating in federation. title: |- Global Manager configuration x-vmw-nsx-module: PolicySiteGM GlobalManagerListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Global Manager List Result. items: $ref: '#/definitions/GlobalManager' title: |- Global Manager List Result type: array required: - results type: object x-vmw-nsx-module: PolicySiteGM description: |- Paged Collection of Global Managers. title: |- Paged Collection of Global Managers x-vmw-nsx-module: PolicySiteGM GlobalRestoreStatus: description: |- Overall restore process status properties: description: description: |- A description of the restore status readOnly: true title: |- A description of the restore status type: string value: description: |- Global rolled-up restore status value enum: - INITIAL - SUCCESS - FAILED - RUNNING - SUSPENDED_BY_USER - SUSPENDED_FOR_USER_ACTION - SUSPENDED - ABORTED readOnly: true title: |- Global rolled-up restore status value type: string title: |- Overall restore process status type: object x-vmw-nsx-module: ClusterRestore GmFederationSiteConfig: description: |- Additional configuration required for federation at Site. properties: transit_subnet: description: | IP Addresses to be allocated for transit segment when the gateway is stretched. Note that Global Manager will carve out the IP Pool for each site to be used for edge nodes when gateway is stretched based on the user provided subnet and maximum number of edge nodes allowed per site. format: ip-cidr-block title: |- Transit subnet in CIDR format type: string title: |- Federation configuration for the site type: object x-vmw-nsx-module: PolicyEnforcementPointManagement GmRtepConfig: description: | Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation. properties: ibgp_password: description: | Password to authenticate IBGP session between remote tunnel endpoints created on federated sites. This is applied to inter-site underlay IBGP neighbors created over remote tunnel endpoints on all sites. Empty string ("") clears existing password. maxLength: 20 title: |- Password for IBGP sessions between federated sites type: string title: |- Global Manager federation RTEP configuration type: object x-vmw-nsx-module: PolicySiteGM GraphConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: axes: $ref: '#/definitions/Axes' description: |- Axes of a graph title: |- Axes of a graph display_x_value: default: false description: |- If true, value of a point is shown as label on X axis. If false, value of point is not shown as label on X axis. false can be useful in situations where there are too many points and showing the X value as label can clutter the X axis. title: |- Show or hide the value of a point on X axis type: boolean graphs: description: |- Graphs items: $ref: '#/definitions/GraphDefinition' minItems: 1 title: |- Graphs type: array navigation: description: |- Hyperlink of the specified UI page that provides details. title: |- Navigation to a specified UI page type: string sub_type: default: BAR_GRAPH description: |- Describes the the type of graph. LINE_GRAPH shows a line graph chart BAR_GRAPH shows a simple bar graph chart STACKED_BAR_GRAPH shows a stacked bar graph chart enum: - LINE_GRAPH - BAR_GRAPH - STACKED_BAR_GRAPH title: |- Subtype of a graph type: string required: - graphs type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration of a graph widget title: |- Graph Configuration x-vmw-nsx-module: NsxDashboard GraphDefinition: description: |- Defines a graph properties: label: $ref: '#/definitions/Label' description: |- Describes the graph. It labels the entities of graph. If the label is not provided then it is not shown for a graph. For example, for a single graph, the title of widget can describe the graph and a label may not be necessary to be shown. title: |- Label of a graph point_definition: $ref: '#/definitions/PointDefinition' description: |- Defines the points of a graph. title: |- Definition for points of a graph render_configuration: description: |- Additional rendering or conditional evaluation of the field values to be performed, if any. items: $ref: '#/definitions/RenderConfiguration' minItems: 0 title: |- Render Configuration type: array required: - point_definition title: |- Definition of a graph type: object x-vmw-nsx-module: NsxDashboard GridConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: columns: description: |- Array of columns of a Grid widget items: $ref: '#/definitions/ColumnItem' title: |- Columns type: array page_size: default: 30 description: |- Number of records per page. page_size will be effective only when the urls provided in the datasource support paging. format: int32 title: |- Page Size type: integer row_list_fields: description: |- Rows of grid or table are formed from the list of objects returned by a row list field. items: $ref: '#/definitions/RowListField' minItems: 1 title: |- List of fields from which rows are formed type: array required: - row_list_fields - columns type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration of a Grid or Table widget. title: |- Grid Configuration x-vmw-nsx-module: NsxDashboard Group: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: expression: description: | The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed 500. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information. items: $ref: '#/definitions/Expression' title: |- Expression type: array extended_expression: description: | Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map. items: $ref: '#/definitions/Expression' maxItems: 1 title: |- Extended Expression type: array reference: default: false description: | If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false. readOnly: true title: |- Indicates if the group is a reference. type: boolean state: description: |- Realization state of this group enum: - IN_PROGRESS - SUCCESS - FAILURE title: |- Realization state of this group type: string type: object x-vmw-nsx-module: Policy description: |- Group. title: |- Group x-vmw-nsx-module: Policy GroupDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - properties: sequence_number: description: | Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000. format: int64 maximum: 100000 minimum: 1 title: |- Sequence number group discovery profile Binding Map type: integer type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: | This entity will be used to establish association between discovery profile and Group. With this entity, user can specify intent for applying discovery profile profile to particular Group. title: |- Map for binding group with discovery profile x-vmw-nsx-module: PolicyDiscoveryProfileBinding GroupListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Group list results items: $ref: '#/definitions/Group' title: |- Group list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Groups title: |- Paged Collection of Groups x-vmw-nsx-module: Policy GroupMemberList: description: |- List of same type members to either add or remove from a group. properties: members: description: |- This array contains group members of similar types. items: type: string maxItems: 4000 minItems: 1 title: |- Groups members collection type: array required: - members title: |- Members to add or remove for a Group. type: object x-vmw-nsx-module: Policy GroupMemberTagsList: description: | Collection of tags used in a policy group for a particular member type properties: member_type: description: |- Member type for which we will list the tags title: |- Member type for which we will list the tags type: string tags: description: |- List of tags for the member type items: type: string title: |- List of tags for the member type type: array required: - member_type - tags title: |- Group tags list for a particular member type type: object x-vmw-nsx-module: PolicyGroupRealization GroupMemberTypeListResult: properties: result_count: description: |- Count of the member types in the results array format: int64 readOnly: true title: |- Count of the member types in the results array type: integer results: description: |- Collection of member types for the given Group items: description: |- Valid Group member type enum: - VirtualMachine - VirtualNetworkInterface - SegmentPort - Segment - CloudNativeServiceInstance - IPAddress - MACAddress - IPSet - IdentityGroup - PhysicalServer type: string title: |- Collection of member types for the given Group type: array required: - results type: object x-vmw-nsx-module: Policy GroupMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/MonitoringProfileBindingMap' - properties: ipfix_dfw_profile_path: description: |- PolicyPath of associated IPFIX DFW Profile title: |- IPFIX DFW Profile Path type: string ipfix_l2_profile_path: description: |- PolicyPath of associated IPFIX L2 Profile title: |- IPFIX L2 Profile Path type: string port_mirroring_profile_path: description: |- PolicyPath of associated Port Mirroring Profile title: |- Port Mirroring Profile Path type: string type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: | This entity will be used to establish association between monitoring profile and Group. Using this entity, you can specify intent for applying monitoring profile to particular Group. Group with membership criteria vm only supported as source group. Port mirroring is only supported on group with five vms. title: |- Group Monitoring Profile binding map x-vmw-nsx-module: PolicyMonitoringProfileBinding GroupMonitoringProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Group Monitoring Profile Binding Map list results items: $ref: '#/definitions/GroupMonitoringProfileBindingMap' title: |- Group Monitoring Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Paged collection of Group Monitoring Profile Binding Maps title: |- Paged collection of Group Monitoring Profile Binding Maps x-vmw-nsx-module: PolicyMonitoringProfileBinding GroupTagsList: description: | Collection of tags used in a policy group listed per member type properties: results: description: |- Collection of tags used in a policy group listed per member type items: $ref: '#/definitions/GroupMemberTagsList' title: |- Collection of tags used in a policy group listed per member type type: array required: - results title: |- Group tags list listed per member type type: object x-vmw-nsx-module: PolicyGroupRealization GuestInfo: description: | Guest virtual machine details include OS name and computer name of guest VM. properties: computer_name: description: | Computer name of guest virtual machine, which is set inside guest OS. Currently this is supported for guests on ESXi that have VMware Tools installed. readOnly: true title: |- Computer name type: string os_name: description: | OS name of guest virtual machine. Currently this is supported for guests on ESXi that have VMware Tools installed. readOnly: true title: |- OS name type: string title: |- Guest virtual machine details type: object x-vmw-nsx-module: Inventory Header: description: |- Header of a widget that provides additional information. This will be shown at the container level. It includes details as label value pairs. properties: condition: description: |- If the condition is met then the header will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string content_alignment: default: RIGHT description: |- Alignment of header labels. enum: - LEFT - RIGHT title: |- alignment for labelvalue pair type: string sub_headers: description: |- An array of label-value properties. items: $ref: '#/definitions/PropertyItem' minItems: 0 title: |- Rows type: array title: |- Widget Header type: object x-vmw-nsx-module: NsxDashboard HttpPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyLbMonitorProfile' - properties: url: default: / description: | For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters. title: |- Customized HTTP request url for active health checks type: string type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over HTTP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over HTTP x-vmw-nsx-module: TempPolicyLoadBalancer HttpPolicyLbVirtualServer: allOf: - $ref: '#/definitions/PolicyLbVirtualServer' - properties: insert_client_ip_header: default: false description: | Backend web servers typically log each request they handle along with the requesting client IP address. These logs are used for debugging, analytics and other such purposes. If the deployment topology requires enabling SNAT on the load balancer, then server will see the client as the SNAT IP which defeats the purpose of logging. To work around this issue, load balancer can be configured to insert XFF HTTP header with the original client IP address. Backend servers can then be configured to log the IP address in XFF header instead of the source IP address of the connection. If XFF header is not present in the incoming request, load balancer inserts a new XFF header with the client IP address. title: |- Relative path of this object type: boolean type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over HTTP and distributes them among the backend servers. title: |- PolicyLbVirtualServer handling connections over HTTP x-vmw-nsx-module: TempPolicyLoadBalancer HttpsPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/HttpPolicyLbMonitorProfile' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over HTTPS. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over HTTPS x-vmw-nsx-module: TempPolicyLoadBalancer HttpsPolicyLbVirtualServer: allOf: - $ref: '#/definitions/HttpPolicyLbVirtualServer' - properties: client_ssl_certificate_ids: description: | Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. The setting is used when load balancer acts as an SSL server and terminating the client SSL connection items: type: string title: |- ssl certificates type: array client_ssl_settings: default: HIGH_SECURE_111317 description: | Security settings representing various security settings when the VirtualServer acts as an SSL server - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 enum: - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 title: |- Security profile setting type: string default_client_ssl_certificate_id: description: | The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. title: |- ssl certificate type: string required: - default_client_ssl_certificate_id type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over HTTPS and distributes them among the backend servers. title: |- PolicyLbVirtualServer handling connections over HTTPS x-vmw-nsx-module: TempPolicyLoadBalancer ICMPTypeServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: icmp_code: description: |- ICMP message code format: int64 maximum: 255 minimum: 0 title: |- ICMP message code type: integer icmp_type: description: |- ICMP message type format: int64 maximum: 255 minimum: 0 title: |- ICMP message type type: integer protocol: enum: - ICMPv4 - ICMPv6 type: string required: - protocol type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents IPv4 or IPv6 ICMP protocol title: |- A ServiceEntry that represents IPv4 or IPv6 ICMP protocol x-vmw-nsx-module: Policy IGMPTypeServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents IGMP protocol title: |- A ServiceEntry that represents IGMP protocol x-vmw-nsx-module: Policy IPAddressExpression: allOf: - $ref: '#/definitions/Expression' - properties: ip_addresses: description: |- This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string maxItems: 4000 minItems: 1 title: |- Array of IP addresses type: array required: - ip_addresses type: object x-vmw-nsx-module: Policy description: |- Represents IP address expressions in the form of an array, to support addition of IP addresses in a group. Avoid creating groups with multiple IPAddressExpression. In future releases, group will be restricted to contain a single IPAddressExpression. To group IPAddresses, use nested groups instead of multiple IPAddressExpressions. title: |- IP address expression node x-vmw-nsx-module: Policy IPAddressList: description: |- Collection of IP Addresses. properties: ip_addresses: description: |- The array contains IP addresses. items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string maxItems: 4000 minItems: 1 title: |- Array of IP addresses type: array required: - ip_addresses title: |- IP Address collection. type: object x-vmw-nsx-module: Policy IPAddressPortPair: description: |- IP Address and Port information properties: ip_address: description: | The IPAddress to be combined with Port for defining specific access point. format: ip type: string port: description: | The port to be combined with IPAddress for defining a specific access point. format: int32 maximum: 65535 minimum: 0 title: |- The port for IPAddressPort combination type: integer required: - ip_address title: |- IP Address and Port information type: object x-vmw-nsx-module: TempPolicyLoadBalancer IPDiscoveryProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: arp_nd_binding_timeout: default: 10 description: | This property controls the ARP and ND cache timeout period. It is recommended that this property be greater than the ARP/ND cache timeout on the VM. format: int32 maximum: 120 minimum: 5 title: |- ARP and ND cache timeout (in minutes) type: integer duplicate_ip_detection: $ref: '#/definitions/DuplicateIPDetectionOptions' description: | Duplicate IP detection is used to determine if there is any IP conflict with any other port on the same logical switch. If a conflict is detected, then the IP is marked as a duplicate on the port where the IP was discovered last. The duplicate IP will not be added to the realized address binings for the port and hence will not be used in DFW rules or other security configurations for the port.rt. readOnly: false title: |- Duplicate IP Dection Options ip_v4_discovery_options: $ref: '#/definitions/IPv4DiscoveryOptions' description: |- Indicates IPv4 Discovery options title: |- IPv4 Discovery options ip_v6_discovery_options: $ref: '#/definitions/IPv6DiscoveryOptions' description: |- Indicates IPv6 Discovery options title: |- IPv6 Discovery options tofu_enabled: default: true description: |- Indicates whether "Trust on First Use(TOFU)" paradigm is enabled. title: |- Is TOFU enabled or not type: boolean type: object x-vmw-nsx-module: PolicyIpDiscovery description: |- Using this profile to configure different options of IP Discovery title: |- IP Discovery Profile x-vmw-nsx-module: PolicyIpDiscovery IPDiscoveryProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IP Discovery profile list results items: $ref: '#/definitions/IPDiscoveryProfile' title: |- IP Discovery profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyIpDiscovery description: |- Paged collection of IP Discovery Profiles title: |- Paged collection of IP Discovery Profiles x-vmw-nsx-module: PolicyIpDiscovery IPFIXDFWCollector: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: collector_ip_address: description: | IP address for the IPFIX DFW collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid. format: ip type: string collector_port: description: |- Port for the IPFIX DFW collector. format: int32 title: |- Port type: integer required: - collector_ip_address - collector_port type: object x-vmw-nsx-module: PolicyIPFIXDFW description: | IPFIX DFW data will be collected on collector Host IP and Port address should be provided for collector. title: |- IPFIX DFW Collector x-vmw-nsx-module: PolicyIPFIXDFW IPFIXDFWCollectorProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ipfix_dfw_collectors: description: |- It accepts Multiple Collectors. items: $ref: '#/definitions/IPFIXDFWCollector' minItems: 1 title: |- IPFIX DFW Collectors. type: array required: - ipfix_dfw_collectors type: object x-vmw-nsx-module: PolicyIPFIXDFW description: | IPFIX data for the NSX distributed firewall will be sent to the specified IPFIX collectors. title: |- IPFIX DFW Collector Profile x-vmw-nsx-module: PolicyIPFIXDFW IPFIXDFWCollectorProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IPFIX DFW Collection Instances list results items: $ref: '#/definitions/IPFIXDFWCollectorProfile' title: |- IPFIX DFW Collection Instances list results type: array required: - results type: object x-vmw-nsx-module: PolicyIPFIXDFW description: |- Paged Collection of IPFIX DFW Collector Profile title: |- Paged Collection of IPFIX DFW Collector Profile x-vmw-nsx-module: PolicyIPFIXDFW IPFIXDFWProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: active_flow_export_timeout: default: 1 description: | For long standing active flows, IPFIX records will be sent per timeout period in minutes. format: int32 maximum: 60 minimum: 1 title: |- Active timeout (Minutes) type: integer ipfix_dfw_collector_profile_path: description: | Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors. title: |- IPFIX collector Paths type: string observation_domain_id: default: 0 description: | An identifier that is unique to the exporting process and used to meter the flows. format: int32 maximum: 65536 minimum: 0 title: |- Observation domain ID type: integer priority: default: 0 description: | This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. format: int32 maximum: 32000 minimum: 0 title: |- Config Priority type: integer required: - ipfix_dfw_collector_profile_path - active_flow_export_timeout type: object x-vmw-nsx-module: PolicyIPFIXDFW description: | IPFIX packets from source will be sent to IPFIX DFW collector. title: |- IPFIX DFW Profile x-vmw-nsx-module: PolicyIPFIXDFW IPFIXDFWProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IPFIX DFW Profile list results items: $ref: '#/definitions/IPFIXDFWProfile' title: |- IPFIX DFW Profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyIPFIXDFW description: |- Paged Collection of IPFIX DFW Profile title: |- Paged Collection of IPFIX DFW Profile x-vmw-nsx-module: PolicyIPFIXDFW IPFIXL2Collector: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: collector_ip_address: description: | IP address for the IPFIX L2 collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid. format: ip type: string collector_port: default: 4739 description: |- Port number for the IPFIX L2 collector. format: int32 maximum: 65535 minimum: 0 title: |- Port type: integer required: - collector_ip_address type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: | IPFIX packets will be collected on collector. IP and port address should be provided for collector. title: |- IPFIX L2 Collector x-vmw-nsx-module: PolicyIPFIXSwitch IPFIXL2CollectorProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ipfix_l2_collectors: description: |- It accepts Multiple Collector objects. items: $ref: '#/definitions/IPFIXL2Collector' maxItems: 4 minItems: 1 title: |- It accepts Multiple Collector objects. type: array required: - ipfix_l2_collectors type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: | IPFIX L2 data will be collected on collectors. title: |- IPFIX L2 Collector Profile x-vmw-nsx-module: PolicyIPFIXSwitch IPFIXL2CollectorProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IPFIX collector Profile list results items: $ref: '#/definitions/IPFIXL2CollectorProfile' title: |- IPFIX collector Profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: |- Paged list of IPFIX collector profiles. title: |- Paged list of IPFIX collector profiles. x-vmw-nsx-module: PolicyIPFIXSwitch IPFIXL2Profile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: active_timeout: default: 300 description: | The time in seconds after a flow is expired even if more packets matching this flow are received by the cache. format: int32 maximum: 3600 minimum: 60 title: |- Active timeout type: integer export_overlay_flow: default: true description: | This property controls whether overlay flow info is included in the sample result. title: |- Export overlay Flow type: boolean idle_timeout: default: 300 description: | The time in seconds after a flow is expired if no more packets matching this flow are received by the cache. format: int32 maximum: 3600 minimum: 60 title: |- Idle timeout type: integer ipfix_collector_profile_path: description: | Policy path for IPFIX collector profile. User can specify only one IPFIX collector. title: |- IPFIX collector Path type: string max_flows: default: 16384 description: | The maximum number of flow entries in each exporter flow cache. format: int64 maximum: 4294967295 minimum: 0 title: |- Max flows type: integer observation_domain_id: default: 0 description: | An identifier that is unique to the exporting process and used to meter the flows. format: int64 maximum: 4294967295 minimum: 0 title: |- Observation domain ID type: integer packet_sample_probability: default: 0.1 description: | The probability in percentage that a packet is sampled, in range 0-100. The probability is equal for every packet. exclusiveMinimum: true maximum: 100 minimum: 0 title: |- Packet sample probability type: number priority: default: 0 description: | This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. format: int32 maximum: 32000 minimum: 0 title: |- Config Priority type: integer required: - ipfix_collector_profile_path - packet_sample_probability type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: | IPFIX data from source logical segment, port, group will be forwarded to IPFIX collector. title: |- IPFIX L2 Profile x-vmw-nsx-module: PolicyIPFIXSwitch IPFIXL2ProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- IPFIX L2 Profile list results items: $ref: '#/definitions/IPFIXL2Profile' title: |- IPFIX L2 Profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyIPFIXSwitch description: |- Paged Collection of IPFIX L2 Profile title: |- Paged Collection of IPFIX L2 Profile x-vmw-nsx-module: PolicyIPFIXSwitch IPInfo: properties: ip_addresses: description: |- IPv4 Addresses items: description: |- IPv4 address format: ipv4 type: string maxItems: 1 minItems: 1 title: |- IPv4 Addresses type: array prefix_length: description: |- Subnet Prefix Length format: int64 maximum: 32 minimum: 1 title: |- Subnet Prefix Length type: integer required: - ip_addresses - prefix_length type: object x-vmw-nsx-module: ServiceInsertionCommonTypes IPProtocolServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: protocol_number: format: int64 maximum: 255 minimum: 0 type: integer required: - protocol_number type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents an IP protocol title: |- A ServiceEntry that represents an IP protocol x-vmw-nsx-module: Policy IPSecVpnDpdProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dpd_probe_interval: description: | DPD probe interval defines an interval for DPD probes (in seconds). - When the DPD probe mode is periodic, this interval is the number of seconds between DPD messages. - When the DPD probe mode is on-demand, this interval is the number of seconds during which traffic is not received from the peer before DPD retry messages are sent if there is IPSec traffic to send. For PERIODIC Mode: Minimum: 3 Maximum: 360 Default: 60 For ON_DEMAND Mode: Minimum: 1 Maximum: 10 Default: 3 format: int64 title: |- DPD Probe Interval type: integer dpd_probe_mode: default: PERIODIC description: | DPD probe mode is used to query the liveliness of the peer. Two modes are possible: - PERIODIC: is used to query the liveliness of the peer at regular intervals (dpd_probe_interval). It does not take into consideration traffic coming from the peer. The benefit of this mode over the on-demand mode is earlier detection of dead peers. However, use of periodic DPD incurs extra overhead. When communicating to large numbers of peers, please consider using on-demand DPD instead. - ON_DEMAND: is used to query the liveliness of the peer by instructing the local endpoint to send DPD message to a peer if there is traffic to send to the peer AND the peer was idle for dpd_probe_interval seconds (i.e. there was no traffic from the peer for dpd_probe_interval seconds). enum: - PERIODIC - ON_DEMAND title: |- DPD Probe Mode type: string enabled: default: true description: |- If true, enable dead peer detection. title: |- Enable dead peer detection (DPD) type: boolean retry_count: default: 5 description: | Maximum number of DPD messages' retry attempts. This value is applicable for both dpd probe modes, periodic and on-demand. format: int64 maximum: 100 minimum: 1 title: |- Retry Count type: integer type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Dead peer detection (DPD) is a method that allows detection of unreachable internet key excahnge (IKE) peers. Any changes affects all IPSec VPN sessions consuming this profile. title: |- Dead peer detection (DPD) profile x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnIkeProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dh_groups: description: |- Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. items: description: | Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1048-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. GROUP19 uses 256-bit Random Elliptic Curve (ECP) group. GROUP20 uses 384-bit Random ECP group. GROUP21 uses 521-bit Random ECP group. enum: - GROUP2 - GROUP5 - GROUP14 - GROUP15 - GROUP16 - GROUP19 - GROUP20 - GROUP21 type: string title: |- DH group type: array digest_algorithms: description: |- Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256. items: description: | The IkeDigestAlgorithms are used to verify message integrity during Ike negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. enum: - SHA1 - SHA2_256 - SHA2_384 - SHA2_512 type: string title: |- Algorithm for message hash type: array encryption_algorithms: description: |- Encryption algorithm is used during Internet Key Exchange(IKE) negotiation. Default is AES_128. items: description: | IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GCM_128 uses 128-bit keys. AES_GCM_192 uses 192-bit keys. AES_GCM_256 uses 256-bit keys. enum: - AES_128 - AES_256 - AES_GCM_128 - AES_GCM_192 - AES_GCM_256 type: string title: |- Encryption algorithm for IKE type: array ike_version: default: IKE_V2 description: |- IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. enum: - IKE_V1 - IKE_V2 - IKE_FLEX title: |- IKE version type: string sa_life_time: default: 86400 description: |- Life time for security association. Default is 86400 seconds (1 day). format: int64 maximum: 31536000 minimum: 21600 title: |- Security association (SA) life time type: integer type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- IKE Profile is a reusable profile that captures IKE phase one negotiation parameters. Any changes affects all IPSec VPN sessions consuming this profile. title: |- Internet key exchange (IKE) profile x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnLocalEndpoint: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: certificate_path: description: |- Policy path referencing site certificate. title: |- Certificate path type: string local_address: description: |- IPV4 Address of local endpoint. format: ipv4 type: string local_id: description: |- Local identifier. title: |- Local identifier type: string trust_ca_paths: description: |- List of policy paths referencing certificate authority (CA) to verify peer certificates. items: type: string title: |- Certificate authority (CA) paths type: array trust_crl_paths: description: |- List of policy paths referencing certificate revocation list (CRL) to peer certificates. items: type: string title: |- Certificate revocation list (CRL) paths type: array required: - local_address type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Local endpoint represents a tier-0/tier-1 on which tunnel needs to be terminated. title: |- IPSec VPN Local Endpoint x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: default: PROTECT description: | PROTECT - Protect rules are defined per policy based IPSec VPN session. BYPASS - Bypass rules are defined per IPSec VPN service and affects all policy based IPSec VPN sessions. Bypass rules are prioritized over protect rules. enum: - PROTECT - BYPASS readOnly: true title: |- Action to be applied type: string destinations: description: | List of peer subnets. Specifying no value is interpreted as 0.0.0.0/0. items: $ref: '#/definitions/IPSecVpnSubnet' maxItems: 128 title: |- Destination list type: array enabled: default: true description: |- A flag to enable/disable the rule. title: |- Enabled flag type: boolean logged: default: false description: |- A flag to enable/disable the logging for the rule. title: |- Logging flag type: boolean sequence_number: description: |- A sequence number is used to give a priority to an IPSecVpnRule. format: int32 minimum: 0 title: |- Sequence number of the IPSecVpnRule type: integer sources: description: | List of local subnets. Specifying no value is interpreted as 0.0.0.0/0. items: $ref: '#/definitions/IPSecVpnSubnet' maxItems: 128 title: |- Source list type: array type: object x-vmw-nsx-module: PolicyIPSecVpn description: "For policy-based IPsec VPNs, a security policy specifies as its\ \ action the VPN tunnel to be used for transit traffic that meets the policy\u2019\ s match criteria." title: |- IPSec VPN Rule x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnService: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: bypass_rules: description: | Bypass policy rules are configured using VPN service. Bypass rules always have higher priority over protect rules and they affect all policy based vpn sessions associated with the IPSec VPN service. Protect rules are defined per policy based vpn session. items: $ref: '#/definitions/IPSecVpnRule' title: |- Bypass Policy rules type: array enabled: default: true description: |- If true, enable VPN services for given locale service. title: |- Enable virtual private network (VPN) service type: boolean ha_sync: default: true description: |- Enable/disable IPSec HA state sync. IPSec HA state sync can be disabled if in case there are performance issues w.r.t. the state sync messages. title: |- Flag to enable IPSec HA State Sync type: boolean ike_log_level: default: INFO description: |- Log level for internet key exchange (IKE). enum: - DEBUG - INFO - WARN - ERROR - EMERGENCY title: |- Internet key exchange (IKE) log level type: string type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- Create and manage IPSec VPN service for given locale service. title: |- IPSec VPN service x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnSession: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: authentication_mode: default: PSK description: | Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. enum: - PSK - CERTIFICATE title: |- Authentication Mode type: string compliance_suite: description: | Compliance suite. enum: - CNSA - SUITE_B_GCM_128 - SUITE_B_GCM_256 - PRIME - FOUNDATION - FIPS - NONE title: |- Compliance suite type: string connection_initiation_mode: default: INITIATOR description: | Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. enum: - INITIATOR - RESPOND_ONLY - ON_DEMAND title: |- Connection initiation mode type: string dpd_profile_path: description: |- Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile. title: |- Dead peer detection (DPD) profile path type: string enabled: default: true description: |- Enable/Disable IPSec VPN session. title: |- Enable/Disable IPSec VPN session type: boolean ike_profile_path: description: |- Policy path referencing IKE profile to be used. Default is set according to system default profile. title: |- Internet key exchange (IKE) profile path type: string local_endpoint_path: description: |- Policy path referencing Local endpoint. title: |- Local endpoint path type: string peer_address: description: |- Public IPV4 address of the remote device terminating the VPN connection. title: |- IPV4 address of peer endpoint on remote site type: string peer_id: description: |- Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. title: |- Peer id type: string psk: description: |- IPSec Pre-shared key. Maximum length of this field is 128 characters. title: |- Pre-shared key type: string resource_type: description: | A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site. enum: - PolicyBasedIPSecVpnSession - RouteBasedIPSecVpnSession type: string tcp_mss_clamping: $ref: '#/definitions/TcpMaximumSegmentSizeClamping' description: | TCP Maximum Segment Size Clamping Direction and Value. title: |- TCP MSS Clamping tunnel_profile_path: description: |- Policy path referencing Tunnel profile to be used. Default is set to system default profile. title: |- IPSec tunnel profile path type: string required: - peer_address - peer_id - local_endpoint_path - resource_type type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- VPN session defines connection between local and peer endpoint. Until VPN session is defined configuration is not realized. title: |- IPSec VPN session x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnSubnet: description: |- Used to specify the local/peer subnets in IPSec VPN rule. properties: subnet: description: |- Subnet used in policy rule. format: ipv4-cidr-block type: string required: - subnet title: |- Subnet for IPSec Policy based VPN type: object x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnTunnelInterface: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ip_subnets: description: |- IP Tunnel interface (commonly referred as VTI) subnet. items: $ref: '#/definitions/TunnelInterfaceIPSubnet' maxItems: 1 minItems: 1 title: |- IP Tunnel interface subnet type: array required: - ip_subnets type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- IP tunnel interface configuration. title: |- IP tunnel interface configuration x-vmw-nsx-module: PolicyIPSecVpn IPSecVpnTunnelProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: df_policy: default: COPY description: |- Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet. enum: - COPY - CLEAR title: |- Policy for handling defragmentation bit type: string dh_groups: description: |- Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. items: description: | Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1048-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. GROUP19 uses 256-bit Random Elliptic Curve (ECP) group. GROUP20 uses 384-bit Random ECP group. GROUP21 uses 521-bit Random ECP group. enum: - GROUP2 - GROUP5 - GROUP14 - GROUP15 - GROUP16 - GROUP19 - GROUP20 - GROUP21 type: string title: |- Dh group type: array digest_algorithms: description: |- Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm "AES_GCM_128". items: description: | The IPSecDigestAlgorithms are used to verify message integrity during IPSec VPN tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. enum: - SHA1 - SHA2_256 - SHA2_384 - SHA2_512 type: string title: |- Algorithm for message hash type: array enable_perfect_forward_secrecy: default: true description: |- If true, perfect forward secrecy (PFS) is enabled. title: |- Enable perfect forward secrecy type: boolean encryption_algorithms: description: |- Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. items: description: | IPSecEncryptionAlgorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encyption. Digest algorithm should be empty for this option. enum: - AES_128 - AES_256 - AES_GCM_128 - AES_GCM_192 - AES_GCM_256 - NO_ENCRYPTION_AUTH_AES_GMAC_128 - NO_ENCRYPTION_AUTH_AES_GMAC_192 - NO_ENCRYPTION_AUTH_AES_GMAC_256 - NO_ENCRYPTION type: string title: |- Encryption algorithm to use in IPSec tunnel establishement type: array extended_attributes: description: | Collection of type specific properties. As of now, to hold encapsulation mode and transform protocol. items: $ref: '#/definitions/AttributeVal' readOnly: true title: |- Extended Attributes. type: array sa_life_time: default: 3600 description: |- SA life time specifies the expiry time of security association. Default is 3600 seconds. format: int64 maximum: 31536000 minimum: 900 title: |- Security association (SA) life time type: integer type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- IPSec VPN tunnel profile is a reusable profile that captures phase two negotiation parameters and IPSec tunnel properties. Any changes affects all IPSec VPN sessions consuming this profile. title: |- IPSec VPN tunnel profile x-vmw-nsx-module: PolicyIPSecVpn IPv4DiscoveryOptions: description: |- Contains IPv4 related discovery options. properties: arp_snooping_config: $ref: '#/definitions/ArpSnoopingConfig' description: |- Indicates ARP snooping options title: |- ARP snooping configuration dhcp_snooping_enabled: default: true description: |- Indicates whether DHCP snooping is enabled title: |- Is DHCP snooping enabled or not type: boolean vmtools_enabled: default: true description: | Indicates whether fetching IP using vm-tools is enabled. This option is only supported on ESX where vm-tools is installed. title: |- Is VM tools enabled or not type: boolean title: |- IPv4 discovery options type: object x-vmw-nsx-module: PolicyIpDiscovery IPv6DADStatus: description: |- IPv6 DAD status properties: ip_address: description: | IP address on the port for which DAD status is reported. format: ip readOnly: true type: string status: description: | DAD status for IP address on the port. enum: - DUPLICATED - TENTATIVE - ASSIGNED - NOT_APPLICABLE - UNKNOWN readOnly: true type: string transport_node: description: | Array of transport node id on which DAD status is reported for given IP address. items: $ref: '#/definitions/ResourceReference' readOnly: true title: |- Transport node type: array title: |- IPv6 DAD status type: object x-vmw-nsx-module: LogicalRouterPorts IPv6DiscoveryOptions: description: |- Contains IPv6 related discovery options. properties: dhcp_snooping_v6_enabled: default: false description: | Enable this method will snoop the DHCPv6 message transaction which a VM makes with a DHCPv6 server. From the transaction, we learn the IPv6 addresses assigned by the DHCPv6 server to this VM along with its lease time. title: |- Is DHCP snoping v6 enabled or not type: boolean nd_snooping_config: $ref: '#/definitions/NdSnoopingConfig' description: |- Indicates ND snooping options title: |- ND snooping configuration vmtools_v6_enabled: default: false description: | Enable this method will learn the IPv6 addresses which are configured on interfaces of a VM with the help of the VMTools software. type: boolean title: |- IPv6 discovery options type: object x-vmw-nsx-module: PolicyIpDiscovery IPv6Status: description: |- IPv6 status properties: connected_segment_path: description: | Path of the segment attached to the interface. readOnly: true title: |- Connected segment path type: string dad_statuses: description: | Array of DAD status which contains DAD information for IP addresses on the interface. items: $ref: '#/definitions/IPv6DADStatus' readOnly: true title: |- IPv6 DAD status type: array interface_id: description: | Policy path or realization ID of interface for which IPv6 DAD status is returned. title: |- Policy path or realization ID of interface type: string title: |- IPv6 status type: object x-vmw-nsx-module: PolicyConnectivityStatistics IcmpEchoRequestHeader: properties: id: default: 0 description: |- ICMP id format: int64 maximum: 65535 minimum: 0 title: |- ICMP id type: integer sequence: default: 0 description: |- ICMP sequence number format: int64 maximum: 65535 minimum: 0 title: |- ICMP sequence number type: integer type: object x-vmw-nsx-module: Traceflow IcmpPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyLbMonitorProfile' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over ICMP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healt hchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over ICMP x-vmw-nsx-module: TempPolicyLoadBalancer Icon: description: |- Icon to be applied at dashboard for widgets and UI elements. properties: placement: default: PRE description: |- If specified as PRE, the icon appears before the UI element. If set as POST, the icon appears after the UI element. enum: - PRE - POST title: |- Position at which to display icon, if any type: string tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the icon. items: $ref: '#/definitions/Tooltip' title: |- Multi-line tooltip type: array type: description: |- Icon will be rendered based on its type. For example, if ERROR is chosen, then icon representing error will be rendered. enum: - ERROR - WARNING - INFO - INPROGRESS - SUCCESS - DETAIL - NOT_AVAILABLE - SECURITY - NETWORKING - LOAD_BALANCER - VPN - DOMAIN - GROUP - DISTRIBUTED_FIREWALL - NETWORKING_TIER0 - NETWORKING_TIER1 - SEGMENT - SYSTEM - SYSTEM_FABRIC - SYSTEM_BACKUPRESTORE - INVENTORY_GROUPS - SECURITY_DFW title: |- Type of icon type: string title: |- Icon type: object x-vmw-nsx-module: NsxDashboard IdentityGroupExpression: allOf: - $ref: '#/definitions/Expression' - properties: identity_groups: description: |- This array consists of set of identity group object. All members within this array are implicitly OR'ed together. items: $ref: '#/definitions/IdentityGroupInfo' maxItems: 500 minItems: 1 title: |- Array of identity group type: array required: - identity_groups type: object x-vmw-nsx-module: Policy description: |- Represents a list of identity group (Ad group SID) expressions. title: |- IdentityGroup expression node x-vmw-nsx-module: Policy IdentityGroupInfo: description: |- Identity (Directory) group properties: distinguished_name: description: | Each LDAP object is uniquely identified by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas. e.g. CN=Larry Cole,CN=admin,DC=corp,DC=acme,DC=com. A valid fully qualified distinguished name should be provided to include specific groups else the create / update realization of the Group containing an invalid/ partial DN will fail. This value is valid only if it matches to exactly 1 LDAP object on the LDAP server. title: |- LDAP distinguished name type: string domain_base_distinguished_name: description: | This is the base distinguished name for the domain where this particular group resides. (e.g. dc=example,dc=com) Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head. title: |- Identity (Directory) domain base distinguished name type: string sid: description: | A security identifier (SID) is a unique value of variable length used to identify a trustee. A SID consists of the following components: The revision level of the SID structure; A 48-bit identifier authority value that identifies the authority that issued the SID; A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID. This field is only populated for Microsoft Active Directory identity store. title: |- Identity (Directory) Group SID (security identifier) type: string required: - distinguished_name - domain_base_distinguished_name title: |- Identity (Directory) group type: object x-vmw-nsx-module: PolicyIdentity IdentitySourceLdapServer: description: |- Information about a single LDAP server. properties: bind_identity: description: |- A username used to authenticate to the directory when admnistering roles in NSX. This user should have privileges to search the LDAP directory for groups and users. This user is also used in some cases (OpenLDAP) to look up an NSX user's distinguished name based on their NSX login name. If omitted, NSX will authenticate to the LDAP server using an LDAP anonymous bind operation. For Active Directory, provide a userPrincipalName (e.g. administrator@airius.com) or the full distinguished nane. For OpenLDAP, provide the distinguished name of the user (e.g. uid=admin, cn=airius, dc=com). title: |- Username or DN for LDAP authentication type: string certificates: description: |- If using LDAPS or STARTTLS, provide the X.509 certificate of the LDAP server in PEM format. This property is not required when connecting without TLS encryption and is ignored in that case. items: type: string title: |- TLS certificate(s) for LDAP server(s) type: array enabled: default: true description: |- Allows the LDAP server to be enabled or disabled. When disabled, this LDAP server will not be used to authenticate users. title: |- If true, this LDAP server is enabled type: boolean password: description: |- A password used when authenticating to the directory. title: |- Username for LDAP authentication type: string url: description: |- The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme. title: |- The URL for the LDAP server type: string use_starttls: default: false description: | If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS. title: |- Eanble/disable StartTLS type: boolean required: - url title: |- An LDAP server type: object x-vmw-nsx-module: LdapIdentitySources IdentitySourceLdapServerEndpoint: description: |- Information about a single LDAP server endpoint. properties: url: description: |- The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme. title: |- The URL for the LDAP server type: string use_starttls: default: false description: | If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS. title: |- Eanble/disable StartTLS type: boolean required: - url title: |- An LDAP server endpoint type: object x-vmw-nsx-module: LdapIdentitySources IdentitySourceLdapServerProbeResult: description: |- The results of probing an individual LDAP server. properties: errors: description: |- Detail about errors encountered during the probe. items: $ref: '#/definitions/LdapProbeError' title: |- Error details type: array result: description: |- Overall result of the probe. If the probe was able to connect to the LDAP service, authenticate using the provided credentials, and perform searches of the configured user and group search bases without error, the result is SUCCESS. Otherwise, the result is FAILURE, and additional details may be found in the errors property. enum: - SUCCESS - FAILURE title: |- Overall result type: string url: description: |- THe URL of the probed LDAP host. title: |- LDAP Server URL type: string title: |- Results from one LDAP server probe type: object x-vmw-nsx-module: LdapIdentitySources IdsClusterConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cluster: $ref: '#/definitions/PolicyResourceReference' description: |- Contains policy resource reference object readOnly: false title: |- PolicyResourceReference ids_enabled: description: |- If set to true, IDS is enabled on the respective cluster readOnly: false title: |- Ids enabled flag type: boolean required: - cluster - ids_enabled type: object x-vmw-nsx-module: PolicyIDS description: | IDS configuration to enable/disable IDS on cluster level. title: |- Intrusion Detection System cluster configuration x-vmw-nsx-module: PolicyIDS IdsProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: severities: description: | Represents the severities of signatures which are part of this profile. items: $ref: '#/definitions/IdsProfileSeverity' title: |- IDS Profile severity type: array required: - severities type: object x-vmw-nsx-module: PolicyIDS description: | IDS Profile which contains the signatures and will be used in IDS rules. title: |- Intrusion Detection System Profile x-vmw-nsx-module: PolicyIDS IdsProfileSeverity: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ignore_signatures: description: | Contains the id of signatures that will be ignored as part of the profile. items: type: string title: |- Represents the signatures that will be ignored type: array severity: description: | Represents the severity of a profile. enum: - CRITICAL - HIGH - MEDIUM - LOW title: |- Severity of profile type: string required: - severity type: object x-vmw-nsx-module: PolicyIDS description: | Intrusion Detection System Profile severity. title: |- Intrusion Detection System Profile severity x-vmw-nsx-module: PolicyIDS IdsRule: allOf: - $ref: '#/definitions/BaseRule' - properties: action: description: | The action to be applied. enum: - DETECT title: |- Action type: string ids_profiles: description: | collections of IDS profiles. items: type: string maxItems: 1 minItems: 1 title: |- IDS profiles type: array type: object x-vmw-nsx-module: PolicyIDS description: |- Represents the Intrusion Detection System rule which indicates the action to be performed for the corresponding workload groups. title: |- A rule specifies the IDS security policy rule between the workload groups x-vmw-nsx-module: PolicyIDS IdsSecurityPolicy: allOf: - $ref: '#/definitions/Policy' - properties: rules: description: |- IDS Rules that are a part of this SecurityPolicy items: $ref: '#/definitions/IdsRule' title: |- IDS Rules that are a part of this SecurityPolicy type: array type: object x-vmw-nsx-module: PolicyIDS description: | Represents the Intrusion Detection System Security Policy, which contains the list of IDS Rules. title: |- Contains ordered list of IDS Rules x-vmw-nsx-module: PolicyIDS IdsSignature: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: attack_target: description: | Target of the signature. title: |- Signature attack target type: string categories: description: | Represents the internal categories a signature belongs to. items: description: | Represents the internal categories. APPLICATION : IDS signature having protocol comes under APPLICATION internal category. MALWARE: IDS signature having malware_family comes under this internal category. VULNERABILITY : IDS signature having cvssv3 score comes under this internal category. enum: - APPLICATION - MALWARE - VULNERABILITY type: string title: |- IDS Signature Internal category type: array class_type: description: | Class type of Signature. title: |- Signature class type type: string cves: description: | CVE score items: type: string title: |- Represents the cve score. type: array cvssv2: description: | Signature cvssv2 score. title: |- Signature cvssv2 score type: string cvssv3: description: | Signature cvssv3 score. title: |- Signature cvssv3 score type: string flow: description: | Flow established from server, from client etc. title: |- Flow established. type: string name: description: | Signature name. title: |- Represents the signature name type: string product_affected: description: | Product affected by this signature. title: |- Signature product affected type: string severity: description: | Represents the severity of the Signature. title: |- Signature severity type: string signature_id: description: | Represents the Signature's id. title: |- Signature ID type: string signature_revision: description: | Represents revision of the Signature. title: |- Signature revision type: string urls: description: | List of mitre attack URLs pertaining to signature items: type: string title: |- List of mitre attack URLs pertaining to signature. type: array type: object x-vmw-nsx-module: PolicyIDS description: | Intrusion Detection System Signature . title: |- Intrusion Detection System Signature x-vmw-nsx-module: PolicyIDS IdsStandaloneHostConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ids_enabled: description: |- If set to true, IDS is enabled on standalone hosts. readOnly: false title: |- IDS enabled flag type: boolean required: - ids_enabled type: object x-vmw-nsx-module: PolicyIDS description: | IDS configuration to enable/disable IDS on standalone host level. title: |- Intrusion Detection System configuration x-vmw-nsx-module: PolicyIDS IncludedFieldsParameters: description: |- A list of fields to include in query results properties: included_fields: description: |- Comma separated list of fields that should be included in query result title: |- Comma separated list of fields that should be included in query result type: string title: |- A list of fields to include in query results type: object x-vmw-nsx-module: Common Infra: allOf: - $ref: '#/definitions/AbstractSpace' - properties: domains: description: | This field is used while creating or updating the infra space. items: $ref: '#/definitions/Domain' title: |- Domains for infra type: array type: object x-vmw-nsx-module: Policy description: |- Infra space related policy. title: |- Infra x-vmw-nsx-module: Policy IngressBroadcastRateLimiter: allOf: - $ref: '#/definitions/QoSBaseRateLimiter' - properties: average_bandwidth: default: 0 description: |- Average bandwidth in kb/s format: int32 minimum: 0 title: |- Average bandwidth in kb/s type: integer burst_size: default: 0 description: |- Burst size in bytes format: int32 minimum: 0 title: |- Burst size in bytes type: integer peak_bandwidth: default: 0 description: |- Peak bandwidth in kb/s format: int32 minimum: 0 title: |- Peak bandwidth in kb/s type: integer type: object x-vmw-nsx-module: PolicyQoS description: |- A shaper that specifies ingress rate properties in kb/s title: |- A shaper that specifies ingress rate properties in kb/s x-vmw-nsx-module: PolicyQoS IngressRateLimiter: allOf: - $ref: '#/definitions/QoSBaseRateLimiter' - properties: average_bandwidth: default: 0 description: |- You can use the average bandwidth to reduce network congestion. format: int32 minimum: 0 title: |- Average bandwidth in Mb/s type: integer burst_size: default: 0 description: |- The burst duration is set in the burst size setting. format: int32 minimum: 0 title: |- Burst size in bytes type: integer peak_bandwidth: default: 0 description: |- The peak bandwidth rate is used to support burst traffic. format: int32 minimum: 0 title: |- Peak bandwidth in Mb/s type: integer type: object x-vmw-nsx-module: PolicyQoS description: |- A shaper that specifies ingress rate properties in Mb/s title: |- A shaper that specifies ingress rate properties in Mb/s x-vmw-nsx-module: PolicyQoS InitiateClusterRestoreRequest: properties: ip_address: description: |- IP address or FQDN of the node from which the backup was taken format: hostname-or-ip readOnly: true title: |- IP address or FQDN of the node from which the backup was taken type: string node_id: description: | Unique id of the backed-up configuration from which the appliance will be restored readOnly: true title: | Unique id of the backed-up configuration from which the appliance will be restored type: string timestamp: description: | Timestamp of the backed-up configuration from which the appliance will be restored format: int64 readOnly: true type: integer type: object x-vmw-nsx-module: ClusterRestore Injection: description: | Injection holding a key and a corresponding value. properties: key: description: |- Injection key. title: |- Key type: string value: $ref: '#/definitions/InjectionValue' description: |- Injection value. title: |- Value required: - value - key title: |- Injection type: object x-vmw-nsx-module: PolicyReaction InjectionValue: description: | Injection Value. discriminator: resource_type properties: resource_type: description: | Injection Value resource type. enum: - UnaryOperationBasedInjectionValue title: |- Resource Type type: string required: - resource_type title: |- Injection Value type: object x-vmw-nsx-module: PolicyReaction InstructionInfo: description: |- Details of the instructions displayed during restore process properties: actions: description: |- A list of actions that are to be applied to resources items: type: string readOnly: true title: |- Actions list type: array fields: description: |- A list of fields that are displayable to users in a table items: type: string readOnly: true title: |- Displayable fields type: array id: description: |- UUID of the instruction readOnly: true title: |- UUID of the instruction type: string name: description: |- Instruction name readOnly: true title: |- Instruction name type: string title: |- Details of the instructions displayed during restore process type: object x-vmw-nsx-module: ClusterRestore IntentRuntimeRequestParameters: description: | Request parameters that represents a an intent path. properties: intent_path: description: | Policy Path referencing an intent object. title: |- Policy Path of the intent object type: string site_path: description: | Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites title: |- Policy Path of the site from where the realization status needs to be fetched type: string required: - intent_path title: |- Request Parameters for Intent Runtime Information type: object x-vmw-nsx-module: PolicyBaseStatistics InterSitePortCounters: allOf: - $ref: '#/definitions/LogicalRouterPortCounters' - type: object x-vmw-nsx-module: AggSvcInterSite x-vmw-nsx-module: AggSvcInterSite InterfaceArpCsvRecord: allOf: - $ref: '#/definitions/CsvRecord' - properties: ip: description: |- The IP address format: ip type: string mac_address: description: |- The MAC address title: |- The MAC address type: string required: - ip - mac_address type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceArpEntry: properties: ip: description: |- The IP address format: ip type: string mac_address: description: |- The MAC address title: |- The MAC address type: string required: - ip - mac_address type: object x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceArpTable: allOf: - $ref: '#/definitions/ListResult' - properties: edge_path: description: | Policy path of edge node. title: |- Policy path of edge node type: string enforcement_point_path: description: | String Path of the enforcement point. title: |- Enforcement point path type: string interface_path: description: |- The ID of the logical router port title: |- The ID of the logical router port type: string last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/InterfaceArpEntry' type: array required: - interface_path type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceArpTableInCsvFormat: allOf: - $ref: '#/definitions/CsvListResult' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer results: items: $ref: '#/definitions/InterfaceArpCsvRecord' type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceDADState: description: |- Duplicate address detection status on the interface. properties: dad_statuses: description: | Array of DAD status which contains DAD information for IP addresses on the interface. items: $ref: '#/definitions/InterfaceIPv6DADStatus' readOnly: true title: |- IPv6 DAD status type: array interface_path: description: | Policy path or realization ID of interface for which IPv6 DAD status is returned. readOnly: true title: |- Policy path or realization ID of interface type: string title: |- Interface DAD status type: object x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceIPv6DADStatus: description: |- Duplicate address detection status for IP address on the interface. properties: edge_paths: description: | Array of edge nodes on which DAD status is reported for given IP address. items: type: string readOnly: true title: |- Edge node paths type: array ip_address: description: | IP address on the port for which DAD status is reported. format: ip readOnly: true type: string status: description: | DAD status for IP address on the port. enum: - DUPLICATED - TENTATIVE - ASSIGNED - NOT_APPLICABLE - UNKNOWN readOnly: true type: string title: |- IPv6 DAD status for Interface type: object x-vmw-nsx-module: PolicyConnectivityStatistics InterfaceSubnet: description: |- Subnet specification for interface connectivity properties: ip_addresses: description: |- IP addresses assigned to interface items: description: |- IPv4 or IPv6 address format: ip type: string title: |- IP addresses assigned to interface type: array prefix_len: description: |- Subnet prefix length format: int32 maximum: 128 minimum: 1 title: |- Subnet prefix length type: integer required: - ip_addresses - prefix_len title: |- Subnet specification for interface connectivity type: object x-vmw-nsx-module: PolicyConnectivity IntersiteGatewayConfig: description: |- Intersite gateway configuration. properties: fallback_sites: description: | Fallback site to be used as new primary site on current primary site failure. Disaster recovery must be initiated via API/UI. Fallback site configuration is supported only for T0 gateway. T1 gateway will follow T0 gateway's primary site during disaster recovery. items: type: string title: |- Fallback sites type: array intersite_transit_subnet: default: 169.254.32.0/20 description: | IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured. format: ip-cidr-block title: |- Transit subnet in CIDR format type: string last_admin_active_epoch: description: | Epoch(in seconds) is auto updated based on system current timestamp when primary locale service is updated. It is used for resolving conflict during site failover. If system clock not in sync then User can optionally override this. New value must be higher than the current value. format: int64 maximum: 4294967295 title: |- Epoch of last time admin changing active LocaleServices type: integer primary_site_path: description: | Primary egress site for gateway. T0/T1 gateway in Active/Standby mode supports stateful services on primary site. In this mode primary site must be set if gateway is stretched to more than one site. For T0 gateway in Active/Active primary site is optional field. If set then secondary site prefers routes learned from primary over locally learned routes. This field is not applicable for T1 gateway with no services. title: |- Primary egress site for gateway. type: string title: |- Intersite gateway configuration type: object x-vmw-nsx-module: PolicyConnectivity IntervalBackupSchedule: allOf: - $ref: '#/definitions/BackupSchedule' - properties: seconds_between_backups: default: 3600 description: |- Time interval in seconds between two consecutive automated backups format: int64 maximum: 86400 minimum: 300 title: |- Time interval in seconds between two consecutive automated backups type: integer type: object x-vmw-nsx-module: BackupConfiguration description: |- Schedule to specify the interval time at which automated backups need to be taken title: |- Schedule to specify the interval time at which automated backups need to be taken x-vmw-nsx-module: BackupConfiguration IpAddressAllocation: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: allocation_ip: description: |- Address that is allocated from pool format: ip readOnly: true type: string type: object x-vmw-nsx-module: PolicyIpam description: |- Allocation parameters for the IP address (e.g. specific IP address) can be specified. Tags, display_name and description attributes are not supported in this release. title: |- Parameters for IP allocation x-vmw-nsx-module: PolicyIpam IpAddressBlock: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cidr: description: |- Represents a network address and the prefix length which will be associated with a layer-2 broadcast domain. Support IPv4 and IPv6 CIDR. format: ip-cidr-block title: |- A contiguous IP address space represented by network address and prefix length type: string required: - cidr type: object x-vmw-nsx-module: PolicyIpam description: |- A block of IP addresses defined by a start address and a mask/prefix (network CIDR). An IP block is typically large & allocated to a tenant for automated consumption. An IP block is always a contiguous address space, for example 192.0.0.1/8. An IP block can be further subdivided into subnets called IP block subnets. These IP block subnets can be added to IP pools and used for IP allocation. title: |- IP address space represented by network address and prefix x-vmw-nsx-module: PolicyIpam IpAddressInfo: description: |- Ipaddress information of the fabric node. properties: ip_addresses: description: |- IP Addresses of the the virtual network interface, as discovered in the source. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- IP Addresses of the the virtual network interface, as discovered in the source. type: array source: description: |- Source of the ipaddress information. enum: - VM_TOOLS readOnly: true title: |- Source of the ipaddress information. type: string title: |- Ipaddress information of the fabric node. type: object x-vmw-nsx-module: Inventory IpAddressPool: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ip_release_delay: description: |- Delay in milliseconds, while releasing allocated IP address from IP pool (Default is 2 mins). format: int64 title: |- IP address release delay in milliseconds type: integer type: object x-vmw-nsx-module: PolicyIpam description: |- IpAddressPool is a collection of subnets. The subnets can either be derived from an IpBlock or specified by the user. User can request for IP addresses to be allocated from a pool. When an IP is requested from a pool, the IP that is returned can come from any subnet that belongs to the pool. title: |- A collection of IP subnets x-vmw-nsx-module: PolicyIpam IpAddressPoolBlockSubnet: allOf: - $ref: '#/definitions/IpAddressPoolSubnet' - properties: auto_assign_gateway: default: true description: |- If this property is set to true, the first IP in the range will be reserved for gateway. title: |- Indicate whether default gateway is to be reserved from the range type: boolean ip_block_path: description: |- The path of the IpAddressBlock from which the subnet is to be created. title: |- The path of the IpAddressBlock from which the subnet is to be created. type: string size: description: |- The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later. format: int64 title: |- Represents the size or number of IP addresses in the subnet type: integer start_ip: description: |- For internal system use Only. Represents start ip address of the subnet from IP block. Subnet ip adddress will start from this ip address. format: ip type: string required: - ip_block_path - size type: object x-vmw-nsx-module: PolicyIpam description: |- This type of subnet allows user to dynamically carve a subnet out of a preconfigured IpAddressBlock. The user must specify the size of the subnet and the IpAddressBlock from which the subnet is to be derived. If the required amount of IP adress space is available in the specified IpAddressBlock, the system automatically configures subnet range. title: |- IpAddressPoolSubnet dynamically carved out of a IpAddressBlock x-vmw-nsx-module: PolicyIpam IpAddressPoolStaticSubnet: allOf: - $ref: '#/definitions/IpAddressPoolSubnet' - properties: allocation_ranges: description: |- A collection of IPv4 or IPv6 IP Pool Ranges. items: $ref: '#/definitions/IpPoolRange' title: |- A collection of IPv4 or IPv6 IP Pool Ranges. type: array cidr: description: |- Subnet representation is a network address and prefix length title: |- Subnet representation is a network address and prefix length type: string dns_nameservers: description: |- The collection of upto 3 DNS servers for the subnet. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 3 title: |- The collection of upto 3 DNS servers for the subnet. type: array uniqueItems: true dns_suffix: description: |- The DNS suffix for the DNS server. format: hostname title: |- The DNS suffix for the DNS server. type: string gateway_ip: description: |- The default gateway address on a layer-3 router. format: ip type: string required: - cidr - allocation_ranges type: object x-vmw-nsx-module: PolicyIpam description: |- This type of subnet is statically configured by the user. The user provides the range details and the gateway for the subnet. title: |- IpAddressPoolSubnet statically configured by a user x-vmw-nsx-module: PolicyIpam IpAddressPoolSubnet: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: description: |- Specifies whether the IpAddressPoolSubnet is to be carved out of a IpAddressBlock or will be specified by the user enum: - IpAddressPoolBlockSubnet - IpAddressPoolStaticSubnet type: string required: - resource_type type: object x-vmw-nsx-module: PolicyIpam description: |- IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified by the user. In the first case where the subnet is carved out of a IpAddressBlock, the user must specify the ID of the block from which this subnet is to be derived. This block must be pre-created. The subnet range is auto populated by the system. In the second case, the user configures the subnet range directly. No IpAddressBlock is required. title: |- Abstract class for IpSubnet in a IpAddressPool x-vmw-nsx-module: PolicyIpam IpPoolRange: allOf: - $ref: '#/definitions/Resource' - properties: end: description: |- The end IP Address of the IP Range. format: ip type: string start: description: |- The start IP Address of the IP Range. format: ip type: string required: - start - end type: object x-vmw-nsx-module: Ipam description: |- A set of IPv4 or IPv6 addresses defined by a start and end address. x-vmw-nsx-module: Ipam Ipv4Header: properties: dst_ip: description: |- The destination ip address. format: ipv4 type: string flags: default: 0 description: |- IP flags format: int64 maximum: 8 minimum: 0 title: |- IP flags type: integer protocol: default: 1 description: |- IP protocol - defaults to ICMP format: int64 maximum: 255 minimum: 0 title: |- IP protocol - defaults to ICMP type: integer src_ip: description: |- The source ip address. format: ipv4 type: string src_subnet_prefix_len: description: |- This is used together with src_ip to calculate dst_ip for broadcast when dst_ip is not given; not used in all other cases. format: int64 maximum: 32 minimum: 1 title: |- source subnet prefix length. type: integer ttl: default: 64 description: |- Time to live (ttl) format: int64 maximum: 255 minimum: 0 title: |- Time to live (ttl) type: integer type: object x-vmw-nsx-module: Traceflow Ipv6DadProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dad_mode: default: LOOSE description: |- DAD Mode enum: - LOOSE - STRICT type: string ns_retries: default: 3 description: | Number of Neighbor solicitation packets generated before completing the Duplicate address detection process. format: int64 maximum: 10 minimum: 0 title: |- NS retries count type: integer wait_time: default: 1 description: | The time duration in seconds, to wait for Neighbor advertisement after sending the Neighbor solicitation message. format: int64 maximum: 60 minimum: 0 title: |- Wait time type: integer type: object x-vmw-nsx-module: PolicyConnectivity description: | Duplicate address detection profile. x-vmw-nsx-module: PolicyConnectivity Ipv6DadProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of Ipv6DadProfile items: $ref: '#/definitions/Ipv6DadProfile' title: |- Paginated list of Ipv6DadProfile type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity Ipv6Header: properties: dst_ip: description: |- The destination ip address. format: ipv6 type: string hop_limit: default: 64 description: |- Decremented by 1 by each node that forwards the packets. The packet is discarded if Hop Limit is decremented to zero. format: int64 maximum: 255 minimum: 0 title: |- hop limit type: integer next_header: default: 58 description: |- Identifies the type of header immediately following the IPv6 header. format: int64 maximum: 255 minimum: 0 title: |- Identifies the type of header immediately following the IPv6 header. type: integer src_ip: description: |- The source ip address. format: ipv6 type: string type: object x-vmw-nsx-module: Traceflow Ipv6NdraProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dns_config: $ref: '#/definitions/RaDNSConfig' description: |- DNS Configurations title: |- DNS Configurations ra_config: $ref: '#/definitions/RAConfig' description: |- RA Configuration title: |- RA Configuration ra_mode: default: SLAAC_DNS_THROUGH_RA description: |- RA Mode enum: - DISABLED - SLAAC_DNS_THROUGH_RA - SLAAC_DNS_THROUGH_DHCP - DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP type: string reachable_timer: default: 0 description: | Neighbour reachable time duration in milliseconds. A value of 0 means unspecified. format: int64 maximum: 3600000 minimum: 0 title: |- Reachable timer type: integer retransmit_interval: default: 1000 description: | The time, in milliseconds, between retransmitted neighbour solicitation messages. A value of 0 means unspecified. format: int64 maximum: 4294967295 minimum: 0 title: |- Retransmission interval type: integer required: - ra_mode - ra_config type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity Ipv6NdraProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paginated list of Ipv6NdraProfile items: $ref: '#/definitions/Ipv6NdraProfile' title: |- Paginated list of Ipv6NdraProfile type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity x-vmw-nsx-module: PolicyConnectivity KeyValuePair: description: |- An arbitrary key-value pair properties: key: description: |- Key maxLength: 255 readOnly: false title: |- Key type: string value: description: |- Value maxLength: 255 readOnly: false title: |- Value type: string required: - value - key title: |- An arbitrary key-value pair type: object x-vmw-nsx-module: Common L2BridgeEndpointProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: edge_paths: description: |- List of policy paths to edge nodes. Edge allocation for L2 bridging. items: type: string maxItems: 2 minItems: 1 title: |- List of path of Edge nodes type: array failover_mode: default: PREEMPTIVE description: |- Failover mode for the edge bridge cluster enum: - PREEMPTIVE - NON_PREEMPTIVE title: |- Failover mode for the edge bridge cluster type: string ha_mode: default: ACTIVE_STANDBY description: |- High avaialability mode can be active-active or active-standby. High availability mode cannot be modified after realization. enum: - ACTIVE_STANDBY title: |- High availability mode for the edge bridge cluster type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Used to configure L2 Bridge endpoint profile title: |- Layer 2 Bridge Endpoint Profile x-vmw-nsx-module: PolicyConnectivity L2Extension: description: |- Segment specific L2 VPN configuration properties: l2vpn_path: description: | This property has been deprecated. Please use the property l2vpn_paths for setting the paths of associated L2 VPN session. This property will continue to work as expected to provide backwards compatibility. However, when both l2vpn_path and l2vpn_paths properties are specified, only l2vpn_paths is used. title: |- Policy path of associated L2 VPN session type: string x-deprecated: true l2vpn_paths: description: | Policy paths corresponding to the associated L2 VPN sessions items: type: string title: |- Policy paths of associated L2 VPN sessions type: array local_egress: $ref: '#/definitions/LocalEgress' description: |- Local Egress. title: |- Local Egress tunnel_id: description: |- Tunnel ID format: int32 maximum: 4093 minimum: 1 title: |- Tunnel ID type: integer title: |- Segment specific L2 VPN configuration type: object x-vmw-nsx-module: PolicyConnectivity L2ForwarderRemoteMacsPerSite: properties: remote_active_ips: description: |- Remote active IP addresses. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Remote active IPs type: array remote_mac_addresses: description: |- Remote mac addresses. items: type: string readOnly: true title: |- Remote mac addresses type: array remote_site: $ref: '#/definitions/ResourceReference' description: |- Remote site details. readOnly: true title: |- Remote site remote_standby_ips: description: |- Remote standby IP addresses. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Remote standby IPs type: array rtep_group_id: description: | 32 bit unique RTEP group id of the logical switch per site. format: int64 readOnly: true title: |- RTEP group id of logical switch per site type: integer type: object x-vmw-nsx-module: AggSvcL2Forwarder L2ForwarderStatusPerNode: properties: high_availability_status: description: | High Availability status of a service router on the edge node. enum: - ACTIVE - STANDBY - DOWN - SYNC - UNKNOWN readOnly: true title: |- Service router's HA status type: string transport_node: $ref: '#/definitions/ResourceReference' description: | Edge node details from where the router status is being retrieved. readOnly: true title: |- Transport node type: object x-vmw-nsx-module: AggSvcL2Forwarder L2VPNService: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enable_hub: default: false description: | This property applies only in SERVER mode. If set to true, traffic from any client will be replicated to all other clients. If set to false, traffic received from clients is only replicated to the local VPN endpoint. title: |- Enable spoke to spoke (client) forwarding via hub (server) type: boolean encap_ip_pool: description: | IP Pool to allocate local and peer endpoint IPs for L2VpnSession logical tap. items: description: |- IPv4 CIDR Block format: ipv4-cidr-block type: string title: |- IP Pool for Logical Taps type: array mode: default: SERVER description: |- Specify an L2VPN service mode as SERVER or CLIENT. enum: - SERVER - CLIENT title: |- L2VPN Service Mode type: string type: object x-vmw-nsx-module: PolicyLayer2VPN description: | L2VPN Service defines if service running as server or client. It also defines all the common properties for the multiple L2VPN Sessions associated with this service. title: |- L2VPN Service x-vmw-nsx-module: PolicyLayer2VPN L2VPNSession: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: true description: |- Enable to extend all the associated segments. title: |- Enable L2VPN session type: boolean transport_tunnels: description: |- List of transport tunnels for redundancy. items: type: string maxItems: 1 minItems: 1 title: |- List of transport tunnels type: array tunnel_encapsulation: $ref: '#/definitions/L2VPNTunnelEncapsulation' description: | Tunnel encapsulation config. This property only applies in CLIENT mode. It is auto-populated from the L2VPNSessionData. readOnly: true title: |- Tunnel encapsulation config required: - transport_tunnels type: object x-vmw-nsx-module: PolicyLayer2VPN description: | Defines the tunnel local and peer addresses along with multiple tansport tunnels for redundancy. L2VPNSession belongs to only one L2VPNService. title: |- L2VPN Session x-vmw-nsx-module: PolicyLayer2VPN L2VPNTunnelEncapsulation: description: |- L2VPN tunnel encapsulation config. properties: local_endpoint_address: description: | IP Address of the local tunnel port. This property only applies in CLIENT mode. format: ipv4 readOnly: true type: string peer_endpoint_address: description: | IP Address of the peer tunnel port. This property only applies in CLIENT mode. format: ipv4 readOnly: true type: string protocol: default: GRE description: |- Encapsulation protocol used by the tunnel. enum: - GRE readOnly: true title: |- Encapsulation protocol type: string title: |- L2VPN Tunnel Encapsulation type: object x-vmw-nsx-module: PolicyLayer2VPN L2Vpn: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: true description: | Enable to extend all the associated segments. title: |- Enable L2Vpn type: boolean transport_tunnels: description: | List of paths referencing transport tunnels. items: type: string maxItems: 1 minItems: 1 title: |- List of paths referencing transport tunnels type: array required: - transport_tunnels type: object x-vmw-nsx-module: PolicyL2Vpn description: | Contains information necessary to configure L2Vpn. title: |- L2 Virtual Private Network Configuration x-vmw-nsx-module: PolicyL2Vpn L2VpnContext: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enable_hub: default: false description: | If enabled, the tier-0 acts as a Hub and replicates traffic received from peer to all other peers. If disabled, the tier-0 acts as a Spoke and replicates only the local. title: |- Enable to act as hub type: boolean type: object x-vmw-nsx-module: PolicyL2Vpn description: | L2Vpn Context provides meta-data information about the parent Tier-0. title: |- L2Vpn Context x-vmw-nsx-module: PolicyL2Vpn L3Vpn: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dh_groups: description: | Diffie-Hellman group to be used if PFS is enabled. Default group is GROUP14. items: description: | Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1024-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. enum: - GROUP2 - GROUP5 - GROUP14 - GROUP15 - GROUP16 type: string maxItems: 1 title: |- DH group type: array uniqueItems: true enable_perfect_forward_secrecy: default: true description: | If true, perfect forward secrecy (PFS) is enabled. title: |- Enable perfect forward secrecy type: boolean enabled: default: true description: | Flag to enable L3Vpn. Default is enabled. title: |- Enable L3Vpn type: boolean ike_digest_algorithms: description: | Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256. items: description: | The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation. SHA1 produces 160 bits hash and SHA2_256 produces 256 bit hash. enum: - SHA1 - SHA2_256 type: string maxItems: 1 title: |- Digest Algorithm for IKE type: array uniqueItems: true ike_encryption_algorithms: description: | Algorithm to be used during Internet Key Exchange(IKE) negotiation. Default is AES_128. items: description: | IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GMAC_128 uses 128-bit keys. AES_GMAC_192 uses 192-bit keys. AES_GMAC_256 uses 256-bit keys. enum: - AES_128 - AES_256 - AES_GCM_128 - AES_GCM_192 - AES_GCM_256 type: string maxItems: 1 title: |- Encryption algorithm for IKE type: array uniqueItems: true ike_version: default: IKE_V2 description: | IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. enum: - IKE_V1 - IKE_V2 - IKE_FLEX type: string l3vpn_session: $ref: '#/definitions/L3VpnSession' description: |- L3Vpn Session title: |- L3Vpn Session local_address: description: |- IPv4 address of local gateway format: ipv4 type: string passphrases: description: | List of IPSec pre-shared keys used for IPSec authentication. If not specified, the older passphrase values are retained if there are any. items: type: string maxItems: 1 title: |- List of IPSec pre-shared keys type: array uniqueItems: true remote_private_address: description: | This field is used to resolve conflicts in case of a remote site being behind NAT as remote public ip address is not enough. If it is not the case the remote public address should be provided here. If not provided, the value of this field is set to remote_public_address. title: |- Identifier of the remote site type: string remote_public_address: description: |- Public IPv4 address of remote gateway format: ipv4 type: string tunnel_digest_algorithms: description: | Algorithm to be used for message digest during tunnel establishment. Default algorithm is empty. items: description: | The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment. SHA1 produces 160 bits hash and SHA2_256 produces 256 bit hash. enum: - SHA1 - SHA2_256 type: string maxItems: 1 title: |- Digest Algorithm for Tunnel Establishment type: array uniqueItems: true tunnel_encryption_algorithms: description: | Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. items: description: | TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. enum: - AES_128 - AES_256 - AES_GCM_128 - AES_GCM_192 - AES_GCM_256 type: string maxItems: 1 title: |- Encryption algorithm for Tunnel Establishement type: array uniqueItems: true required: - local_address - remote_public_address - l3vpn_session type: object x-vmw-nsx-module: PolicyL3Vpn description: | Contains information necessary to configure IPSec VPN. title: |- L3 Virtual Private Network Configuration x-vmw-nsx-module: PolicyL3Vpn L3VpnContext: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: available_local_addresses: description: | Local gateway IPv4 addresses available for configuration of each L3Vpn. items: $ref: '#/definitions/PolicyIPAddressInfo' title: |- IPv4 addresses of the local gateway type: array uniqueItems: true bypass_rules: description: | Bypass L3Vpn rules that will be shared across L3Vpns. Only Bypass action is supported on these L3Vpn rules. items: $ref: '#/definitions/L3VpnRule' title: |- List of Bypass L3VpnRules type: array uniqueItems: true enabled: default: true description: | If true, enable L3Vpn Service for given tier-0. Enabling/disabling this service affects all L3Vpns under the given tier-0. title: |- Enable L3 Virtual Private Network (VPN) service type: boolean ike_log_level: default: INFO description: | Log level for internet key exchange (IKE). enum: - DEBUG - INFO - WARN - ERROR - EMERGENCY title: |- Internet key exchange (IKE) log level type: string label: description: | Policy path referencing Label. A label is used as a mechanism to group route-based L3Vpns in order to apply edge firewall rules on members' VTIs. title: |- Policy path referencing Label type: string type: object x-vmw-nsx-module: PolicyL3Vpn description: | L3Vpn Context provides the configuration context that different L3Vpns can consume. title: |- L3Vpn Context x-vmw-nsx-module: PolicyL3Vpn L3VpnRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: default: PROTECT description: | Action to exchange data with or without protection. PROTECT - Allows to exchange data with ipsec protection. Protect rules are defined per L3Vpn. BYPASS - Allows to exchange data without ipsec protection. Bypass rules are defined per L3VpnContext and affects all policy based L3Vpns. Bypass rules are prioritized over protect rules. enum: - PROTECT - BYPASS title: |- Action to apply to the traffic transiting through the L3Vpn type: string destinations: description: | List of remote subnets used in policy-based L3Vpn. items: $ref: '#/definitions/L3VpnSubnet' maxItems: 128 minItems: 1 title: |- List of remote subnets type: array uniqueItems: true sequence_number: description: | This field is used to resolve conflicts between multiple L3VpnRules associated with a single L3Vpn or L3VpnContext. format: int32 title: |- Sequence number of the L3VpnRule type: integer sources: description: | List of local subnets used in policy-based L3Vpn. items: $ref: '#/definitions/L3VpnSubnet' maxItems: 128 minItems: 1 title: |- List of local subnets type: array uniqueItems: true required: - sources - destinations type: object x-vmw-nsx-module: PolicyL3Vpn description: | For policy-based L3Vpn sessions, a rule specifies as its action the vpn tunnel to be used for transit traffic that meets the rule's match criteria. title: |- L3Vpn Rule x-vmw-nsx-module: PolicyL3Vpn L3VpnSession: description: | Contains information about L3Vpn session. discriminator: resource_type properties: resource_type: description: | - A Policy Based L3Vpn is a configuration in which protect rules to match local and remote subnet needs to be defined. Tunnel is established for each pair of local and remote subnet defined in protect rules. - A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet (commonly known as VTI) is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn. enum: - PolicyBasedL3VpnSession - RouteBasedL3VpnSession type: string required: - resource_type title: |- L3Vpn Session type: object x-vmw-nsx-module: PolicyL3Vpn L3VpnSubnet: description: | Used to specify subnets in L3Vpn rule. properties: subnet: description: | Subnet used in L3Vpn Rule. format: ipv4-cidr-block type: string required: - subnet title: |- Subnet used in L3Vpn Rule type: object x-vmw-nsx-module: PolicyL3Vpn L4PolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/PolicyLbPersistenceProfile' - properties: persistence: default: SOURCE_IP description: | This field indicates the persistence method used for the PolicyLbVirtualServer. - SOURCE_IP persistence ensures all connections from a client (identified by IP address) are sent to the same backend server for a specified period. - This object is not required and persistence is disabled by default enum: - SOURCE_IP title: |- Persistence method used by PolicyLbVirtualServer(s) type: string type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a PolicyLbVirtualServer by binding a persistence profile to it. title: |- PolicyLbPersistenceProflie for L4 type PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer L4PortSetServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: destination_ports: description: | Number of values should not exceed 15, ranges count as 2 values. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 15 type: array l4_protocol: enum: - TCP - UDP type: string source_ports: description: | Number of values should not exceed 15, ranges count as 2 values. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 15 type: array required: - l4_protocol type: object x-vmw-nsx-module: Policy description: | L4PortSet can be specified in comma separated notation of parts. Parts of a L4PortSet includes single integer or range of port in hyphen notation. Example of a PortSet: "22, 33-70, 44". title: |- An ServiceEntry that represents TCP or UDP protocol x-vmw-nsx-module: Policy L7PolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/PolicyLbPersistenceProfile' - properties: persistence: default: COOKIE description: | This field indicates the persistence method used for the PolicyLbVirtualServer. - COOKIE persistence allows related client connections, identified by the same cookie in HTTP requests [Refer to HTTP Cookie for details on HTTP cookies], to be redirected to the same server. Load balancer does not maintain any persistence table for cookie persistence. Instead, it encodes the necessary information in the HTTP cookie value sent to client and relies on the client to store it and send it back in subsequent related HTTP requests. Hence there is no limit on the number of cookie persistence entries that can be supported. - This object is not required and persistence is disabled by default enum: - COOKIE title: |- Persistence method used by PolicyLbVirtualServer(s) type: string type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a PolicyLbVirtualServer by binding a persistence profile to it. title: |- PolicyLbPersistenceProflie for L7 type PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer LBAccessListControl: description: | LBAccessListControl is used to define how IP access list control can filter the connections from clients. properties: action: description: | ALLOW means connections matching grouping object IP list are allowed and requests not matching grouping object IP list are dropped. DROP means connections matching grouping object IP list are dropped and requests not matching grouping object IP list are allowed. enum: - ALLOW - DROP title: |- IP access list control action type: string enabled: default: false description: | The enabled flag indicates whether to enable access list control option. It is false by default. title: |- Whether to enable access list control option type: boolean group_path: description: | The path of grouping object which defines the IP addresses or ranges to match the client IP. title: |- Grouping object path type: string required: - action - group_path title: |- IP access list control to filter the connections from clients type: object x-vmw-nsx-module: PolicyLoadBalancer LBActiveMonitor: allOf: - $ref: '#/definitions/LBMonitorProfile' - properties: fall_count: default: 3 description: | Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. format: int64 maximum: 2147483647 minimum: 1 title: |- Monitor fall count for active healthchecks type: integer interval: default: 5 description: | Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. format: int64 maximum: 2147483647 minimum: 1 title: |- Monitor interval in seconds for active healthchecks type: integer monitor_port: description: | Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. format: int32 maximum: 65535 minimum: 0 title: |- Monitor port for active healthchecks type: integer rise_count: default: 3 description: | Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. format: int64 maximum: 2147483647 minimum: 1 title: |- Monitor rise count for active healthchecks type: integer timeout: default: 5 description: | Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. format: int64 maximum: 2147483647 minimum: 1 title: |- Monitor timeout in seconds for active healthchecks type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | All the active types of LBMonitorProfile extend from this abstract class. This is present for extensibility. title: |- Base class for each type of active LBMonitorProfile x-vmw-nsx-module: PolicyLoadBalancer LBAppProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: description: | An application profile can be bound to a virtual server to specify the application protocol characteristics. It is used to influence how load balancing is performed. Currently, three types of application profiles are supported: LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile. LBFastTCPProfile or LBFastUDPProfile is typically used when the application is using a custom protocol or a standard protocol not supported by the load balancer. It is also used in cases where the user only wants L4 load balancing mainly because L4 load balancing has much higher performance and scalability, and/or supports connection mirroring. LBHttpProfile is used for both HTTP and HTTPS applications. Though application rules, if bound to the virtual server, can be used to accomplish the same goal, LBHttpProfile is intended to simplify enabling certain common use cases. enum: - LBHttpProfile - LBFastTcpProfile - LBFastUdpProfile type: string required: - resource_type type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- App profile. title: |- App profile x-vmw-nsx-module: PolicyLoadBalancer LBClientCertificateIssuerDnCondition: description: |- Match condition for client certficate issuer DN. properties: case_sensitive: default: true description: | If true, case is significant when comparing issuer DN value. title: |- A case sensitive flag for issuer DN comparing type: boolean issuer_dn: description: |- Value of issuer DN. title: |- Value of issuer DN type: string match_type: default: REGEX description: |- Match type of issuer DN. enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - issuer_dn title: |- Match condition for client certficate issuer DN type: object x-vmw-nsx-module: PolicyLoadBalancer LBClientCertificateSubjectDnCondition: description: |- Match condition for client certficate subject DN. properties: case_sensitive: default: true description: | If true, case is significant when comparing subject DN value. title: |- A case sensitive flag for subject DN comparing type: boolean match_type: default: REGEX description: |- Match type of subject DN. enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string subject_dn: description: |- Value of subject DN. title: |- Value of subject DN type: string required: - subject_dn title: |- Match condition for client certficate subject DN type: object x-vmw-nsx-module: PolicyLoadBalancer LBClientSslProfile: allOf: - $ref: '#/definitions/LBSslProfile' - properties: cipher_group_label: description: | It is a label of cipher group which is mostly consumed by GUI. enum: - BALANCED - HIGH_SECURITY - HIGH_COMPATIBILITY - CUSTOM type: string ciphers: description: |- Supported SSL cipher list to client side. items: description: |- SSL cipher enum: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 type: string title: |- Supported SSL cipher list to client side type: array is_fips: description: | This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant.. readOnly: true title: |- FIPS compliance of ciphers and protocols type: boolean is_secure: description: | This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. readOnly: true title: |- Secure/Insecure SSL profile flag type: boolean prefer_server_ciphers: default: true description: | During SSL handshake as part of the SSL client Hello client sends an ordered list of ciphers that it can support (or prefers) and typically server selects the first one from the top of that list it can also support. For Perfect Forward Secrecy(PFS), server could override the client's preference. title: |- Prefer server ciphers flag type: boolean protocols: description: | SSL versions TLS1.1 and TLS1.2 are supported and enabled by default. SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default. items: description: |- SSL protocol enum: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1 - TLS_V1_2 type: string title: |- Supported SSL protocol list to client side type: array session_cache_enabled: default: true description: | SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. title: |- Session cache enable/disable flag type: boolean session_cache_timeout: default: 300 description: | Session cache timeout specifies how long the SSL session parameters are held on to and can be reused. format: int64 maximum: 86400 minimum: 1 title: |- SSL session cache timeout value type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Client SSL profile. title: |- Client SSL profile x-vmw-nsx-module: PolicyLoadBalancer LBClientSslProfileBinding: description: |- Client SSL profile binding. properties: certificate_chain_depth: default: 3 description: | Authentication depth is used to set the verification depth in the client certificates chain. format: int64 maximum: 2147483647 minimum: 1 title: |- The maximum traversal depth of client certificate chain type: integer client_auth: default: IGNORE description: |- Client authentication mode. enum: - REQUIRED - IGNORE type: string client_auth_ca_paths: description: | If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. items: type: string title: |- CA path list to verify client certificate type: array client_auth_crl_paths: description: | A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates. items: type: string title: |- CRL path list to verify client certificate type: array default_certificate_path: description: | A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. title: |- Default service certificate identifier type: string sni_certificate_paths: description: | Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. items: type: string title: |- SNI certificate path list type: array ssl_profile_path: description: | Client SSL profile defines reusable, application-independent client side SSL properties. title: |- Client SSL profile path type: string required: - default_certificate_path title: |- Client SSL profile binding type: object x-vmw-nsx-module: PolicyLoadBalancer LBConnectionDropAction: allOf: - $ref: '#/definitions/LBRuleAction' - type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to drop the connections. There is no extra propery in this action. If there is no match condition specified, the connection will be always dropped. This action can be specified at HTTP_ACCESS or HTTP_FORWARDING pahse. title: |- Action to drop connections x-vmw-nsx-module: PolicyLoadBalancer LBCookiePersistenceProfile: allOf: - $ref: '#/definitions/LBPersistenceProfile' - properties: cookie_domain: description: | HTTP cookie domain could be configured, only available for insert mode. title: |- Cookie domain type: string cookie_fallback: default: true description: | If fallback is true, once the cookie points to a server that is down (i.e. admin state DISABLED or healthcheck state is DOWN), then a new server is selected by default to handle that request. If fallback is false, it will cause the request to be rejected if cookie points to a server. title: |- Cookie persistence fallback type: boolean cookie_garble: default: true description: | If garble is set to true, cookie value (server IP and port) would be encrypted. If garble is set to false, cookie value would be plain text. title: |- Cookie persistence garble type: boolean cookie_mode: default: INSERT description: |- Cookie persistence mode. enum: - INSERT - PREFIX - REWRITE type: string cookie_name: default: NSXLB description: |- Cookie name. title: |- Cookie name type: string cookie_path: description: | HTTP cookie path could be set, only available for insert mode. title: |- Cookie path type: string cookie_time: $ref: '#/definitions/LBCookieTime' description: | Both session cookie and persistence cookie are supported, if not specified, it's a session cookie. It expires when the browser is closed. title: |- Cookie time setting type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. title: |- LBPersistenceProflie using Cookies for L7 LBVirtualServer x-vmw-nsx-module: PolicyLoadBalancer LBCookieTime: description: |- Cookie time. discriminator: type properties: type: description: | Both session cookie and persistence cookie are supported, Use LbSessionCookieTime for session cookie time setting, Use LbPersistenceCookieTime for persistence cookie time setting enum: - LBSessionCookieTime - LBPersistenceCookieTime type: string required: - type title: |- Cookie time type: object x-vmw-nsx-module: PolicyLoadBalancer LBFastTcpProfile: allOf: - $ref: '#/definitions/LBAppProfile' - properties: close_timeout: default: 8 description: | It is used to specify how long a closing TCP connection (both FINs received or a RST is received) should be kept for this application before cleaning up the connection. format: int64 maximum: 60 minimum: 1 title: |- TCP connection idle timeout in seconds type: integer ha_flow_mirroring_enabled: default: false description: | If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node. title: |- Flow mirroring enabled flag type: boolean idle_timeout: default: 1800 description: | It is used to configure how long an idle TCP connection in ESTABLISHED state should be kept for this application before cleaning up. format: int64 maximum: 2147483647 minimum: 1 title: |- TCP connection idle timeout in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Fast TCP profile. title: |- Fast TCP profile x-vmw-nsx-module: PolicyLoadBalancer LBFastUdpProfile: allOf: - $ref: '#/definitions/LBAppProfile' - properties: flow_mirroring_enabled: default: false description: | If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node. title: |- Flow mirroring enabled flag type: boolean idle_timeout: default: 300 description: | Though UDP is a connectionless protocol, for the purposes of load balancing, all UDP packets with the same flow signature (source and destination IP/ports and IP protocol) received within the idle timeout period are considered to belong to the same connection and are sent to the same backend server. If no packets are received for idle timeout period, the connection (association between flow signature and the selected server) is cleaned up. format: int64 maximum: 2147483647 minimum: 1 title: |- UDP idle timeout in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Fast UDP profile. title: |- Fast UDP profile x-vmw-nsx-module: PolicyLoadBalancer LBGenericPersistenceProfile: allOf: - $ref: '#/definitions/LBPersistenceProfile' - properties: ha_persistence_mirroring_enabled: default: false description: | The mirroring enabled flag is to synchronize persistence entries. Persistence entries are not synchronized to the HA peer by default. title: |- Mirroring enabled flag type: boolean timeout: default: 300 description: | When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. format: int64 maximum: 2147483647 minimum: 1 title: |- Persistence entry expiration time in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. LBGenericPersistenceProfile cannot be attached to virtual server directly, it can be specified in LB rule actions. In HTTP forwarding phase, the profile can be specified in LBVariablePersistenceOnAction. In HTTP response rewriting phase, the profile can be specified in LBVariablePersistenceLearnAction. title: |- LB generic persistence profile x-vmw-nsx-module: PolicyLoadBalancer LBHttpMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: request_body: description: | String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. title: |- HTTP health check request body type: string request_headers: description: |- Array of HTTP request headers. items: $ref: '#/definitions/LbHttpRequestHeader' title: |- Array of HTTP request headers type: array request_method: default: GET description: |- The health check method for HTTP monitor type. enum: - GET - OPTIONS - POST - HEAD - PUT type: string request_url: default: / description: | For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters. title: |- Customized HTTP request url for active health checks type: string request_version: default: HTTP_VERSION_1_1 description: |- HTTP request version. enum: - HTTP_VERSION_1_0 - HTTP_VERSION_1_1 - HTTP_VERSION_2_0 type: string response_body: description: | If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. title: |- Response body to match type: string response_status_codes: description: | The HTTP response status code should be a valid HTTP status code. items: format: int32 type: integer maxItems: 64 title: |- Array of single HTTP response status codes type: array type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over HTTP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over HTTP x-vmw-nsx-module: PolicyLoadBalancer LBHttpProfile: allOf: - $ref: '#/definitions/LBAppProfile' - properties: http_redirect_to: description: | If a website is temporarily down or has moved, incoming requests for that virtual server can be temporarily redirected to a URL. title: |- Http redirect static URL type: string http_redirect_to_https: default: false description: | Certain secure applications may want to force communication over SSL, but instead of rejecting non-SSL connections, they may choose to redirect the client automatically to use SSL. title: |- Flag to indicate whether enable HTTP-HTTPS redirect type: boolean idle_timeout: default: 15 description: | It is used to specify the HTTP application idle timeout, it means that how long the load balancer will keep the connection idle to wait for the client to send the next keep-alive request. It is not a TCP socket setting. format: int64 maximum: 5400 minimum: 1 title: |- HTTP application idle timeout in seconds type: integer ntlm: default: false description: | NTLM is an authentication protocol that can be used over HTTP. If the flag is set to true, LB will use NTLM challenge/response methodology. title: |- NTLM support flag type: boolean request_body_size: description: | If it is not specified, it means that request body size is unlimited. format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum size of the buffer used to store HTTP request body type: integer request_header_size: default: 1024 description: | A request with header equal to or below this size is guaranteed to be processed. A request with header larger than request_header_size will be processed up to 32K bytes on best effort basis. format: int64 minimum: 1 title: |- Maximum size of the buffer used to store HTTP request headers type: integer response_buffering: default: false description: | When buffering is disabled, the response is passed to a client synchronously, immediately as it is received. When buffering is enabled, LB receives a response from the backend server as soon as possible, saving it into the buffers. title: |- Enable or disable buffering of responses type: boolean response_header_size: default: 4096 description: | A response with header larger than response_header_size will be dropped. format: int64 maximum: 65536 minimum: 1 title: |- Maximum size of the buffer used to store HTTP response headers type: integer response_timeout: default: 60 description: "If server doesn\u2019t send any packet within this time, the\ \ connection is closed.\n" format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum server idle time in seconds type: integer x_forwarded_for: description: | When X-Forwareded-For is configured, X-Forwarded-Proto and X-Forwarded-Port information is added automatically. The two additional header information can be also modified or deleted in load balancer rules. enum: - INSERT - REPLACE type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Http profile. title: |- Http profile x-vmw-nsx-module: PolicyLoadBalancer LBHttpRedirectAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: redirect_status: description: |- HTTP response status code. title: |- HTTP response status code type: string redirect_url: description: |- The URL that the HTTP request is redirected to. title: |- The URL that the HTTP request is redirected to type: string required: - redirect_status - redirect_url type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to redirect HTTP request messages to a new URL. The reply_status value specified in this action is used as the status code of HTTP response message which is sent back to client (Normally a browser). The HTTP status code for redirection is 3xx, for example, 301, 302, 303, 307, etc. The redirect_url is the new URL that the HTTP request message is redirected to. Normally browser will send another HTTP request to the new URL after receiving a redirection response message. Captured variables and built-in variables can be used in redirect_url field. For example, to redirect all HTTP requests to HTTPS requests for a virtual server. We create an LBRule without any conditions, add an LBHttpRedirectAction to the rule. Set the redirect_url field of the LBHttpRedirectAction to: https://$_host$_request_uri And set redirect_status to "302", which means found. This rule will redirect all HTTP requests to HTTPS server port on the same host. title: |- Action to redirect HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRejectAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: reply_message: description: |- Response message. title: |- Response message type: string reply_status: description: |- HTTP response status code. title: |- HTTP response status code type: string required: - reply_status type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to reject HTTP request messages. The specified reply_status value is used as the status code for the corresponding HTTP response message which is sent back to client (Normally a browser) indicating the reason it was rejected. Reference official HTTP status code list for your specific HTTP version to set the reply_status properly. LBHttpRejectAction does not support variables. title: |- Action to reject HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestBodyCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: body_value: description: |- HTTP request body title: |- HTTP request body type: string case_sensitive: default: true description: | If true, case is significant when comparing HTTP body value. title: |- A case sensitive flag for HTTP body comparing type: boolean match_type: default: REGEX description: |- Match type of HTTP body enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - body_value type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match the message body of an HTTP request. Typically, only HTTP POST, PATCH, or PUT requests have request body. The match_type field defines how body_value field is used to match the body of HTTP requests. title: |- Condition to match content of HTTP request message body x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestCookieCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing cookie value. title: |- A case sensitive flag for cookie value comparing type: boolean cookie_name: description: |- Cookie name. title: |- Name of cookie type: string cookie_value: description: |- Cookie value. title: |- Value of cookie type: string match_type: default: REGEX description: |- Match type of cookie value. enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - cookie_name - cookie_value type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match HTTP request messages by cookie which is a specific type of HTTP header. The match_type and case_sensitive define how to compare cookie value. title: |- Condition to match HTTP request cookie x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestHeaderCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing HTTP header value. title: |- A case sensitive flag for HTTP header value comparing type: boolean header_name: default: Host description: |- Name of HTTP header title: |- Name of HTTP header type: string header_value: description: |- Value of HTTP header title: |- Value of HTTP header type: string match_type: default: REGEX description: |- Match type of HTTP header value enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - header_value type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match HTTP request messages by HTTP header fields. HTTP header fields are components of the header section of HTTP request and response messages. They define the operating parameters of an HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One condition can be used to match one header field, to match multiple header fields, multiple conditions must be specified. The match_type field defines how header_value field is used to match HTTP requests. The header_name field does not support match types. title: |- Condition to match HTTP request header x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestHeaderDeleteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: header_name: description: |- Name of a header field of HTTP request message. title: |- Name of a header field of HTTP request message type: string required: - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to delete header fields of HTTP request messages at HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers with same header name. To delete headers with different header names, multiple actions must be defined. title: |- Action to delete HTTP request header fields x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestHeaderRewriteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: header_name: description: |- Name of HTTP request header. title: |- Name of HTTP request header type: string header_value: description: |- Value of HTTP request header. title: |- Value of HTTP request header type: string required: - header_value - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to rewrite header fields of matched HTTP request messages to specified new values. One action can be used to rewrite one header field. To rewrite multiple header fields, multiple actions must be defined. Captured variables and built-in variables can be used in the header_value field, header_name field does not support variables. title: |- Action to rewrite header fields of HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestMethodCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: method: description: |- Type of HTTP request method enum: - GET - OPTIONS - POST - HEAD - PUT type: string required: - method type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match method of HTTP requests. If the method of an HTTP request is same as the method specified in this condition, the HTTP request match this condition. For example, if the method field is set to GET in this condition, any HTTP request with GET method matches the condition. title: |- Condition to match method of HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestUriArgumentsCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing URI arguments. title: |- A case sensitive flag for URI arguments comparing type: boolean match_type: default: REGEX description: |- Match type of URI arguments enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string uri_arguments: description: | URI arguments, aka query string of URI. title: |- URI arguments type: string required: - uri_arguments type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match URI arguments aka query string of Http request messages, for example, in URI http://exaple.com?foo=1&bar=2, the "foo=1&bar=2" is the query string containing URI arguments. In an URI scheme, query string is indicated by the first question mark ("?") character and terminated by a number sign ("#") character or by the end of the URI. The uri_arguments field can be specified as a regular expression(Set match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP requests whose URI arguments containing "foo", the value of foo contains only digits. And the value of foo is captured as $x which can be used in LBRuleAction fields which support variables. title: |- Condition to match URI arguments of HTTP requests x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestUriCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing URI. title: |- A case sensitive flag for URI comparing type: boolean match_type: default: REGEX description: |- Match type of URI enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string uri: description: |- A string used to identify resource title: |- A string used to identify resource type: string required: - uri type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match URIs(Uniform Resource Identifier) of HTTP request messages. The URI field can be specified as a regular expression. If an HTTP request message is requesting an URI which matches specified regular expression, it matches the condition. The syntax of whole URI looks like this: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] This condition matches only the path part of entire URI. When match_type field is specified as REGEX, the uri field is used as a regular expression to match URI path of HTTP requests. For example, to match any URI that has "/image/" or "/images/", uri field can be specified as: "/image[s]?/". Named capturing groups can be used in the uri field to capture substrings of matched URIs and store them in variables for use in LBRuleAction. For example, specify uri field as: "/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)" If the URI path is /articles/news/2017/06/xyz.html, then substring "2017" is captured in variable year, "06" is captured in variable month, and "xyz.html" is captured in variable article. These variables can then be used in an LBRuleAction field which supports variables, such as uri field of LBHttpRequestUriRewriteAction. For example, set the uri field of LBHttpRequestUriRewriteAction as: "/articles/news/$year-$month-$article" Then the URI path /articles/news/2017/06/xyz.html is rewritten to: "/articles/news/2017-06-xyz.html" title: |- Condition to match URIs of HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestUriRewriteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: uri: description: |- URI of HTTP request. title: |- URI of HTTP request type: string uri_arguments: description: | Query string of URI, typically contains key value pairs, for example: foo1=bar1&foo2=bar2. title: |- URI arguments type: string required: - uri type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to rewrite URIs in matched HTTP request messages. Specify the uri and uri_arguments fields in this condition to rewrite the matched HTTP request message's URI and URI arguments to the new values. Full URI scheme of HTTP messages have following syntax: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] The uri field of this action is used to rewrite the /path part in above scheme. And the uri_arguments field is used to rewrite the query part. Captured variables and built-in variables can be used in the uri and uri_arguments fields. Check the example in LBRuleAction to see how to use variables in this action. title: |- Action to rewrite HTTP request URIs. x-vmw-nsx-module: PolicyLoadBalancer LBHttpRequestVersionCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: version: description: |- HTTP version enum: - HTTP_VERSION_1_0 - HTTP_VERSION_1_1 - HTTP_VERSION_2_0 type: string required: - version type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match the HTTP protocol version of the HTTP request messages. title: |- Condition to match HTTP protocol version of HTTP requests x-vmw-nsx-module: PolicyLoadBalancer LBHttpResponseHeaderCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing HTTP header value. title: |- A case sensitive flag for HTTP header value comparing type: boolean header_name: description: |- Name of HTTP header field title: |- Name of HTTP header field type: string header_value: description: |- Value of HTTP header field title: |- Value of HTTP header field type: string match_type: default: REGEX description: |- Match type of HTTP header value enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string required: - header_value - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match HTTP response messages from backend servers by HTTP header fields. HTTP header fields are components of the header section of HTTP request and response messages. They define the operating parameters of an HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One condition can be used to match one header field, to match multiple header fields, multiple conditions must be specified. The match_type field defines how header_value field is used to match HTTP responses. The header_name field does not support match types. title: |- Condition to match a header field of HTTP response x-vmw-nsx-module: PolicyLoadBalancer LBHttpResponseHeaderDeleteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: header_name: description: |- Name of a header field of HTTP response message. title: |- Name of a header field of HTTP response message type: string required: - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to delete header fields of HTTP response messages at HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers with same header name. To delete headers with different header names, multiple actions must be defined. title: |- Action to delete HTTP response header fields x-vmw-nsx-module: PolicyLoadBalancer LBHttpResponseHeaderRewriteAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: header_name: description: |- Name of a header field of HTTP request message. title: |- Name of a header field of HTTP request message type: string header_value: description: |- Value of header field title: |- Value of header field type: string required: - header_value - header_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to rewrite header fields of HTTP response messages to specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used to rewrite one header field. To rewrite multiple header fields, multiple actions must be defined. Captured variables and built-in variables can be used in the header_value field, header_name field does not support variables. title: |- Action to rewrite HTTP response header fields x-vmw-nsx-module: PolicyLoadBalancer LBHttpSslCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: client_certificate_issuer_dn: $ref: '#/definitions/LBClientCertificateIssuerDnCondition' description: | The issuer DN match condition of the client certificate for an established SSL connection. title: |- The issuer DN match condition of the client certificate client_certificate_subject_dn: $ref: '#/definitions/LBClientCertificateSubjectDnCondition' description: | The subject DN match condition of the client certificate for an established SSL connection. title: |- The subject DN match condition of the client certificate client_supported_ssl_ciphers: description: |- Cipher list which supported by client. items: description: |- SSL cipher enum: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 type: string title: |- Cipher list which supported by client type: array session_reused: default: IGNORE description: |- The type of SSL session reused. enum: - IGNORE - REUSED - NEW type: string used_protocol: description: |- Protocol of an established SSL connection. enum: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1 - TLS_V1_2 type: string used_ssl_cipher: description: |- Cipher used for an established SSL connection. enum: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match SSL handshake and SSL connection at all phases.If multiple properties are configured, the rule is considered a match when all the configured properties are matched. title: |- Condition to match SSL handshake and SSL connection x-vmw-nsx-module: PolicyLoadBalancer LBHttpsMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: request_body: description: | String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. title: |- HTTP health check request body type: string request_headers: description: |- Array of HTTP request headers. items: $ref: '#/definitions/LbHttpRequestHeader' title: |- Array of HTTP request headers type: array request_method: default: GET description: |- The health check method for HTTP monitor type. enum: - GET - OPTIONS - POST - HEAD - PUT type: string request_url: default: / description: | For HTTPS active healthchecks, the HTTPS request url sent can be customized and can include query parameters. title: |- Customized HTTPS request url for active health checks type: string request_version: default: HTTP_VERSION_1_1 description: |- HTTP request version. enum: - HTTP_VERSION_1_0 - HTTP_VERSION_1_1 - HTTP_VERSION_2_0 type: string response_body: description: | If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. title: |- Response body to match type: string response_status_codes: description: | The HTTP response status code should be a valid HTTP status code. items: format: int32 type: integer maxItems: 64 title: |- Array of single HTTP response status codes type: array server_ssl_profile_binding: $ref: '#/definitions/LBServerSslProfileBinding' description: | The setting is used when the monitor acts as an SSL client and establishing a connection to the backend server. title: |- Pool side SSL binding setting type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over HTTPS. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over HTTPS x-vmw-nsx-module: PolicyLoadBalancer LBIcmpMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: data_length: default: 56 description: |- The data size (in byte) of the ICMP healthcheck packet format: int64 maximum: 65507 minimum: 0 title: |- The data size (in byte) of the ICMP healthcheck packet type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over ICMP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healt hchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over ICMP x-vmw-nsx-module: PolicyLoadBalancer LBIpHeaderCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: group_path: description: | Source IP address of HTTP message should match IP addresses which are configured in Group in order to perform actions. title: |- Grouping object path type: string source_address: description: | Source IP address of HTTP message. IP Address can be expressed as a single IP address like 10.1.1.1, or a range of IP addresses like 10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported. format: address-or-block-or-range type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match IP header fields of HTTP messages. Either source_address or group_id should be specified. title: |- Condition to match IP header fields x-vmw-nsx-module: PolicyLoadBalancer LBJwtAuthAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: key: $ref: '#/definitions/LBJwtKey' description: |- LBJwtKey used for verifying the signature of JWT token title: |- LBJwtKey used for verifying the signature of JWT token pass_jwt_to_pool: default: false description: | Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers. title: |- Whether to pass the JWT to backend server or remove it type: boolean realm: description: | A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be "WWW-Authentication: Bearer realm=<realm>". title: |- JWT realm type: string tokens: description: | JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request "Authorization: Bearer <token>". items: type: string title: |- JWT tokens type: array type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to control access to backend server resources using JSON Web Token(JWT) authentication. The JWT authentication is done before any HTTP manipulation if the HTTP request matches the given condition in LBRule. Any verification failed, the HTTP process will be terminated, and HTTP response with 401 status code and WWW-Authentication header will be returned to client. title: |- Action to control access using JWT authentication x-vmw-nsx-module: PolicyLoadBalancer LBJwtCertificateKey: allOf: - $ref: '#/definitions/LBJwtKey' - properties: certificate_path: description: |- Certificate identifier title: |- Certificate identifier type: string required: - certificate_path type: object x-vmw-nsx-module: PolicyLoadBalancer description: | The key is used to specify certificate which is used to verify the signature of JWT tokens. title: |- Specifies certificate used to verify the signature of JWT tokens x-vmw-nsx-module: PolicyLoadBalancer LBJwtKey: description: | LBJwtKey specifies the symmetric key or asymmetric public key used to decrypt the data in JWT. discriminator: type properties: type: description: | The property is used to identify JWT key type. enum: - LBJwtCertificateKey - LBJwtSymmetricKey - LBJwtPublicKey type: string required: - type title: |- Load balancer JWT key type: object x-vmw-nsx-module: PolicyLoadBalancer LBJwtPublicKey: allOf: - $ref: '#/definitions/LBJwtKey' - properties: public_key_content: description: |- Content of public key title: |- Content of public key type: string required: - public_key_content type: object x-vmw-nsx-module: PolicyLoadBalancer description: | The key is used to specify the public key content which is used to verify the signature of JWT tokens. title: |- Specifies public key content used to verify the signature of JWT tokens x-vmw-nsx-module: PolicyLoadBalancer LBJwtSymmetricKey: allOf: - $ref: '#/definitions/LBJwtKey' - properties: {} type: object x-vmw-nsx-module: PolicyLoadBalancer description: | The key is used to specify the symmetric key which is used to verify the signature of JWT tokens. title: |- Specifies the symmetric key used to verify the signature of JWT tokens x-vmw-nsx-module: PolicyLoadBalancer LBMonitorProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: description: | There are two types of healthchecks: active and passive. Passive healthchecks depend on failures in actual client traffic (e.g. RST from server in response to a client connection) to detect that the server or the application is down. In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP and ICMP protocols. enum: - LBTcpMonitorProfile - LBUdpMonitorProfile - LBIcmpMonitorProfile - LBHttpMonitorProfile - LBHttpsMonitorProfile - LBPassiveMonitorProfile type: string required: - resource_type type: object x-vmw-nsx-module: PolicyLoadBalancer x-vmw-nsx-module: PolicyLoadBalancer LBPassiveMonitorProfile: allOf: - $ref: '#/definitions/LBMonitorProfile' - properties: max_fails: default: 5 description: | When the consecutive failures reach this value, then the member is considered temporarily unavailable for a configurable period format: int64 maximum: 2147483647 minimum: 1 title: |- Number of consecutive connection failures type: integer timeout: default: 5 description: | After this timeout period, the member is tried again for a new connection to see if it is available. format: int64 maximum: 2147483647 minimum: 1 title: |- Timeout in seconds before it is selected again for a new connection type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | The passive type of LBMonitorProfile. title: |- Base class for each type of active LBMonitorProfile x-vmw-nsx-module: PolicyLoadBalancer LBPersistenceCookieTime: allOf: - $ref: '#/definitions/LBCookieTime' - properties: cookie_max_idle: description: | HTTP cookie max-age to expire cookie, only available for insert mode. format: int64 maximum: 2147483647 minimum: 1 title: |- Persistence cookie max idle time in seconds type: integer required: - cookie_max_idle type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Persistence cookie time. title: |- Persistence cookie time x-vmw-nsx-module: PolicyLoadBalancer LBPersistenceProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: persistence_shared: default: false description: | Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. title: |- Persistence shared across LBVirtualServers type: boolean resource_type: description: | The resource_type property identifies persistence profile type. enum: - LBSourceIpPersistenceProfile - LBCookiePersistenceProfile - LBGenericPersistenceProfile title: |- Persistence profile type type: string required: - resource_type type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. LBGenericPersistenceProfile cannot be attached to LBVirtualServer directly, it can be specified in LBVariablePersistenceOnAction or LBVariablePersistenceLearnAction in LBRule. If a user attaches a LBGenericPersistenceProfile directly to a virtual server, the operation is rejected. title: |- Contains the information related to load balancer persistence options x-vmw-nsx-module: PolicyLoadBalancer LBPool: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: active_monitor_paths: description: | In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the pool. If multiple active monitors are configured, the pool member status is UP only when the health check status for all the monitors are UP. items: type: string title: |- Active monitor path list type: array algorithm: default: ROUND_ROBIN description: | Load Balancing algorithm chooses a server for each new connection by going through the list of servers in the pool. Currently, following load balancing algorithms are supported with ROUND_ROBIN as the default. ROUND_ROBIN means that a server is selected in a round-robin fashion. The weight would be ignored even if it is configured. WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted round-robin fashion. Default weight of 1 is used if weight is not configured. LEAST_CONNECTION means that a server is selected when it has the least number of connections. The weight would be ignored even if it is configured. Slow start would be enabled by default. WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted least connection fashion. Default weight of 1 is used if weight is not configured. Slow start would be enabled by default. IP_HASH means that consistent hash is performed on the source IP address of the incoming connection. This ensures that the same client IP address will always reach the same server as long as no server goes down or up. It may be used on the Internet to provide a best-effort stickiness to clients which refuse session cookies. enum: - ROUND_ROBIN - WEIGHTED_ROUND_ROBIN - LEAST_CONNECTION - WEIGHTED_LEAST_CONNECTION - IP_HASH title: |- Load balancing algorithm type: string member_group: $ref: '#/definitions/LBPoolMemberGroup' description: | Load balancer pool support grouping object as dynamic pool members. When member group is defined, members setting should not be specified. title: |- Load balancer member setting with grouping object members: description: | Server pool consists of one or more pool members. Each pool member is identified, typically, by an IP address and a port. items: $ref: '#/definitions/LBPoolMember' title: |- Load balancer pool members type: array min_active_members: default: 1 description: | A pool is considered active if there are at least certain minimum number of members. format: int64 maximum: 2147483647 minimum: 1 title: |- Minimum number of active pool members to consider pool as active type: integer passive_monitor_path: description: | Passive healthchecks are disabled by default and can be enabled by attaching a passive health monitor to a server pool. Each time a client connection to a pool member fails, its failed count is incremented. For pools bound to L7 virtual servers, a connection is considered to be failed and failed count is incremented if any TCP connection errors (e.g. TCP RST or failure to send data) or SSL handshake failures occur. For pools bound to L4 virtual servers, if no response is received to a TCP SYN sent to the pool member or if a TCP RST is received in response to a TCP SYN, then the pool member is considered to have failed and the failed count is incremented. title: |- Passive monitor path type: string snat_translation: $ref: '#/definitions/LBSnatTranslation' description: | Depending on the topology, Source NAT (SNAT) may be required to ensure traffic from the server destined to the client is received by the load balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool, then load balancer uses the client IP and port (spoofing) while establishing connections to the servers. This is referred to as no-SNAT or TRANSPARENT mode. By default Source NAT is enabled as LBSnatAutoMap. title: |- Snat translation configuration tcp_multiplexing_enabled: default: false description: | TCP multiplexing allows the same TCP connection between load balancer and the backend server to be used for sending multiple client requests from different client TCP connections. title: |- TCP multiplexing enable flag type: boolean tcp_multiplexing_number: default: 6 description: | The maximum number of TCP connections per pool that are idly kept alive for sending future client requests. format: int64 maximum: 2147483647 minimum: 0 title: |- Maximum number of TCP connections for multiplexing type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Defining access of a Group from a LBVirtualServer and binding to LBMonitorProfile. title: |- Defining access a Group from a LBVirtualServer and binding to LBMonitorProfile x-vmw-nsx-module: PolicyLoadBalancer LBPoolMember: description: |- Pool member. properties: admin_state: default: ENABLED description: |- Member admin state. enum: - ENABLED - DISABLED - GRACEFUL_DISABLED type: string backup_member: default: false description: | Backup servers are typically configured with a sorry page indicating to the user that the application is currently unavailable. While the pool is active (a specified minimum number of pool members are active) BACKUP members are skipped during server selection. When the pool is inactive, incoming connections are sent to only the BACKUP member(s). title: |- Determine whether the pool member is for backup usage type: boolean display_name: description: |- Pool member name. title: |- Pool member name type: string ip_address: description: |- Pool member IP address. format: ip type: string max_concurrent_connections: description: | To ensure members are not overloaded, connections to a member can be capped by the load balancer. When a member reaches this limit, it is skipped during server selection. If it is not specified, it means that connections are unlimited. format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum concurrent connection number type: integer port: description: | If port is specified, all connections will be sent to this port. Only single port is supported. If unset, the same port the client connected to will be used, it could be overrode by default_pool_member_port setting in virtual server. The port should not specified for port range case. format: port-or-range type: string weight: default: 1 description: | Pool member weight is used for WEIGHTED_ROUND_ROBIN balancing algorithm. The weight value would be ignored in other algorithms. format: int64 maximum: 256 minimum: 1 title: |- Pool member weight type: integer required: - ip_address title: |- Pool member type: object x-vmw-nsx-module: PolicyLoadBalancer LBPoolMemberGroup: description: |- Pool member group. properties: customized_members: description: | The list is used to show the customized pool member settings. User can only user pool member action API to update the admin state for a specific IP address. items: $ref: '#/definitions/PoolMemberSetting' readOnly: false title: |- List of customized pool member settings type: array group_path: description: | Load balancer pool support Group as dynamic pool members. The IP list of the Group would be used as pool member IP setting. title: |- Grouping object path type: string ip_revision_filter: default: IPV4 description: | Ip revision filter is used to filter IPv4 or IPv6 addresses from the grouping object. If the filter is not specified, both IPv4 and IPv6 addresses would be used as server IPs. The link local and loopback addresses would be always filtered out. enum: - IPV4 - IPV6 - IPV4_IPV6 title: |- Filter of ipv4 or ipv6 address of grouping object IP list type: string max_ip_list_size: description: | The size is used to define the maximum number of grouping object IP address list. These IP addresses would be used as pool members. If the grouping object includes more than certain number of IP addresses, the redundant parts would be ignored and those IP addresses would not be treated as pool members. If the size is not specified, one member is budgeted for this dynamic pool so that the pool has at least one member even if some other dynamic pools grow beyond the capacity of load balancer service. Other members are picked according to available dynamic capacity. The unused members would be set to DISABLED so that the load balancer system itself is not overloaded during runtime. format: int64 maximum: 2147483647 minimum: 0 title: |- Maximum number of grouping object IP address list type: integer port: description: | If port is specified, all connections will be sent to this port. If unset, the same port the client connected to will be used, it could be overridden by default_pool_member_ports setting in virtual server. The port should not specified for multiple ports case. format: int32 maximum: 65535 minimum: 1 title: |- Pool member port for all IP addresses of the grouping object type: integer required: - group_path title: |- Pool member group type: object x-vmw-nsx-module: PolicyLoadBalancer LBRule: description: | Binding of a LBPool and Group to a LBVirtualServer used to route application traffic passing through load balancers. LBRule uses match conditions to match application traffic passing through a LBVirtualServer using HTTP or HTTPS. Can bind multiple LBVirtualServers to a Group. Each LBRule consists of two optional match conditions, each match contidion defines a criterion for application traffic. If no match conditions are specified, then the LBRule will always match and it is used typically to define default rules. If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LBRule to be considered a match. A match indicates that the LBVirtualServer should route the request to the Group (parent of LBRule). properties: actions: description: | A list of actions to be executed at specified phase when load balancer rule matches. The actions are used to manipulate application traffic, such as rewrite URI of HTTP messages, redirect HTTP messages, etc. items: $ref: '#/definitions/LBRuleAction' maxItems: 60 title: |- Actions to be executed type: array display_name: description: | A display name useful for identifying an LBRule. title: |- Display name for LBRule type: string match_conditions: description: | A list of match conditions used to match application traffic. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion to match application traffic. If no match conditions are specified, then the load balancer rule will always match and it is used typically to define default rules. If more than one match condition is specified, then match strategy determines if all conditions should match or any one condition should match for the load balancer rule to considered a match. items: $ref: '#/definitions/LBRuleCondition' maxItems: 60 title: |- Conditions to match application traffic type: array match_strategy: default: ANY description: | If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this LBRule to be considered a match. - ANY indicates that either host_match or patch match may match for this LBRule to be considered a match. enum: - ALL - ANY title: |- Match strategy for determining match of multiple conditions type: string phase: default: HTTP_FORWARDING description: | Each load balancer rule is used at a specific phase of load balancer processing. Currently five phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT. When an HTTP request message is received by load balancer, all HTTP_REQUEST_REWRITE rules, if present are executed in the order they are applied to virtual server. And then if HTTP_FORWARDING rules present, only first matching rule's action is executed, remaining rules are not checked. HTTP_FORWARDING rules can have only one action. If the request is forwarded to a backend server and the response goes back to load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed in the order they are applied to the virtual server. In HTTP_ACCESS phase, user can define action to control access using JWT authentication. In TRANSPORT phase, user can define the condition to match SNI in TLS client hello and define the action to do SSL end-to-end, SSL offloading or SSL passthrough using a specific load balancer server pool. enum: - HTTP_REQUEST_REWRITE - HTTP_FORWARDING - HTTP_RESPONSE_REWRITE - HTTP_ACCESS - TRANSPORT title: |- Load balancer processing phase type: string required: - actions title: |- Binding of a LBPool and Group to a LBVirtualServer type: object x-vmw-nsx-module: PolicyLoadBalancer LBRuleAction: description: | Load balancer rule actions are used to manipulate application traffic. Currently load balancer rules can be used at three load balancer processing phases. Each phase has its own supported type of actions. Supported actions in HTTP_REQUST_REWRITE phase are: LBHttpRequestUriRewriteAction LBHttpRequestHeaderRewriteAction LBHttpRequestHeaderDeleteAction LBVariableAssignmentAction Supported actions in HTTP_FORWARDING phase are: LBHttpRejectAction LBHttpRedirectAction LBSelectPoolAction LBVariablePersistenceOnAction LBConnectionDropAction Supported action in HTTP_RESPONSE_REWRITE phase is: LBHttpResponseHeaderRewriteAction LBHttpResponseHeaderDeleteAction LBVariablePersistenceLearnAction Supported action in HTTP_ACCESS phase is: LBJwtAuthAction LBConnectionDropAction LBVariableAssignmentAction Supported action in TRANSPORT phase is: LBSslModeSelectionAction LBSelectPoolAction If the match type of an LBRuleCondition field is specified as REGEX and named capturing groups are used in the specified regular expression. The groups can be used as variables in LBRuleAction fields. For example, define a rule with LBHttpRequestUriCondition as match condition and LBHttpRequestUriRewriteAction as action. Set match_type field of LBHttpRequestUriCondition to REGEX, and set uri field to "/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)". Set uri field of LBHttpRequestUriRewriteAction to: "/news/$year-$month/$article" In uri field of LBHttpRequestUriCondition, the (?<year>\d+), (?<month>\d+) and (?<article>.*) are named capturing groups, they define variables named $year, $month and $article respectively. The defined variables are used in LBHttpRequestUriRewriteAction. For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring "2017" is captured in variable $year, "06" is captured in variable $month, and "xyz.html" is captured in variable $article. The LBHttpRequestUriRewriteAction will rewrite the URI to: "/news/2017-06/xyz.html" A set of built-in variables can be used in LBRuleAction as well. The name of built-in variables start with underscore, the name of user defined variables is not allowed to start with underscore. Following are some of the built-in variables: $_scheme: Reference the scheme part of matched HTTP messages, could be "http" or "https". $_host: Host of matched HTTP messages, for example "www.example.com". $_server_port: Port part of URI, it is also the port of the server which accepted a request. Default port is 80 for http and 443 for https. $_uri: The URI path, for example "/products/sample.html". $_request_uri: Full original request URI with arguments, for example, "/products/sample.html?a=b&c=d". $_args: URI arguments, for instance "a=b&c=d" $_is_args: "?" if a request has URI arguments, or an empty string otherwise. For the full list of built-in variables, please reference the NSX-T Administrator's Guide. discriminator: type properties: type: description: | The property identifies the load balancer rule action type. enum: - LBSelectPoolAction - LBHttpRequestUriRewriteAction - LBHttpRequestHeaderRewriteAction - LBHttpRejectAction - LBHttpRedirectAction - LBHttpResponseHeaderRewriteAction - LBHttpRequestHeaderDeleteAction - LBHttpResponseHeaderDeleteAction - LBVariableAssignmentAction - LBVariablePersistenceOnAction - LBVariablePersistenceLearnAction - LBJwtAuthAction - LBSslModeSelectionAction - LBConnectionDropAction type: string required: - type title: |- Load balancer rule action type: object x-vmw-nsx-module: PolicyLoadBalancer LBRuleCondition: description: | Match conditions are used to match application traffic passing through load balancers. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion for application traffic. If inverse field is set to true, the match result of the condition is inverted. If more than one match condition is specified, match strategy determines if all conditions should match or any one condition should match for the load balancer rule to be considered a match. Currently only HTTP messages are supported by load balancer rules. Each load balancer rule is used at a specific phase of load balancer processing. Currently three phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING and HTTP_RESPONSE_REWRITE. Each phase supports certain types of match conditions, supported match conditions in HTTP_REQUEST_REWRITE phase are: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match conditions in HTTP_FORWARDING phase are: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition LBSslSniCondition Supported match conditions in HTTP_RESPONSE_REWRITE phase are: LBHttpResponseHeaderCondition LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match condition in HTTP_ACCESS phase is: LBHttpRequestMethodCondition LBHttpRequestUriCondition LBHttpRequestUriArgumentsCondition LBHttpRequestVersionCondition LBHttpRequestHeaderCondition LBHttpRequestCookieCondition LBHttpRequestBodyCondition LBTcpHeaderCondition LBIpHeaderCondition LBVariableCondition LBHttpSslCondition Supported match condition in TRANSPORT phase is: LBSslSniCondition discriminator: type properties: inverse: default: false description: |- A flag to indicate whether reverse the match result of this condition title: |- A flag to indicate whether reverse the match result of this condition type: boolean type: description: |- Type of load balancer rule condition enum: - LBHttpRequestUriCondition - LBHttpRequestHeaderCondition - LBHttpRequestMethodCondition - LBHttpRequestUriArgumentsCondition - LBHttpRequestVersionCondition - LBHttpRequestCookieCondition - LBHttpRequestBodyCondition - LBHttpResponseHeaderCondition - LBTcpHeaderCondition - LBIpHeaderCondition - LBVariableCondition - LBHttpSslCondition - LBSslSniCondition type: string required: - type title: |- Match condition of load balancer rule type: object x-vmw-nsx-module: PolicyLoadBalancer LBSelectPoolAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: pool_id: description: |- Path of load balancer pool. title: |- Path of load balancer pool type: string required: - pool_id type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to select a pool for matched HTTP request messages. The pool is specified by path. The matched HTTP request messages are forwarded to the specified pool. title: |- Action to select a pool for HTTP request messages x-vmw-nsx-module: PolicyLoadBalancer LBServerSslProfile: allOf: - $ref: '#/definitions/LBSslProfile' - properties: cipher_group_label: description: | It is a label of cipher group which is mostly consumed by GUI. enum: - BALANCED - HIGH_SECURITY - HIGH_COMPATIBILITY - CUSTOM type: string ciphers: description: |- Supported SSL cipher list to client side. items: description: |- SSL cipher enum: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_256_CBC_SHA - TLS_RSA_WITH_AES_128_CBC_SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_128_CBC_SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 type: string title: |- Supported SSL cipher list to client side type: array is_fips: description: | This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant. readOnly: true title: |- FIPS compliance of ciphers and protocols type: boolean is_secure: description: | This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. readOnly: true title: |- Secure/Insecure SSL profile flag type: boolean protocols: description: | SSL versions TLS1.1 and TLS1.2 are supported and enabled by default. SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default. items: description: |- SSL protocol enum: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1 - TLS_V1_2 type: string title: |- Supported SSL protocol list to client side type: array session_cache_enabled: default: true description: | SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. title: |- Session cache enable/disable falg type: boolean type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Server SSL profile. title: |- Server SSL profile x-vmw-nsx-module: PolicyLoadBalancer LBServerSslProfileBinding: description: |- Server SSL profile binding. properties: certificate_chain_depth: default: 3 description: | Authentication depth is used to set the verification depth in the server certificates chain. format: int64 maximum: 2147483647 minimum: 1 title: |- The maximum traversal depth of server certificate chain type: integer client_certificate_path: description: | To support client authentication (load balancer acting as a client authenticating to the backend server), client certificate can be specified in the server-side SSL profile binding title: |- Client certificate path type: string server_auth: default: AUTO_APPLY description: |- Server authentication mode. enum: - REQUIRED - IGNORE - AUTO_APPLY type: string server_auth_ca_paths: description: | If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. items: type: string title: |- CA path list to verify server certificate type: array server_auth_crl_paths: description: | A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates. items: type: string title: |- CRL path list to verify server certificate type: array ssl_profile_path: description: | Server SSL profile defines reusable, application-independent server side SSL properties. title: |- Server SSL profile path type: string title: |- Server SSL profile binding type: object x-vmw-nsx-module: PolicyLoadBalancer LBService: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: access_log_enabled: description: |- Flag to enable access log title: |- Flag to enable access log type: boolean x-deprecated: true connectivity_path: description: | LBS could be instantiated (or created) on the Tier-1, etc. For now, only the Tier-1 object is supported. title: |- The connectivity target used to instantiate the LBService type: string enabled: default: true description: |- Flag to enable the load balancer service. title: |- Flag to enable the load balancer service type: boolean error_log_level: default: INFO description: | Load balancer engine writes information about encountered issues of different severity levels to the error log. This setting is used to define the severity level of the error log. enum: - DEBUG - INFO - WARNING - ERROR - CRITICAL - ALERT - EMERGENCY type: string relax_scale_validation: default: false description: | If relax_scale_validation is true, the scale validations for virtual servers/pools/pool members/rules are relaxed for load balancer service. When load balancer service is deployed on edge nodes, the scale of virtual servers/pools/pool members for the load balancer service should not exceed the scale number of the largest load balancer size which could be configured on a certain edge form factor. For example, the largest load balancer size supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer deployed on MEDIUM edge nodes can support the scale number of MEDIUM load balancer. It is not recommended to enable active monitors if relax_scale_validation is true due to performance consideration. If relax_scale_validation is false, scale numbers should be validated for load balancer service. title: |- Whether scale validation is relaxed type: boolean size: default: SMALL description: |- Load balancer service size. enum: - SMALL - MEDIUM - LARGE - XLARGE - DLB type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Loadbalancer Service. title: |- Loadbalancer Service x-vmw-nsx-module: PolicyLoadBalancer LBSessionCookieTime: allOf: - $ref: '#/definitions/LBCookieTime' - properties: cookie_max_idle: description: | Instead of using HTTP Cookie max-age and relying on client to expire the cookie, max idle time and/or max lifetime of the cookie can be used. Max idle time, if configured, specifies the maximum interval the cookie is valid for from the last time it was seen in a request. It is available for insert mode. format: int64 maximum: 2147483647 minimum: 1 title: |- Session cookie max idle time in seconds type: integer cookie_max_life: description: | Max life time, if configured, specifies the maximum interval the cookie is valid for from the first time the cookie was seen in a request. It is available for insert mode. format: int64 maximum: 2147483647 minimum: 1 title: |- Session cookie max lifetime in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Session cookie time. title: |- Session cookie time x-vmw-nsx-module: PolicyLoadBalancer LBSnatAutoMap: allOf: - $ref: '#/definitions/LBSnatTranslation' - type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Snat auto map. title: |- Snat auto map x-vmw-nsx-module: PolicyLoadBalancer LBSnatDisabled: allOf: - $ref: '#/definitions/LBSnatTranslation' - type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Snat disabled. title: |- Snat disabled x-vmw-nsx-module: PolicyLoadBalancer LBSnatIpElement: description: |- Snat Ip element. properties: ip_address: description: |- Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160. format: address-or-block-or-range type: string prefix_length: description: | Subnet prefix length should be not specified if there is only one single IP address or IP range. format: int64 title: |- Subnet prefix length type: integer required: - ip_address title: |- Snat Ip element type: object x-vmw-nsx-module: PolicyLoadBalancer LBSnatIpPool: allOf: - $ref: '#/definitions/LBSnatTranslation' - properties: ip_addresses: description: | If an IP range is specified, the range may contain no more than 64 IP addresses. items: $ref: '#/definitions/LBSnatIpElement' maxItems: 64 title: |- List of Ip address or ip range type: array required: - ip_addresses type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Snat Ip pool. title: |- Snat Ip pool x-vmw-nsx-module: PolicyLoadBalancer LBSnatTranslation: description: |- Snat Translation. discriminator: type properties: type: description: |- Snat translation type. enum: - LBSnatAutoMap - LBSnatIpPool - LBSnatDisabled type: string required: - type title: |- Snat Translation type: object x-vmw-nsx-module: PolicyLoadBalancer LBSourceIpPersistenceProfile: allOf: - $ref: '#/definitions/LBPersistenceProfile' - properties: ha_persistence_mirroring_enabled: default: false description: | Persistence entries are not synchronized to the HA peer by default. title: |- Mirroring enabled flag to synchronize persistence entries type: boolean purge: default: FULL description: |- Persistence purge setting. enum: - NO_PURGE - FULL type: string timeout: default: 300 description: | When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. format: int64 maximum: 2147483647 minimum: 1 title: |- Persistence entry expiration time in seconds type: integer type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a LBVirtualServer by binding a persistence profile to it. title: |- LBPersistenceProflie using SourceIP x-vmw-nsx-module: PolicyLoadBalancer LBSslModeSelectionAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: ssl_mode: description: | SSL Passthrough: LB establishes a TCP connection with client and another connection with selected backend server. LB won't inspect the stream data between client and backend server, but just pass it through. Backend server exchanges SSL connection with client. SSL Offloading: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTP without SSL. LB estalishes new connection to selected backend server for each HTTP request, in case ntlm or multiplexing are NOT configured. SSL End-to-End: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTPS. LB estalishes new SSL connection to selected backend server for each HTTP request, in case ntlm or multiplexing are NOT configured. enum: - SSL_PASSTHROUGH - SSL_END_TO_END - SSL_OFFLOAD title: |- Type of SSL mode type: string required: - ssl_mode type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to select SSL mode. Three types of SSL mode actions can be specified in Transport phase, ssl passthrough, ssl offloading and ssl end-to-end. title: |- Action to select SSL mode x-vmw-nsx-module: PolicyLoadBalancer LBSslProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicyLoadBalancer description: |- Load balancer abstract SSL profile. title: |- Load balancer abstract SSL profile x-vmw-nsx-module: PolicyLoadBalancer LBSslSniCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing SNI value. title: |- A case sensitive flag for SNI comparing type: boolean match_type: default: REGEX description: |- Match type of SNI enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string sni: description: | The SNI(Server Name indication) in client hello message. title: |- The server name indication type: string required: - sni type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match SSL SNI in client hello. This condition is only supported in TRANSPORT phase. Only if virtual server is associated with client SSL profile, matching SNI condition in transport phase is available to be configured. title: |- Condition to match SSL SNI in client hello x-vmw-nsx-module: PolicyLoadBalancer LBTcpHeaderCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: source_port: description: |- TCP source port of HTTP message format: port-or-range type: string required: - source_port type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match TCP header fields of HTTP messages. Currently, only the TCP source port is supported. Ports can be expressed as a single port number like 80, or a port range like 1024-1030. title: |- Condition to match TCP header fields x-vmw-nsx-module: PolicyLoadBalancer LBTcpMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: receive: description: | Expected data, if specified, can be anywhere in the response and it has to be a string, regular expressions are not supported. title: |- Expected data received from server type: string send: description: | If both send and receive are not specified, then just a TCP connection is established (3-way handshake) to validate server is healthy, no data is sent. title: |- Data to send type: string type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over TCP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over TCP x-vmw-nsx-module: PolicyLoadBalancer LBUdpMonitorProfile: allOf: - $ref: '#/definitions/LBActiveMonitor' - properties: receive: description: | Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period. title: |- Expected data received from server type: string send: description: | The data to be sent to the monitored server. title: |- Data to send type: string required: - receive - send type: object x-vmw-nsx-module: PolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the LBRule object. This represents active health monitoring over UDP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- LBMonitorProfile for active health checks over UDP x-vmw-nsx-module: PolicyLoadBalancer LBVariableAssignmentAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: variable_name: description: |- Name of the variable to be assigned. title: |- Name of the variable to be assigned type: string variable_value: description: |- Value of variable. title: |- Value of variable type: string required: - variable_value - variable_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is used to create a new variable and assign value to it. One action can be used to create one variable. To create multiple variables, multiple actions must be defined. The variables can be used by LBVariableCondition, etc. title: |- Action to create variable and assign value to it x-vmw-nsx-module: PolicyLoadBalancer LBVariableCondition: allOf: - $ref: '#/definitions/LBRuleCondition' - properties: case_sensitive: default: true description: | If true, case is significant when comparing variable value. title: |- A case sensitive flag for variable value comparing type: boolean match_type: default: REGEX description: |- Match type of variable value enum: - STARTS_WITH - ENDS_WITH - EQUALS - CONTAINS - REGEX type: string variable_name: description: |- Name of the variable to be matched title: |- Name of the variable to be matched type: string variable_value: description: |- Value of variable to be matched title: |- Value of variable to be matched type: string required: - variable_value - variable_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This condition is used to match variable's name and value at all phases. The variables could be captured from REGEX or assigned by LBVariableAssignmentAction or system embedded variable. Varialbe_name and variable_value should be matched at the same time. title: |- Condition to match IP header fields x-vmw-nsx-module: PolicyLoadBalancer LBVariablePersistenceLearnAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: persistence_profile_path: description: | If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. title: |- Path to LBPersistenceProfile type: string variable_hash_enabled: default: false description: | The property is used to enable a hash operation for variable value when composing the persistence key. title: |- Whether to enable a hash operation for variable value type: boolean variable_name: description: | The property is the name of variable to be learnt. It is used to identify which variable's value is learnt from HTTP response. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. title: |- Variable name type: string required: - variable_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is performed in HTTP response rewrite phase. It is used to learn the value of variable from the HTTP response, and insert an entry into the persistence table if the entry doesn't exist. title: |- Action to learn the variable value x-vmw-nsx-module: PolicyLoadBalancer LBVariablePersistenceOnAction: allOf: - $ref: '#/definitions/LBRuleAction' - properties: persistence_profile_path: description: | If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. title: |- Path to LBPersistenceProfile type: string variable_hash_enabled: default: false description: | The property is used to enable a hash operation for variable value when composing the persistence key. title: |- Whether to enable a hash operation for variable value type: boolean variable_name: description: | The property is the name of variable to be used. It specifies which variable's value of a HTTP Request will be used in the key of persistence entry. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. title: |- Variable name type: string required: - variable_name type: object x-vmw-nsx-module: PolicyLoadBalancer description: | This action is performed in HTTP forwarding phase. It is used to inspect the variable of HTTP request, and look up the persistence entry with its value and pool uuid as key. If the persistence entry is found, the HTTP request is forwarded to the recorded backend server according to the persistence entry. If the persistence entry is not found, a new entry is created in the table after backend server is selected. title: |- Action to persist the variable value x-vmw-nsx-module: PolicyLoadBalancer LBVirtualServer: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: access_list_control: $ref: '#/definitions/LBAccessListControl' description: | Specifies the access list control to define how to filter the connections from clients. title: |- IP access list control to filter the connections access_log_enabled: default: false description: | If access log is enabled, all HTTP requests sent to L7 virtual server are logged to the access log file. Both successful returns information responses(1xx), successful responses(2xx), redirection messages(3xx) and unsuccessful requests, backend server returns 4xx or 5xx, are logged to access log, if enabled. All L4 virtual server connections are also logged to the access log if enabled. The non-significant events such as successful requests are not logged if log_significant_event_only is set to true. title: |- Access log enabled setting type: boolean application_profile_path: description: | The application profile defines the application protocol characteristics. It is used to influence how load balancing is performed. Currently, LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile, etc are supported. title: |- Application profile path type: string client_ssl_profile_binding: $ref: '#/definitions/LBClientSslProfileBinding' description: | The setting is used when load balancer acts as an SSL server and terminating the client SSL connection title: |- Virtual server side SSL binding setting default_pool_member_ports: description: | Default pool member ports when member port is not defined. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string maxItems: 14 title: |- Default pool member ports when member port is not defined. type: array enabled: default: true description: |- Flag to enable the load balancer virtual server. title: |- whether the virtual server is enabled type: boolean ip_address: description: | Configures the IP address of the LBVirtualServer where it receives all client connections and distributes them among the backend servers. format: ip type: string lb_persistence_profile_path: description: | Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is disabled by default. title: |- Persistence Profile used by LBVirtualServer type: string lb_service_path: description: | virtual servers can be associated to LBService(which is similar to physical/virtual load balancer), LB virtual servers, pools and other entities could be defined independently, the LBService identifier list here would be used to maintain the relationship of LBService and other LB entities. title: |- Path to LBService object for LBVirtualServer type: string log_significant_event_only: default: false description: | The property log_significant_event_only can take effect only when access_log_enabled is true. If log_significant_event_only is true, significant events are logged in access log. For L4 virtual server, significant event means unsuccessful(error or dropped) TCP/UDP connections. For L7 virtual server, significant event means unsuccessful connections or HTTP/HTTPS requests which have error response code(e.g. 4xx, 5xx). title: |- Log only significant event in access log type: boolean max_concurrent_connections: description: | To ensure one virtual server does not over consume resources, affecting other applications hosted on the same LBS, connections to a virtual server can be capped. If it is not specified, it means that connections are unlimited. format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum concurrent connection number type: integer max_new_connection_rate: description: | To ensure one virtual server does not over consume resources, connections to a member can be rate limited. If it is not specified, it means that connection rate is unlimited. format: int64 maximum: 2147483647 minimum: 1 title: |- Maximum new connection rate in connections per second type: integer pool_path: description: | The server pool(LBPool) contains backend servers. Server pool consists of one or more servers, also referred to as pool members, that are similarly configured and are running the same application. title: |- Default server pool path type: string ports: description: | Ports contains a list of at least one port or port range such as "80", "1234-1236". Each port element in the list should be a single port or a single port range. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string title: |- Virtual server port number(s) or port range(s) type: array rules: description: | Load balancer rules allow customization of load balancing behavior using match/action rules. Currently, load balancer rules are supported for only layer 7 virtual servers with LBHttpProfile. items: $ref: '#/definitions/LBRule' maxItems: 4000 title: |- List of load balancer rules type: array server_ssl_profile_binding: $ref: '#/definitions/LBServerSslProfileBinding' description: | The setting is used when load balancer acts as an SSL client and establishing a connection to the backend server. title: |- Pool side SSL binding setting sorry_pool_path: description: | When load balancer can not select a backend server to serve the request in default pool or pool in rules, the request would be served by sorry server pool. title: |- Sorry server pool path type: string required: - ip_address - ports - application_profile_path type: object x-vmw-nsx-module: PolicyLoadBalancer description: | All the types of LBVirtualServer extend from this abstract class. This is present for extensibility. title: |- Base class for each type of LBVirtualServer x-vmw-nsx-module: PolicyLoadBalancer Label: description: |- Label that will be displayed for a UI element. properties: condition: description: |- If the condition is met then the label will be applied. Examples of expression syntax are provided under example_request section of CreateWidgetConfiguration API. maxLength: 1024 title: |- Expression for evaluating condition type: string hover: default: false description: |- If true, displays the label only on hover title: |- Show label only on hover type: boolean icons: description: |- Icons to be applied at dashboard for the label items: $ref: '#/definitions/Icon' minItems: 0 title: |- Icons type: array navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string text: description: |- Text to be displayed at the label. maxLength: 255 title: |- Label text type: string required: - text title: |- Label type: object x-vmw-nsx-module: NsxDashboard LabelValueConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: layout: $ref: '#/definitions/Layout' description: |- Layout of properties can be vertical or grid. If layout is not specified a default vertical layout is applied. title: |- Layout of properties inside widget navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string properties: description: |- An array of label-value properties. items: $ref: '#/definitions/PropertyItem' title: |- Rows type: array sub_type: description: |- A sub-type of LabelValueConfiguration. If sub-type is not specified the parent type is rendered. For VERTICALLY_ALIGNED sub_type, the value is placed below the label. enum: - VERTICALLY_ALIGNED title: |- Sub-type of the LabelValueConfiguration type: string required: - properties type: object x-vmw-nsx-module: NsxDashboard description: |- Represents a Label-Value widget configuration title: |- Label Value Dashboard Widget Configuration x-vmw-nsx-module: NsxDashboard LacpGroupConfigInfo: properties: key: description: | The key represents the identifier for the group that is unique across VC. readOnly: false title: |- The generated key as the identifier for the group type: string load_balance_algorithm: description: | Load balance algorithm used in LACP group. The possible values are dictated by the values available in VC. Please refer VMwareDvsLacpLoadBalanceAlgorithm documentation for a full list of values. A few examples are srcDestIp where source and destination IP are considered, srcIp where only source IP is considered. readOnly: false title: |- Load balance policy type: string mode: description: | The mode of LACP can be ACTIVE or PASSIVE. If the mode is ACTIVE, LACP is enabled unconditionally. If the mode is PASSIVE, LACP is enabled only if LACP device is detected. enum: - ACTIVE - PASSIVE readOnly: false title: |- The mode of Link Aggregation Control Protocol (LACP) type: string name: description: |- The display name of the LACP group. readOnly: false title: |- The display name type: string uplink_names: description: |- Names for the uplink ports in the group. items: type: string readOnly: false title: |- Uplink names type: array uplink_num: description: |- The number of uplink ports format: int64 readOnly: false title: |- The number of uplink ports type: integer uplink_port_keys: description: | Keys for the uplink ports in the group. Each uplink port is assigned a key that is unique across VC. items: type: string readOnly: false title: |- Keys for the uplink ports type: array type: object x-vmw-nsx-module: InventoryCmInvComm Layout: description: |- Represents layout of a container or widget properties: properties: $ref: '#/definitions/LayoutProperties' type: default: HORIZONTAL description: |- Describes layout of a container or widget. Layout describes how individual widgets are placed inside the container. For example, if HORIZONTAL is chosen widgets are placed side by side inside the container. If VERTICAL is chosen then widgets are placed one below the other. If GRID is chosen then the container or widget display area is divided into a grid of m rows and n columns, as specified in the properties, and the widgets are placed inside the grid. enum: - HORIZONTAL - VERTICAL - GRID title: |- Type of layout of a container or widget type: string title: |- Layout of a container or widget type: object x-vmw-nsx-module: NsxDashboard LayoutProperties: description: |- Properties of the layout of a container or widget properties: num_columns: description: |- Describes the number of columns of grid layout of a container or widget. This property is applicable for grid layout only. format: int32 title: |- Number of columns of grid type: integer num_rows: description: |- Describes the number of rows of grid layout of a container or widget. This property is applicable for grid layout only. format: int32 title: |- Number of rows of grid type: integer title: |- Layout properties of a container or widget type: object x-vmw-nsx-module: NsxDashboard LbHttpRequestHeader: properties: header_name: description: |- Name of HTTP request header title: |- Name of HTTP request header type: string header_value: description: |- Value of HTTP request header title: |- Value of HTTP request header type: string required: - header_value - header_name type: object x-vmw-nsx-module: LoadBalancer LdapIdentitySource: allOf: - $ref: '#/definitions/ManagedResource' - discriminator: resource_type properties: base_dn: description: |- The subtree of the LDAP identity source to search when locating users and groups. title: |- DN of subtree for user and group searches type: string domain_name: description: |- The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use. For Active Directory, this domain name must match the domain of the Active Directory. title: |- Authentication domain name type: string ldap_servers: description: |- The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported. items: $ref: '#/definitions/IdentitySourceLdapServer' maxItems: 1 title: |- LDAP servers for this identity source type: array resource_type: enum: - ActiveDirectoryIdentitySource - OpenLdapIdentitySource type: string required: - domain_name - resource_type - base_dn type: object x-vmw-nsx-module: LdapIdentitySources description: |- This is the base type for all identity sources that use LDAP for authentication and group membership. title: |- An LDAP identity source x-vmw-nsx-module: LdapIdentitySources LdapIdentitySourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: items: $ref: '#/definitions/LdapIdentitySource' type: array type: object x-vmw-nsx-module: LdapIdentitySources description: |- The results of listing LDAP identity sources. title: |- List results containing LDAP identity sources x-vmw-nsx-module: LdapIdentitySources LdapIdentitySourceProbeResults: allOf: - $ref: '#/definitions/Resource' - properties: results: description: |- Probe results for all probed LDAP servers. items: $ref: '#/definitions/IdentitySourceLdapServerProbeResult' title: |- Probe results type: array type: object x-vmw-nsx-module: LdapIdentitySources description: |- Results from probing all LDAP servers in an LDAP identity source configuration. title: |- Results from probing all LDAP servers x-vmw-nsx-module: LdapIdentitySources LdapIdentitySourceSearchResultItem: properties: common_name: description: |- The Common Name (CN) of the entry, if available. title: |- Common Name (CN) of entry type: string dn: description: |- Distinguished name (DN) of the entry. title: |- DN of the entry type: string principal_name: description: |- For Active Directory (AD) users, this will be the user principal name (UPN), in the format user@domain. For non-AD users, this will be the user's uid property, followed by "@" and the domain of the directory. For groups, this will be the group's common name, followed by "@" and the domain of the directory. title: |- The principal name of the user or group, if available type: string type: description: |- Describes the type of the entry enum: - USER - GROUP title: |- Type of the entry type: string type: object x-vmw-nsx-module: LdapIdentitySources LdapIdentitySourceSearchResultList: allOf: - $ref: '#/definitions/Resource' - properties: results: items: $ref: '#/definitions/LdapIdentitySourceSearchResultItem' type: array type: object x-vmw-nsx-module: LdapIdentitySources description: |- A list of LDA entries returned from a search of an LDAP identity source. title: |- A list of LDAP search results x-vmw-nsx-module: LdapIdentitySources LdapProbeError: description: |- Detail about one error encountered during a probe. properties: error_type: description: | The cause of the error. BASE_DN_NOT_FOUND: The configured base DN does not exist on the LDAP server or is not readable. BIND_DN_AND_PASSWORD_REQUIRED: This server is configured to required a bind DN and password. Please add these to your LDAP server configuration. BIND_DN_INVALID: The bind DN or username provided is not valid on the LDAP server. Check that the bind DN is correct. This error may also indicate that the base DN in your configuration is incorrect. CERTIFICATE_HOSTNAME_MISMATCH_ERROR: The hostname configured for the LDAP server does not match the hostname in the server's certificate subject or alternative subject names. Be sure that the hostname you configure in NSX Manager matches one of those names. CERTIFICATE_MISMATCH_ERROR: The certificate presented by the LDAP server did not match the certificate in the configuration on the NSX Manager. CONNECTION_REFUSED: The connection was refused when contacting the LDAP server. Ensure that the LDAP server is running and that you are using the correct ip/hostname. CONNECTION_TIMEOUT: The connection timed out when contacting the LDAP server. Check the hostname/ip and any firewalls between the NSX Manager and the LDAP server. GENERAL_ERROR: An undetermined error occurred. INVALID_CONFIGURED_CERTIFICATE: The certificate configured for this LDAP server is invalid and could not be decoded. Check that the PEM-formatted certificate you provided is correct. INVALID_CREDENTIALS: The username and/or password are incorrect. SSL_HANDSHAKE_ERROR: An error occurred while establishing a secure connection with the LDAP server. Check that the LDAP server's certificate is correct, and that it is using an SSL/TLS cipher suite that is compatible with the NSX Manager. This error can also occur if the hostname you have configured for the LDAP server does not match any of the hostnames in the Subject Alternative Name records in the server certificate. STARTTLS_FAILED: Unable to use StartTLS to upgrade the connection to use TLS. Ensure that the LDAP server supports TLS and if not, use LDAP or LDAPS as the protocol. enum: - BASE_DN_NOT_FOUND - BIND_DN_AND_PASSWORD_REQUIRED - BIND_DN_INVALID - CERTIFICATE_HOSTNAME_MISMATCH_ERROR - CERTIFICATE_MISMATCH_ERROR - CONNECTION_REFUSED - CONNECTION_TIMEOUT - GENERAL_ERROR - INVALID_CONFIGURED_CERTIFICATE - INVALID_CREDENTIALS - SSL_HANDSHAKE_ERROR - STARTTLS_FAILED title: |- Error type type: string title: |- Error detail from probe type: object x-vmw-nsx-module: LdapIdentitySources Legend: description: |- Represents legend that describes the entities of the widget. properties: alignment: default: VERTICAL description: |- Describes the alignment of legend. Alignment of a legend denotes how individual items of the legend are aligned in a container. For example, if VERTICAL is chosen then the items of the legend will appear one below the other and if HORIZONTAL is chosen then the items will appear side by side. enum: - HORIZONTAL - VERTICAL title: |- Alignment of the legend type: string display_count: default: true description: |- If set to true, it will display the counts in legend. If set to false, counts of entities are not displayed in the legend. title: |- Show count of entities in the legend type: boolean position: default: RIGHT description: |- Describes the relative placement of legend. The legend of a widget can be placed either to the TOP or BOTTOM or LEFT or RIGHT relative to the widget. For example, if RIGHT is chosen then legend is placed to the right of the widget. enum: - TOP - BOTTOM - LEFT - RIGHT - TOP_RIGHT title: |- Placement of legend type: string type: default: CIRCLE description: |- Describes the render type for the legend. The legend for an entity describes the entity in the widget. The supported legend type is a circle against which the entity's details such as display_name are shown. The color of the circle denotes the color of the entity shown inside the widget. enum: - CIRCLE title: |- Type of the legend type: string unit: description: |- Show unit of entities in the legend. title: |- Show unit of entities in the legend type: string title: |- Legend for the widget type: object x-vmw-nsx-module: NsxDashboard ListResult: allOf: - $ref: '#/definitions/Resource' - properties: cursor: description: |- Opaque cursor to be used for getting next page of records (supplied by current result page) readOnly: true title: |- Opaque cursor to be used for getting next page of records (supplied by current result page) type: string result_count: description: |- Count of results found (across all pages), set only on first page format: int64 readOnly: true title: |- Count of results found (across all pages), set only on first page type: integer sort_ascending: description: |- If true, results are sorted in ascending order readOnly: true title: |- If true, results are sorted in ascending order type: boolean sort_by: description: |- Field by which records are sorted readOnly: true title: |- Field by which records are sorted type: string type: object x-vmw-nsx-module: Common description: |- Base class for list results from collections title: |- Base class for list results from collections x-vmw-nsx-module: Common LocalEgress: description: | Local Egress is used on both server and client sites so that the gateway is used for N-S traffic and overhead on L2VPN tunnel is reduced. properties: optimized_ips: description: | Gateway IP for Local Egress. Local egress is enabled only when this list is not empty. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 1 minItems: 1 title: |- Gateway IP for Local Egress type: array title: |- Local Egress type: object x-vmw-nsx-module: PolicyConnectivity LocalEgressRoutingEntry: description: |- Local egress rounting policy properties: nexthop_address: description: | Next hop address for proximity routing. title: |- Next hop address type: string prefix_list_paths: description: | The destination address of traffic matching a prefix-list is forwarded to the nexthop_address. Traffic matching a prefix list with Action DENY will be dropped. Individual prefix-lists specified could have different actions. items: type: string maxItems: 1 title: |- Policy path to prefix lists type: array required: - nexthop_address - prefix_list_paths title: |- Local egress rounting policy type: object x-vmw-nsx-module: PolicyConnectivity LocaleServices: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: edge_cluster_path: description: | Policy path to edge cluster. Auto-assigned on Tier0 if associated enforcement-point has only one edge cluster. title: |- Edge cluster path type: string ha_vip_configs: description: |- This configuration can be defined only for Active-Standby Tier0 gateway to provide redundancy. For mulitple external interfaces, multiple HA VIP configs must be defined and each config will pair exactly two external interfaces. The VIP will move and will always be owned by the Active node. When this property is configured, configuration of dynamic-routing is not allowed. items: $ref: '#/definitions/Tier0HaVipConfig' title: |- Array of HA VIP Config. type: array preferred_edge_paths: description: | Policy paths to edge nodes. For Tier1 gateway, the field is used to statically assign the ordered list of up to two edge nodes for stateful services. To enable auto allocation of nodes from the specified edge cluster the field must be left unset. The auto allocation of nodes is supported only for the Tier1 gateway. For Tier0 gateway specified edge is used as a preferred edge node when failover mode is set to PREEMPTIVE, not applicable otherwise. items: type: string maxItems: 2 title: |- Edge node path type: array route_redistribution_config: $ref: '#/definitions/Tier0RouteRedistributionConfig' description: |- Configure all route redistribution properties like enable/disable redistributon, redistribution rule and so on. title: |- Route Redistribution configuration route_redistribution_types: description: | Enable redistribution of different types of routes on Tier-0. This property is only valid for locale-service under Tier-0. This property is deprecated, please use "route_redistribution_config" property to configure redistribution rules. items: description: | Tier-0 route redistribution types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and routes related to TIER0_ROUTER_LINK, TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types. TIER1_STATIC: Redistribute all subnets and static routes advertised by Tier-1s. TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets on Tier-0. TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets on Tier-0. TIER0_SEGMENT: Redistribute subnets configured on Segments connected to Tier-0. TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0 TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets. TIER0_NAT: Redistribute NAT IPs owned by Tier-0. TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_CONNECTED: Redistribute all subnets configured on Segments and Service Interfaces. TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets. TIER1_SEGMENT: Redistribute subnets configured on Segments connected to Tier1. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. Route redistribution destination is BGP. enum: - TIER0_STATIC - TIER0_CONNECTED - TIER0_EXTERNAL_INTERFACE - TIER0_SEGMENT - TIER0_ROUTER_LINK - TIER0_SERVICE_INTERFACE - TIER0_LOOPBACK_INTERFACE - TIER0_DNS_FORWARDER_IP - TIER0_IPSEC_LOCAL_IP - TIER0_NAT - TIER0_EVPN_TEP_IP - TIER1_NAT - TIER1_STATIC - TIER1_LB_VIP - TIER1_LB_SNAT - TIER1_DNS_FORWARDER_IP - TIER1_CONNECTED - TIER1_SERVICE_INTERFACE - TIER1_SEGMENT - TIER1_IPSEC_LOCAL_ENDPOINT type: string title: |- Enable redistribution of different types of routes on Tier-0 type: array x-deprecated: true type: object x-vmw-nsx-module: PolicyConnectivity description: |- Site specific configuration of Tier0 in multi-site scenario title: |- Locale-services configuration x-vmw-nsx-module: PolicyConnectivity LocaleServicesListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- LocaleServices results items: $ref: '#/definitions/LocaleServices' title: |- LocaleServices results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of LocaleServices title: |- Paged collection of LocaleServices x-vmw-nsx-module: PolicyConnectivity LogicalPortStatistics: allOf: - $ref: '#/definitions/AggregatedDataCounterEx' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer logical_port_id: description: |- The id of the logical port readOnly: true title: |- The id of the logical port type: string type: object x-vmw-nsx-module: AggSvcLogicalPort x-vmw-nsx-module: AggSvcLogicalPort LogicalRouterPortCounters: properties: blocked_packets: description: |- The total number of packets blocked. format: int64 title: |- The number of blocked packets type: integer dad_dropped_packets: description: |- Number of duplicate address detected packets dropped. format: int64 title: |- The number of duplicate address detected packets dropped type: integer destination_unsupported_dropped_packets: description: |- Number of packtes dropped as destination is not supported. format: int64 title: |- The number of destination unsupported packets dropped type: integer dropped_packets: description: |- The total number of packets dropped. format: int64 title: |- The number of dropped packets type: integer firewall_dropped_packets: description: |- Number of firewall packets dropped. format: int64 title: |- The number of firewall packets dropped type: integer frag_needed_dropped_packets: description: |- Number of fragmentation needed packets dropped. format: int64 title: |- The number of fragmentation needed packets dropped type: integer ipsec_dropped_packets: description: |- Number of IPSec packets dropped format: int64 title: |- The number of IPSec packets dropped type: integer ipsec_no_sa_dropped_packets: description: |- Number of IPSec no security association packets dropped. format: int64 title: |- The number of IPSec no security association packets dropped type: integer ipsec_no_vti_dropped_packets: description: |- Number of IPSec packets dropped as no VTI is present. format: int64 title: |- The number of IPSec no VTI packets dropped type: integer ipsec_pol_block_dropped_packets: description: |- Number of IPSec policy block packets dropped. format: int64 title: |- The number of IPSec policy block packets dropped type: integer ipsec_pol_err_dropped_packets: description: |- Number of IPSec policy error packets dropped. format: int64 title: |- The number of IPSec policy error packets dropped type: integer ipv6_dropped_packets: description: |- Number of IPV6 packets dropped. format: int64 title: |- The number of IPV6 packets dropped type: integer kni_dropped_packets: description: |- Number of DPDK kernal NIC interface packets dropped. format: int64 title: |- The number of kernal NIC interface packets dropped type: integer l4port_unsupported_dropped_packets: description: |- Number of packets dropped due to unsupported L4 port. format: int64 title: |- The number of L4 port unsupported packets dropped type: integer malformed_dropped_packets: description: |- Number of packtes dropped as they are malformed. format: int64 title: |- The number of malformed packets dropped type: integer no_arp_dropped_packets: description: |- Number of no ARP packets dropped. format: int64 title: |- The number of no ARP packets dropped type: integer no_linked_dropped_packets: description: |- Number of packets dropped as no linked ports are present. format: int64 title: |- The number of no linked packets dropped type: integer no_mem_dropped_packets: description: |- Number of packets dropped due to insufficient memory. format: int64 title: |- The number of no memory packets dropped type: integer no_receiver_dropped_packets: description: |- Number of packets dropped due to absence of receiver. format: int64 title: |- The number of no receiver packets dropped type: integer no_route_dropped_packets: description: |- The number of no route packets dropped format: int64 title: |- The number of no route packets dropped type: integer non_ip_dropped_packets: description: |- Number of non IP packets dropped. format: int64 title: |- The number of non IP packets dropped type: integer proto_unsupported_dropped_packets: description: |- Number of packets dropped as protocol is unsupported. format: int64 title: |- The number of protocol unsupported packets dropped type: integer redirect_dropped_packets: description: |- Number of redirect packets dropped. format: int64 title: |- The number of redirect packets dropped type: integer rpf_check_dropped_packets: description: |- Number of reverse-path forwarding check packets dropped. format: int64 title: |- The number of reverse-path forwarding check packets dropped type: integer service_insert_dropped_packets: description: |- Number of service insert packets dropped. format: int64 title: |- The number of service insert packets dropped type: integer total_bytes: description: |- The total number of bytes transferred. format: int64 title: |- The total number of bytes type: integer total_packets: description: |- The total number of packets transferred. format: int64 title: |- The total number of packets type: integer ttl_exceeded_dropped_packets: description: |- Number of time to live exceeded packets dropped. format: int64 title: |- The number of time to live exceeded packets dropped type: integer type: object x-vmw-nsx-module: AggSvcLogicalRouterPort LogicalRouterPortStatistics: properties: logical_router_port_id: description: |- The ID of the logical router port title: |- The ID of the logical router port type: string per_node_statistics: additionalProperties: false description: |- Per Node Statistics items: $ref: '#/definitions/LogicalRouterPortStatisticsPerNode' readOnly: true title: |- Per Node Statistics type: array required: - logical_router_port_id type: object x-vmw-nsx-module: AggSvcLogicalRouterPort LogicalRouterPortStatisticsPerNode: allOf: - $ref: '#/definitions/AggregatedLogicalRouterPortCounters' - properties: transport_node_id: description: |- The ID of the TransportNode readOnly: true title: |- The ID of the TransportNode type: string type: object x-vmw-nsx-module: AggSvcLogicalRouterPort x-vmw-nsx-module: AggSvcLogicalRouterPort LogicalRouterPortStatisticsSummary: allOf: - $ref: '#/definitions/AggregatedLogicalRouterPortCounters' - properties: logical_router_port_id: description: |- The ID of the logical router port title: |- The ID of the logical router port type: string required: - logical_router_port_id type: object x-vmw-nsx-module: AggSvcLogicalRouterPort x-vmw-nsx-module: AggSvcLogicalRouterPort LogicalRouterState: allOf: - $ref: '#/definitions/EdgeConfigurationState' - type: object x-vmw-nsx-module: LogicalRouter description: |- This holds the state of Logical Router. If there are errors in realizing LR outside of MP, it gives details of the components and specific errors. title: |- Realization State of Logical Router. x-vmw-nsx-module: LogicalRouter LogicalRouterStatus: properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer locale_operation_mode: description: | Egress mode for the logical router at given mode enum: - PRIMARY_LOCATION - SECONDARY_LOCATION readOnly: true title: |- Location mode for logical router type: string logical_router_id: description: |- The id of the logical router title: |- The id of the logical router type: string per_node_status: description: |- Per Node Status items: $ref: '#/definitions/LogicalRouterStatusPerNode' readOnly: true title: |- Per Node Status type: array required: - logical_router_id type: object x-vmw-nsx-module: AggSvcLogicalRouter LogicalRouterStatusPerNode: properties: high_availability_status: description: |- A service router's HA status on an edge node enum: - ACTIVE - STANDBY - DOWN - SYNC - UNKNOWN - ADMIN_DOWN title: |- A service router's HA status on an edge node type: string service_router_id: description: |- id of the service router where the router status is retrieved. title: |- id of the service router where the router status is retrieved. type: string transport_node_id: description: |- id of the transport node where the router status is retrieved. title: |- id of the transport node where the router status is retrieved. type: string required: - high_availability_status - transport_node_id type: object x-vmw-nsx-module: AggSvcLogicalRouter LogicalSwitchStatistics: allOf: - $ref: '#/definitions/AggregatedDataCounterEx' - properties: last_update_timestamp: description: |- Timestamp when the data was last updated; unset if data source has never updated the data. format: int64 readOnly: true type: integer logical_switch_id: description: |- The id of the logical Switch readOnly: true title: |- The id of the logical Switch type: string type: object x-vmw-nsx-module: AggSvcLogicalSwitch x-vmw-nsx-module: AggSvcLogicalSwitch MACAddressExpression: allOf: - $ref: '#/definitions/Expression' - properties: mac_addresses: description: |- This array can consist of one or more MAC addresses. items: description: | A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB. format: mac-address type: string maxItems: 4000 minItems: 1 title: |- Array of MAC addresses type: array required: - mac_addresses type: object x-vmw-nsx-module: Policy description: |- Represents MAC address expressions in the form of an array, to support addition of MAC addresses in a group. Avoid creating groups with multiple MACAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression. To group MAC addresses, use nested groups instead of multiple MACAddressExpression. title: |- MAC address expression node x-vmw-nsx-module: Policy MACAddressList: description: |- List of MAC Addresses. properties: mac_addresses: description: |- The array contains MAC addresses. items: description: | A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB. format: mac-address type: string maxItems: 4000 minItems: 1 title: |- Array of MAC addresses type: array required: - mac_addresses title: |- MAC Address members. type: object x-vmw-nsx-module: Policy MacDiscoveryProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: mac_change_enabled: default: false description: |- Allowing source MAC address change title: |- Is rule enabled or not type: boolean mac_learning_aging_time: default: 600 description: |- Indicates how long learned MAC address remain. format: int32 readOnly: true title: |- Aging time in seconds for learned MAC address type: integer mac_learning_enabled: description: |- Allowing source MAC address learning title: |- Is MAC learning enabled or not type: boolean mac_limit: default: 4096 description: |- The maximum number of MAC addresses that can be learned on this port format: int32 maximum: 4096 minimum: 0 title: |- Maximum number of arp bindings type: integer mac_limit_policy: default: ALLOW description: |- The policy after MAC Limit is exceeded enum: - ALLOW - DROP title: |- Mac Limit Policy type: string remote_overlay_mac_limit: default: 2048 description: | This property specifies the limit on the maximum number of MACs learned for a remote virtual machine's MAC to VTEP binding per overlay logical switch. format: int32 maximum: 8192 minimum: 2048 title: |- The maximum number of MAC addresses learned on an overlay Logical Switch type: integer unknown_unicast_flooding_enabled: default: true description: |- Allowing flooding for unlearned MAC for ingress traffic title: |- Is unknown unicast flooding rule enabled or not type: boolean required: - mac_learning_enabled type: object x-vmw-nsx-module: PolicyMacDiscovery description: |- Mac Discovery Profile title: |- Mac Discovery Profile x-vmw-nsx-module: PolicyMacDiscovery MacDiscoveryProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Mac Discovery profile list results items: $ref: '#/definitions/MacDiscoveryProfile' title: |- Mac Discovery profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyMacDiscovery description: |- Paged collection of Mac Discovery Profiles title: |- Paged collection of Mac Discovery Profiles x-vmw-nsx-module: PolicyMacDiscovery MacLearningCounters: properties: mac_not_learned_packets_allowed: description: |- The number of packets with unknown source MAC address that are dispatched without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_ALLOW. format: int64 title: |- Number of dispatched packets with unknown source MAC address. type: integer mac_not_learned_packets_dropped: description: |- The number of packets with unknown source MAC address that are dropped without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_DROP. format: int64 title: |- Number of dropped packets with unknown source MAC address. type: integer macs_learned: description: |- Number of MACs learned format: int64 title: |- Number of MACs learned type: integer type: object x-vmw-nsx-module: AggSvcL2Types ManagedResource: allOf: - $ref: '#/definitions/RevisionedResource' - properties: _create_time: description: |- Timestamp of resource creation format: int64 readOnly: true type: integer _create_user: description: |- ID of the user who created this resource readOnly: true type: string _last_modified_time: description: |- Timestamp of last modification format: int64 readOnly: true type: integer _last_modified_user: description: |- ID of the user who last modified this resource readOnly: true type: string _protection: description: | Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. readOnly: true title: |- Indicates protection status of this resource type: string _system_owned: description: |- Indicates system owned resource readOnly: true type: boolean description: description: |- Description of this resource maxLength: 1024 title: |- Description of this resource type: string display_name: description: |- Defaults to ID if not set maxLength: 255 title: |- Identifier to use when displaying entity in logs or GUI type: string id: description: |- Unique identifier of this resource title: |- Unique identifier of this resource type: string resource_type: description: |- The type of this resource. readOnly: false type: string tags: description: |- Opaque identifiers meaningful to the API user items: $ref: '#/definitions/Tag' maxItems: 30 title: |- Opaque identifiers meaningful to the API user type: array type: object x-vmw-nsx-module: Common description: |- Base type for resources that are managed by API clients title: |- Base type for resources that are managed by API clients x-vmw-nsx-module: Common ManagementConfig: allOf: - $ref: '#/definitions/RevisionedResource' - properties: publish_fqdns: description: |- True if Management nodes publish their fqdns(instead of default IP addresses) across NSX for its reachability. title: |- True if Management nodes publish their fqdns(instead of default IP addresses) across NSX for its reachability. type: boolean required: - publish_fqdns type: object x-vmw-nsx-module: ConfigManagement x-vmw-nsx-module: ConfigManagement MetadataProxyConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: crypto_protocols: description: |- The cryptographic protocols listed here are supported by the metadata proxy. TLSv1.1 and TLSv1.2 are supported by default items: description: |- Metadata proxy supported cryptographic protocol enum: - TLS_V1 - TLS_V1_1 - TLS_V1_2 type: string title: |- Metadata proxy supported cryptographic protocols type: array edge_cluster_path: description: |- Edge clusters configured on MP are auto-discovered by Policy and create corresponding read-only intent objects. title: |- Poilcy path to Edge Cluster type: string enable_standby_relocation: default: false description: |- Only auto-placed metadata proxies are considered for relocation. Must be FALSE, when the preferred_edge_paths property is configured. title: |- Flag to enable standby relocation type: boolean preferred_edge_paths: description: |- Edge nodes should be members of edge cluster configured in edge_cluster_path. items: type: string maxItems: 2 title: |- Preferred Edge Paths type: array secret: description: |- Secret word or phrase to access metadata server. title: |- Secret type: string server_address: description: |- This field is a URL. Example formats - http://1.2.3.4:3888/path, http://text-md-proxy:5001/. Port number should be between 3000-9000. title: |- Server Address type: string server_certificates: description: |- Valid certificates should be configured. The validity of certificates is not checked. Certificates are managed through /infra/certificates API on Policy. items: type: string title: |- Policy paths to Certificate Authority (CA) certificates type: array required: - server_address - edge_cluster_path - secret type: object x-vmw-nsx-module: PolicyMetadataProxy description: |- Metadata Proxy Configuration title: |- Metadata Proxy Configuration x-vmw-nsx-module: PolicyMetadataProxy MonitoringProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Base Monitoring Profile Binding Map title: |- Base Monitoring Profile Binding Map x-vmw-nsx-module: PolicyMonitoringProfileBinding MultiWidgetConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string widgets: description: |- Array of widgets that are part of the multi-widget. items: $ref: '#/definitions/WidgetItem' maxItems: 2 minItems: 1 title: |- Widgets type: array required: - widgets type: object x-vmw-nsx-module: NsxDashboard description: |- Combines two or more widgetconfigurations into a multi-widget title: |- Multi-Widget x-vmw-nsx-module: NsxDashboard NSXTConnectionInfo: allOf: - $ref: '#/definitions/EnforcementPointConnectionInfo' - properties: edge_cluster_ids: description: | Edge Cluster UUIDs on enforcement point. Edge cluster information is required for creating logical L2, L3 constructs on enforcement point. Max 1 edge cluster ID. This is a deprecated property. The edge cluster id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/edge-clusters and GET /infra/sites/site-id/enforcement-points/enforcementpoint-1/edge-clusters/edge-cluster-id. The value passed through this property will be ignored. items: type: string maxItems: 1 title: |- Edge Cluster IDs type: array x-deprecated: true password: description: |- Password. title: |- Password type: string thumbprint: description: | Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string transport_zone_ids: description: | Transport Zone UUIDs on enforcement point. Transport zone information is required for creating logical L2, L3 constructs on enforcement point. Max 1 transport zone ID. This is a deprecated property. The transport zone id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones and GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones/transport-zone-id. The value passed through this property will be ignored. items: type: string maxItems: 1 title: |- Transport Zone IDs type: array x-deprecated: true username: description: |- Username. title: |- Username type: string type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Credential info to connect to an NSX-T type of enforcement point. title: |- NSX-T Connection Info x-vmw-nsx-module: PolicyEnforcementPointManagement NSXVConnectionInfo: allOf: - $ref: '#/definitions/EnforcementPointConnectionInfo' - properties: password: description: |- Password. title: |- Password type: string thumbprint: description: | Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string username: description: |- Username. title: |- Username type: string required: - thumbprint type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Credential info to connect to an NSX-V type of enforcement point. title: |- NSX-V Connection Info x-vmw-nsx-module: PolicyEnforcementPointManagement NdSnoopingConfig: description: | Contains Neighbor Discovery Protocol (ND) snooping related configuration. properties: nd_snooping_enabled: default: false description: | Enable this method will snoop the NS (Neighbor Solicitation) and NA (Neighbor Advertisement) messages in the ND (Neighbor Discovery Protocol) family of messages which are transmitted by a VM. From the NS messages, we will learn about the source which sent this NS message. From the NA message, we will learn the resolved address in the message which the VM is a recipient of. Addresses snooped by this method are subject to TOFU (Trust on First Use) policies as enforced by the system. title: |- Is ND snooping enabled or not type: boolean nd_snooping_limit: default: 3 description: | Maximum number of ND (Neighbor Discovery Protocol) snooped IPv6 addresses format: int32 maximum: 15 minimum: 2 title: |- Maximum number of ND (Neighbor Discovery Protocol) bindings type: integer title: |- ND Snooping Configuration type: object x-vmw-nsx-module: PolicyIpDiscovery NdpHeader: description: |- Neighbor discovery protocol header properties: dst_ip: description: |- The IP address of the destination of the solicitation. It MUST NOT be a multicast address. format: ipv6 type: string msg_type: default: NEIGHBOR_SOLICITATION description: |- This field specifies the type of the Neighbor discover message being sent. NEIGHBOR_SOLICITATION - Neighbor Solicitation message to discover the link-layer address of an on-link IPv6 node or to confirm a previously determined link-layer address. NEIGHBOR_ADVERTISEMENT - Neighbor Advertisement message in response to a Neighbor Solicitation message. enum: - NEIGHBOR_SOLICITATION - NEIGHBOR_ADVERTISEMENT title: |- NDP message type type: string title: |- Neighbor discovery protocol header type: object x-vmw-nsx-module: Traceflow NestedExpression: allOf: - $ref: '#/definitions/Expression' - properties: expressions: description: |- Expression. items: $ref: '#/definitions/Expression' minItems: 1 title: |- Expression type: array required: - expressions type: object x-vmw-nsx-module: Policy description: | Nested expressions is a list of condition expressions that must follow the below criteria: 0. Only allowed expressions in a NestedExpression are Condition and ConjunctionOperator. 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all condition expressions must be at even indices, separated by the conjunction expressions AND at odd indices. 2. There may be at most 5 condition expressions inside a list. 3. NestedExpressions are homogeneous in nature, i.e, all expressions inside a nested expression must have the same member type. title: |- NestedExpression x-vmw-nsx-module: Policy NestedServiceServiceEntry: allOf: - $ref: '#/definitions/ServiceEntry' - properties: nested_service_path: description: |- path of nested service title: |- path of nested service type: string required: - nested_service_path type: object x-vmw-nsx-module: Policy description: |- A ServiceEntry that represents nesting service title: |- A ServiceEntry that represents nesting service x-vmw-nsx-module: Policy NetworkError: description: |- Network error related to container objects. properties: error_code: description: |- Error code of network related error. readOnly: true title: |- Error code type: string error_message: description: |- Detailed message of network related error. readOnly: true title: |- Error message type: string spec: description: |- Additional error information in json format. readOnly: true title: |- Other specifications type: string title: |- Network Error type: object x-vmw-nsx-module: InventoryContainerObj NsxRole: description: |- Role properties: permissions: description: |- Please use the /user-info/permissions api to get the permission that the user has on each feature. items: enum: - read-api - read-write-api - crud - read - execute - none type: string title: |- Permissions type: array x-deprecated: true role: description: |- This field represents the identifier of the role. With the introduction of custom roles, this field is no longer an enum. title: |- Role ID type: string required: - role title: |- Role type: object x-vmw-nsx-module: AAA NsxTDNSForwarderStatistics: allOf: - $ref: '#/definitions/DNSForwarderStatisticsPerEnforcementPoint' - properties: cached_entries: description: |- The total number of cached entries format: int64 readOnly: true title: |- The total number of cached entries type: integer conditional_forwarder_statistics: description: |- The statistics of conditional forwarder zones items: $ref: '#/definitions/NsxTDNSForwarderZoneStatistics' maxItems: 5 minItems: 0 readOnly: true title: |- The statistics of conditional forwarder zones type: array configured_cache_size: description: |- The configured cache size, in kb format: int64 readOnly: true title: |- The configured cache size, in kb type: integer default_forwarder_statistics: $ref: '#/definitions/NsxTDNSForwarderZoneStatistics' description: |- The statistics of default forwarder zone readOnly: true title: |- The statistics of default forwarder zone queries_answered_locally: description: |- The total number of queries answered from local cache format: int64 readOnly: true title: |- The total number of queries answered from local cache type: integer queries_forwarded: description: |- The total number of forwarded DNS queries format: int64 readOnly: true title: |- The total number of forwarded DNS queries type: integer timestamp: description: |- Time stamp of the current statistics, in ms format: int64 readOnly: true type: integer total_queries: description: |- The total number of received DNS queries format: int64 readOnly: true title: |- The total number of received DNS queries type: integer used_cache_statistics: description: |- The statistics of used cache items: $ref: '#/definitions/NsxTPerNodeUsedCacheStatistics' maxItems: 2 minItems: 0 readOnly: true title: |- The statistics of used cache type: array type: object x-vmw-nsx-module: PolicyDNSStatistics description: | The current statistics counters of the DNS forwarder including cache usages and query numbers per forwarders, on an NSX-T type of enforcement point. title: |- Statistics counters of the DNS forwarder x-vmw-nsx-module: PolicyDNSStatistics NsxTDNSForwarderStatus: allOf: - $ref: '#/definitions/DNSForwarderStatusPerEnforcementPoint' - properties: extra_message: description: |- Extra message, if available readOnly: true title: |- Extra message, if available type: string status: description: | UP means the DNS forwarder is working correctly on the active transport node and the stand-by transport node (if present). Failover will occur if either node goes down. DOWN means the DNS forwarder is down on both active transport node and standby node (if present). The DNS forwarder does not function in this situation. Error means there is some error on one or both transport node, or no status was reported from one or both transport nodes. The DNS forwarder may be working (or not working). NO_BACKUP means DNS forwarder is working in only one transport node, either because it is down on the standby node, or no standby is configured. An forwarder outage will occur if the active node goes down. enum: - UP - DOWN - ERROR - NO_BACKUP - UNKNOWN readOnly: true type: string timestamp: description: |- Time stamp of the current status, in ms format: int64 readOnly: true type: integer type: object x-vmw-nsx-module: PolicyDNSStatistics description: | The current runtime status of the DNS forwarder. title: |- The current runtime status of DNS forwarder x-vmw-nsx-module: PolicyDNSStatistics NsxTDNSForwarderZoneStatistics: description: | Statistics counters of the DNS forwarder zone. properties: domain_names: description: | Domain names configured for the forwarder. Empty if this is the default forwarder. items: type: string maxItems: 100 minItems: 0 readOnly: true title: |- Domain names configured for the forwarder type: array upstream_statistics: description: |- Statistics per upstream server. items: $ref: '#/definitions/NsxTUpstreamServerStatistics' maxItems: 3 minItems: 0 readOnly: true title: |- Statistics per upstream server. type: array title: |- Statistics counters of the DNS forwarder zone type: object x-vmw-nsx-module: PolicyDNSStatistics NsxTDnsAnswer: allOf: - $ref: '#/definitions/PolicyDnsAnswerPerEnforcementPoint' - properties: authoritative_answers: description: |- Authoritative answers items: $ref: '#/definitions/NsxTDnsQueryAnswer' maxItems: 256 minItems: 1 title: |- Authoritative answers type: array dns_server: description: | Dns server ip address and port, format is "ip address#port". title: |- Dns server information type: string edge_node_id: description: | ID of the edge node that performed the query. title: |- Edge node id type: string non_authoritative_answers: description: |- Non authoritative answers items: $ref: '#/definitions/NsxTDnsQueryAnswer' maxItems: 256 minItems: 1 title: |- Non authoritative answers type: array raw_answer: description: | It can be NXDOMAIN or error message which is not consisted of authoritative_answer or non_authoritative_answer. title: |- Raw message returned from the dns forwarder type: string required: - edge_node_id - dns_server type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Answer of dns nslookup title: |- Answer of dns nslookup x-vmw-nsx-module: PolicyDnsForwarder NsxTDnsQueryAnswer: description: |- Answer of nslookup properties: address: description: | Resolved IP address matched with the nslookup address provided as a request parameter. title: |- Matched ip address type: string name: description: | Matched name of the given address. title: |- Matched name type: string title: |- Answer of nslookup type: object x-vmw-nsx-module: PolicyDnsForwarder NsxTPerNodeUsedCacheStatistics: description: | Query statistics counters of used cache from node properties: cached_entries: description: |- The total number of cached entries format: int64 readOnly: true title: |- The total number of cached entries type: integer node_id: description: |- UUID of active/standby transport node readOnly: true title: |- UUID of active/standby transport node type: string used_cache_size: description: |- The memory size used in cache, in kb format: int64 readOnly: true title: |- The memory size used in cache, in kb type: integer title: |- Per node used cache query statistics counters type: object x-vmw-nsx-module: PolicyDNSStatistics NsxTUpstreamServerStatistics: description: | Query statistics counters to an upstream server including successfully forwarded queries and failed queries. properties: queries_failed: description: |- Queries failed to forward. format: int64 readOnly: true title: |- Queries failed to forward. type: integer queries_succeeded: description: |- Queries forwarded successfully format: int64 readOnly: true title: |- Queries forwarded successfully type: integer upstream_server: description: |- Upstream server ip format: ip readOnly: true type: string title: |- Upstream server query statistics counters type: object x-vmw-nsx-module: PolicyDNSStatistics ObjectRolePermissionGroup: allOf: - $ref: '#/definitions/ManagedResource' - properties: inheritance_disabled: default: false description: |- Does children of this object inherit this rule title: |- Does children of this object inherit this rule type: boolean operation: description: |- Allowed operation enum: - crud - read - execute - none title: |- Allowed operation type: string path_prefix: description: |- Path prefix title: |- Path prefix type: string role_name: description: |- Role name title: |- Role name type: string rule_disabled: default: false description: |- Is rule disabled or not title: |- Is rule disabled or not type: boolean required: - role_name - path_prefix type: object x-vmw-nsx-module: PolicyAuthz description: |- RBAC Objects qualifier title: |- RBAC Objects qualifier x-vmw-nsx-module: PolicyAuthz ObjectRolePermissionGroupListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- ObjectRolePermissionGroup list results items: $ref: '#/definitions/ObjectRolePermissionGroup' title: |- ObjectRolePermissionGroup list results type: array required: - results type: object x-vmw-nsx-module: PolicyAuthz description: |- Paged collection of RBAC Objects title: |- Paged collection of RBAC Objects x-vmw-nsx-module: PolicyAuthz OpenLdapIdentitySource: allOf: - $ref: '#/definitions/LdapIdentitySource' - type: object x-vmw-nsx-module: LdapIdentitySources description: |- An identity source service that runs OpenLDAP. The service allows selected user accounts defined in OpenLDAP to log into and access NSX-T. title: |- An OpenLDAP identity source service x-vmw-nsx-module: LdapIdentitySources OverriddenResource: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: intent_path: description: | Policy resource path of the overridden resource. readOnly: true title: |- Policy resource path of the overridden resource type: string site_path: description: | Site path to the specific site that has overridden the global resource. readOnly: true title: |- Site path type: string type: object x-vmw-nsx-module: PolicyOverrides description: | Represents which federated global resources have been overrriden on a specific Site. title: |- Represents overridden resource information for federated entity. x-vmw-nsx-module: PolicyOverrides OverriddenResourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- OverriddenResource list results. items: $ref: '#/definitions/OverriddenResource' title: |- OverriddenResource list results type: array required: - results type: object x-vmw-nsx-module: PolicyOverrides description: |- Paged Collection of OverriddenResource. title: |- Paged Collection of OverriddenResource x-vmw-nsx-module: PolicyOverrides OverrideDeleteRequestParameters: allOf: - $ref: '#/definitions/DeleteRequestParameters' - properties: override: default: false description: | If true, the overridden object can be deleted locally. This will restore the global resource as the intended configuration for this site. title: |- Delete the locally overriden global object type: boolean type: object x-vmw-nsx-module: Policy description: |- Override delete request parameters title: |- Override delete request parameters x-vmw-nsx-module: Policy PacketData: discriminator: resource_type properties: frame_size: default: 128 description: |- If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size. format: int64 maximum: 1000 minimum: 60 title: |- Requested total size of the (logical) packet in bytes type: integer resource_type: description: |- Packet configuration enum: - BinaryPacketData - FieldsPacketData title: |- Packet configuration type: string routed: description: |- A flag, when set true, indicates that the traceflow packet is of L3 routing. title: |- A flag, when set true, indicates that the traceflow packet is of L3 routing. type: boolean transport_type: default: UNICAST description: |- transport type of the traceflow packet enum: - BROADCAST - UNICAST - MULTICAST - UNKNOWN title: |- transport type of the traceflow packet type: string required: - resource_type type: object x-vmw-nsx-module: Traceflow PacketTypeAndCounter: properties: counter: description: |- The number of packets. format: int64 title: |- The number of packets. type: integer packet_type: description: |- The type of the packets title: |- The type of the packets type: string required: - counter - packet_type type: object x-vmw-nsx-module: AggSvcL2Types PacketsDroppedBySecurity: properties: bpdu_filter_dropped: description: |- The number of packets dropped by "BPDU filter". format: int64 title: |- The number of packets dropped by "BPDU filter". type: integer dhcp_client_dropped_ipv4: description: |- The number of IPv4 packets dropped by "DHCP client block". format: int64 title: |- The number of IPv4 packets dropped by "DHCP client block". type: integer dhcp_client_dropped_ipv6: description: |- The number of IPv6 packets dropped by "DHCP client block". format: int64 title: |- The number of IPv6 packets dropped by "DHCP client block". type: integer dhcp_server_dropped_ipv4: description: |- The number of IPv4 packets dropped by "DHCP server block". format: int64 title: |- The number of IPv4 packets dropped by "DHCP server block". type: integer dhcp_server_dropped_ipv6: description: |- The number of IPv6 packets dropped by "DHCP server block". format: int64 title: |- The number of IPv6 packets dropped by "DHCP server block". type: integer spoof_guard_dropped: description: |- The packets dropped by "Spoof Guard"; supported packet types are IPv4, IPv6, ARP, ND, non-IP. items: $ref: '#/definitions/PacketTypeAndCounter' title: |- The packets dropped by "Spoof Guard"; supported packet types are IPv4, IPv6, ARP, ND, non-IP. type: array type: object x-vmw-nsx-module: AggSvcL2Types PartialPatchConfig: description: | This object allows enabling or disabling of partial patch functionality. Enabling partial patch allows patching of a subset of the fields of any object. After enabling partial patching, any object payload provided will be merged with the existing object payload. Note that while all mandatory fields are expected to be provided during the creation of any object, enabling partial patch will allow patching of existing objects with a subset of mandatory fields. properties: enable_partial_patch: description: |- boolean value used to enable/disable partial patch title: |- This object will contain the partial patch configuration. type: boolean required: - enable_partial_patch title: |- Contains configuration for Partial patch. type: object x-vmw-nsx-module: PolicySystemConfig PatchResources: allOf: - $ref: '#/definitions/Action' - properties: body: description: | Patch body representing a Hierarchical Patch payload. The resources included in the body are patched replacing the injections' keys with their actual values. title: |- Body type: object injections: description: |- Injections holding keys (variables) and their corresponding values. items: $ref: '#/definitions/Injection' minItems: 1 title: |- Injections type: array required: - body type: object x-vmw-nsx-module: PolicyReaction description: | Patch Resources is an action to create/patch resources in response to an event. title: |- Patch Resources x-vmw-nsx-module: PolicyReaction PathExpression: allOf: - $ref: '#/definitions/Expression' - properties: paths: description: |- This array can consist of one or more policy paths. Only policy paths of groups, segments and policy logical ports are allowed. items: type: string minItems: 1 title: |- Array of policy paths type: array required: - paths type: object x-vmw-nsx-module: Policy description: |- Represents policy path expressions in the form of an array, to support addition of objects like groups, segments and policy logical ports in a group. title: |- Path expression node x-vmw-nsx-module: Policy PathPermissionGroup: description: |- RBAC Objects qualifier properties: object_path: description: |- Full Object Path title: |- Full Object Path type: string operation: description: |- Allowed operation enum: - crud - read - execute - none title: |- Allowed operation type: string required: - operation - object_path title: |- RBAC Objects qualifier type: object x-vmw-nsx-module: PolicyAuthz PeerCertificateChain: description: |- The certificate chain presented by a remote TLS service. properties: details: description: |- List of X509Certificates. items: $ref: '#/definitions/X509Certificate' readOnly: true type: array pem_encoded: description: |- PEM encoded certificate data. readOnly: false type: string required: - pem_encoded title: |- A peer's certificate chain type: object x-vmw-nsx-module: CertificateManager PendingChangesInfoNsxT: description: | Information about recent changes, if any, that are not reflected in the Enforced Realized Status. properties: pending_changes_flag: description: | Flag describing whether there are any pending changes that are not reflected in the status. readOnly: true title: |- Pending Changes Flag type: boolean title: |- NSX-T Pending Change Info type: object x-vmw-nsx-module: PolicyRealizationStatus PerStepRestoreStatus: description: |- Restore step status properties: description: description: |- A description of the restore status readOnly: true title: |- A description of the restore status type: string value: description: |- Per step restore status value enum: - INITIAL - RUNNING - SUSPENDED_BY_USER - SUSPENDED_FOR_USER_ACTION - FAILED - SUCCESS readOnly: true title: |- Per step restore status value type: string title: |- Restore step status type: object x-vmw-nsx-module: ClusterRestore PointDefinition: description: |- Defines the point of a graph. properties: drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. title: |- Id of drilldown widget type: string field: description: |- An expression that represents the points of the graph title: |- Expression for points of the graph type: string navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the point of a graph. items: $ref: '#/definitions/Tooltip' minItems: 0 title: |- Multi-line tooltip type: array x_value: description: |- Represents the variable for the X value of points that are plotted on the graph. title: |- Variable chosen for X value of the point of the graph type: string y_value: description: |- Represents the variable for the Y value of points that are plotted on the graph. title: |- Variable chosen for Y value of the point of the graph type: string required: - y_value - x_value - field title: |- Definition of a point of graph type: object x-vmw-nsx-module: NsxDashboard Policy: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: category: description: | - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. title: |- A way to classify a security policy, if needed. type: string comments: description: |- Comments for security policy lock/unlock. readOnly: false title: |- SecurityPolicy lock/unlock comments type: string internal_sequence_number: description: | This field is to indicate the internal sequence number of a policy with respect to the policies across categories. format: int32 readOnly: true title: |- Internal sequence number type: integer is_default: description: |- A flag to indicate whether policy is a default policy. readOnly: true title: |- Default policy flag type: boolean lock_modified_by: description: | ID of the user who last modified the lock for the secruity policy. readOnly: true title: |- User who locked the security policy type: string lock_modified_time: description: |- SecurityPolicy locked/unlocked time in epoch milliseconds. format: int64 readOnly: true type: integer locked: default: false description: | Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. title: |- Lock a security policy type: boolean rule_count: description: | The count of rules in the policy. format: int32 readOnly: true title: |- Rule count type: integer scheduler_path: description: | Provides a mechanism to apply the rules in this policy for a specified time duration. readOnly: false title: |- Path to the scheduler for time based scheduling type: string scope: description: | The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. items: type: string maxItems: 128 type: array sequence_number: description: | This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number format: int32 minimum: 0 title: |- Sequence number to resolve conflicts across Domains type: integer stateful: description: | Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. readOnly: false title: |- Stateful nature of the entries within this security policy. type: boolean tcp_strict: description: | Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. readOnly: false title: |- Enforce strict tcp handshake before allowing data packets type: boolean type: object x-vmw-nsx-module: Policy description: | Ordered list of Rules. This object is created by default along with the Domain. title: |- Contains ordered list of Rules x-vmw-nsx-module: Policy PolicyAlarmResource: allOf: - $ref: '#/definitions/PolicyResource' - properties: error_details: $ref: '#/definitions/PolicyApiError' description: | Detailed information about errors from an API call made to the enforcement point, if any. title: | Detailed information about errors from an API call made to the enforcement point, if any. message: description: |- error message to describe the issue title: |- error message to describe the issue type: string source_reference: description: |- path of the object on which alarm is created title: |- path of the object on which alarm is created type: string source_site_id: description: | This field will refer to the source site on which the alarm is generated. This field is populated by GM, when it receives corresponding notification from LM. readOnly: true title: |- source site(LM) id. type: string type: object x-vmw-nsx-module: PolicyRealizedState description: |- Alarm base class of realized policy object title: |- Alarm base class of realized policy object x-vmw-nsx-module: PolicyRealizedState PolicyAlarmResourceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List of alarm resources items: $ref: '#/definitions/PolicyAlarmResource' title: |- Paged Collection of PolicyAlarmResources type: array type: object x-vmw-nsx-module: PolicyRealizedState description: |- PolicyAlarmResource list result title: |- PolicyAlarmResource list result x-vmw-nsx-module: PolicyRealizedState PolicyApiError: allOf: - $ref: '#/definitions/PolicyRelatedApiError' - properties: related_errors: description: |- Other errors related to this error items: $ref: '#/definitions/PolicyRelatedApiError' title: |- Other errors related to this error type: array type: object x-vmw-nsx-module: PolicyRealizedState description: |- Detailed information about an API Error title: |- Detailed information about an API Error x-vmw-nsx-module: PolicyRealizedState PolicyAttributes: description: |- Policy Attributes data holder properties: datatype: description: |- Datatype for attribute enum: - STRING title: |- Datatype for attribute type: string description: description: |- Description for attribute value title: |- Description for attribute value type: string isALGType: description: |- Describes whether the APP_ID value is ALG type or not. title: |- Is the value ALG type type: boolean key: description: |- Key for attribute enum: - APP_ID - DOMAIN_NAME - URL_CATEGORY title: |- Key for attribute type: string sub_attributes: description: |- Reference to sub attributes for the attribute items: $ref: '#/definitions/PolicySubAttributes' title: |- Reference to sub attributes for the attribute type: array value: description: | Multiple attribute values can be specified as elements of array. items: type: string minItems: 1 title: |- Value for attribute key type: array uniqueItems: true required: - datatype - key - value title: |- Policy Attributes data holder type: object x-vmw-nsx-module: PolicyContextProfile PolicyBasedIPSecVpnSession: allOf: - $ref: '#/definitions/IPSecVpnSession' - properties: rules: description: |- Rules items: $ref: '#/definitions/IPSecVpnRule' minItems: 1 title: |- Rules type: array required: - rules type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet. title: |- Policy based VPN session x-vmw-nsx-module: PolicyIPSecVpn PolicyBasedL3VpnSession: allOf: - $ref: '#/definitions/L3VpnSession' - properties: rules: description: | L3Vpn rules that are specific to the L3Vpn. Only L3Vpn rules with PROTECT action are supported. items: $ref: '#/definitions/L3VpnRule' title: |- L3Vpn Rules type: array uniqueItems: true type: object x-vmw-nsx-module: PolicyL3Vpn description: | A Policy-based L3Vpn session is a configuration in which a specific vpn tunnel is referenced in a policy whose action is set as tunnel. title: |- Policy based L3Vpn Session x-vmw-nsx-module: PolicyL3Vpn PolicyBgpNeighborStatus: properties: address_families: description: |- Address families of BGP neighbor items: $ref: '#/definitions/BgpAddressFamily' readOnly: true title: |- Address families of BGP neighbor type: array announced_capabilities: description: |- BGP capabilities sent to BGP neighbor. items: type: string readOnly: true title: |- BGP capabilities sent to BGP neighbor. type: array connection_drop_count: description: |- Count of connection drop format: int64 readOnly: true title: |- Count of connection drop type: integer connection_state: description: |- Current state of the BGP session. enum: - INVALID - IDLE - CONNECT - ACTIVE - OPEN_SENT - OPEN_CONFIRM - ESTABLISHED - UNKNOWN readOnly: true title: |- Current state of the BGP session. type: string edge_path: description: |- Transport node policy path title: |- Transport node policy path type: string established_connection_count: description: |- Count of connections established format: int64 readOnly: true title: |- Count of connections established type: integer graceful_restart_mode: description: | Current state of graceful restart of BGP neighbor. Possible values are - 1. GR_AND_HELPER - Graceful restart with Helper 2. HELPER_ONLY - Helper only 3. DISABLE - Disabled readOnly: true title: |- Graceful restart mode type: string hold_time: description: | If a HELLO packet is not seen from BGP Peer withing hold_time then BGP neighbor will be marked as down. format: int64 readOnly: true title: |- Time in ms to wait for HELLO from BGP peer. type: integer keep_alive_interval: description: |- Time in ms to wait for HELLO packet from BGP peer format: int64 readOnly: true title: |- Time in ms to wait for HELLO packet from BGP peer type: integer last_update_timestamp: description: |- Timestamp when the data was last updated, unset if data source has never updated the data. format: int64 readOnly: true type: integer local_port: description: |- TCP port number of Local BGP connection format: int64 maximum: 65535 minimum: 1 readOnly: true title: |- TCP port number of Local BGP connection type: integer messages_received: description: |- Count of messages received from the neighbor format: int64 readOnly: true title: |- Count of messages received from the neighbor type: integer messages_sent: description: |- Count of messages sent to the neighbor format: int64 readOnly: true title: |- Count of messages sent to the neighbor type: integer negotiated_capability: description: |- BGP capabilities negotiated with BGP neighbor. items: type: string readOnly: true title: |- BGP capabilities negotiated with BGP neighbor. type: array neighbor_address: description: |- The IP of the BGP neighbor format: ip readOnly: true type: string neighbor_router_id: description: |- Router ID of the BGP neighbor. readOnly: true title: |- Router ID of the BGP neighbor. type: string remote_as_number: description: |- AS number of the BGP neighbor readOnly: true title: |- AS number of the BGP neighbor type: string remote_port: description: |- TCP port number of remote BGP Connection format: int64 maximum: 65535 minimum: 1 readOnly: true title: |- TCP port number of remote BGP Connection type: integer remote_site: $ref: '#/definitions/ResourceReference' description: |- Remote site details. readOnly: true title: |- Remote site source_address: description: |- The Ip address of logical port format: ip readOnly: true type: string tier0_path: description: |- Policy path to Tier0 readOnly: true title: |- Policy path to Tier0 type: string time_since_established: description: |- Time(in milliseconds) since connection was established. format: int64 readOnly: true title: |- Time(in milliseconds) since connection was established. type: integer total_in_prefix_count: description: |- Sum of in prefixes counts across all address families. format: int64 readOnly: true title: |- Count of in prefixes type: integer total_out_prefix_count: description: |- Sum of out prefixes counts across all address families. format: int64 readOnly: true title: |- Count of out prefixes type: integer type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyBgpNeighborsStatusListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: additionalProperties: false description: |- Status of BGP neighbors of the Tier0 items: $ref: '#/definitions/PolicyBgpNeighborStatus' readOnly: true title: |- Status of BGP neighbors of the Tier0 type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics PolicyComplianceStatus: properties: last_updated_time: description: |- Timestamp of last update format: int64 readOnly: true type: integer non_compliant_configs: description: |- List of non compliant configuration and impacted services items: $ref: '#/definitions/PolicyNonCompliantConfig' readOnly: true title: |- List of non compliant configuration and impacted services type: array type: object x-vmw-nsx-module: PolicyCompliance PolicyConfigResource: allOf: - $ref: '#/definitions/PolicyResource' - properties: children: description: | subtree for this type within policy tree containing nested elements. items: $ref: '#/definitions/ChildPolicyConfigResource' title: |- subtree for this type within policy tree type: array marked_for_delete: default: false description: | Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. readOnly: true title: |- Indicates whether the intent object is marked for deletion type: boolean overridden: default: false description: | Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. readOnly: true title: |- Indicates whether this object is the overridden intent object type: boolean type: object x-vmw-nsx-module: Policy description: |- Represents an object on the desired state. title: |- Represents an object on the desired state x-vmw-nsx-module: Policy PolicyContextProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: attributes: description: | Property containing attributes/sub-attributes for Policy Context Profile. items: $ref: '#/definitions/PolicyAttributes' title: |- Array of Policy Context Profile attributes type: array required: - attributes type: object x-vmw-nsx-module: PolicyContextProfile description: | An entity that encapsulates attributes and sub-attributes of various network services (eg. L7 services, domain name, encryption algorithm) The entity will be consumed in firewall rules and can be added in new tuple called profile in firewall rules. To get a list of supported attributes and sub-attributes fire the following REST API GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes title: |- Policy Context Profile entity x-vmw-nsx-module: PolicyContextProfile PolicyContextProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged collection of PolicyContextProfiles items: $ref: '#/definitions/PolicyContextProfile' readOnly: true title: |- Paged collection of PolicyContextProfiles type: array type: object x-vmw-nsx-module: PolicyContextProfile description: |- List result of PolicyContextProfiles title: |- List result of PolicyContextProfiles x-vmw-nsx-module: PolicyContextProfile PolicyDnsAnswerPerEnforcementPoint: description: | DNS forwarder nslookup answer per enforcement point. discriminator: resource_type properties: enforcement_point_path: description: | Policy path referencing the enforcement point from where the DNS forwarder nslookup answer is fetched. readOnly: true title: |- Enforcement point path type: string resource_type: description: | Resource type of the DNS forwarder nslookup answer. enum: - NsxTDnsAnswer title: |- Resource type type: string required: - resource_type title: |- NSLookup answer per enforcement point type: object x-vmw-nsx-module: PolicyDnsForwarder PolicyDnsForwarder: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: conditional_forwarder_zone_paths: description: |- Max of 5 DNS servers can be configured items: type: string maxItems: 5 title: |- Path of conditional DNS zones type: array default_forwarder_zone_path: description: | This is the zone to which DNS requests are forwarded by default title: |- Path of the default DNS zone. type: string enabled: default: true description: | The flag, which suggests whether the DNS forwarder is enabled or disabled. The default is True. title: |- DNS forwarder enabled flag type: boolean listener_ip: description: | This is the IP on which the DNS Forwarder listens. format: ipv4 type: string log_level: default: INFO description: | Set log_level to DISABLED will stop dumping fowarder log. enum: - DEBUG - INFO - WARNING - ERROR - FATAL title: |- Log level of the dns forwarder type: string required: - default_forwarder_zone_path - listener_ip type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Used to configure DNS Forwarder title: |- DNS Forwarder x-vmw-nsx-module: PolicyDnsForwarder PolicyDnsForwarderZone: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: dns_domain_names: description: | List of domain names on which conditional forwarding is based. This field is required if the DNS Zone is being used for a conditional forwarder. This field will also be used for conditional reverse lookup. Example 1, if for one of the zones, one of the entries in the fqdn is example.com, all the DNS requests under the domain example.com will be served by the corresponding upstream DNS server. Example 2, if for one of the zones, one of the entries in the fqdn list is "13.12.30.in-addr.arpa", reverse lookup for 30.12.13.0/24 will go to the corresponding DNS server. items: type: string title: |- List of domain names type: array source_ip: description: | The source IP used by the DNS Forwarder zone. format: ipv4 type: string upstream_servers: description: |- Max of 3 DNS servers can be configured items: description: |- IPv4 address format: ipv4 type: string maxItems: 3 title: |- DNS servers to which the DNS request needs to be forwarded type: array required: - upstream_servers type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Used to configure zones on DNS Forwarder title: |- DNS Forwarder Zone x-vmw-nsx-module: PolicyDnsForwarder PolicyDnsForwarderZoneListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Dns Forwarder Zone list results items: $ref: '#/definitions/PolicyDnsForwarderZone' title: |- Dns Forwarder Zone list results type: array required: - results type: object x-vmw-nsx-module: PolicyDnsForwarder description: |- Paged Collection of DNS Forwarder Zones title: |- Paged Collection of DNS Forwarder Zones x-vmw-nsx-module: PolicyDnsForwarder PolicyEdgeCluster: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: inter_site_forwarding_enabled: description: | Flag to indicate status of inter site l2 and l3 forwarding in federation. readOnly: true title: |- Inter site forwarding is enabled if true type: boolean nsx_id: description: |- UUID of Edge Cluster on NSX-T enforcement point. readOnly: true title: |- Edge Cluster UUID on NSX-T Enforcement Point type: string rtep_ips: description: |- List of remote tunnel endpoint ipaddress configured on edge cluster. items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Remote tunnel endpoint IP addresses. type: array type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Edge Cluster. title: |- Edge Cluster x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyEdgeClusterInterSiteBgpSummary: properties: edge_cluster_path: description: |- Edge cluster path whose status is being reported. readOnly: true title: |- Edge node path type: string edge_nodes: description: |- Status of all edge nodes within cluster. items: $ref: '#/definitions/PolicyEdgeNodeInterSiteBgpSummary' readOnly: true title: |- Individual edge nodes status type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyEdgeClusterInterSiteStatus: properties: edge_cluster_name: description: |- Name of the edge cluster whose status is being reported. readOnly: true title: |- Edge cluster name type: string edge_cluster_path: description: |- Policy path of the edge cluster whose status is being reported. readOnly: true title: |- Edge cluster path type: string last_update_timestamp: description: | Timestamp when the edge cluster inter-site status was last updated. format: int64 readOnly: true type: integer member_status: description: |- Per edge node inter-site status. items: $ref: '#/definitions/PolicyEdgeClusterMemberInterSiteStatus' readOnly: true title: |- Per edge node inter-site status type: array overall_status: description: | Overall status of all edge nodes IBGP status in the edge cluster. enum: - UP - DOWN - DEGRADED - UNKNOWN readOnly: true title: |- Overall IBGP status in the edge cluster type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyEdgeClusterListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Edge Cluster list result. items: $ref: '#/definitions/PolicyEdgeCluster' title: |- Edge Cluster List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged Collection of Edge Cluster title: |- Paged Collection of Edge Cluster x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyEdgeClusterMemberInterSiteStatus: properties: edge_node_path: $ref: '#/definitions/ResourceReference' description: |- Edge node details from where the status is being retrived. readOnly: true title: |- Edge node path established_bgp_sessions: description: |- Total number of current established inter-site IBGP sessions. format: int64 readOnly: true title: |- Established inter-site IBGP sessions type: integer neighbor_status: description: |- Inter-site BGP neighbor status. items: $ref: '#/definitions/PolicyBgpNeighborStatus' readOnly: true title: |- BGP neighbor status type: array status: description: |- Edge node IBGP status enum: - UP - DOWN - DEGRADED - UNKNOWN readOnly: true title: |- Edge node IBGP status type: string total_bgp_sessions: description: |- Total number of inter-site IBGP sessions. format: int64 readOnly: true title: |- Total inter-site IBGP sessions type: integer type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyEdgeNode: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: member_index: description: |- Member index of edge node in edge cluster. format: int64 readOnly: true title: |- Member Index type: integer nsx_id: description: |- UUID of edge node on NSX-T enforcement point. readOnly: true title: |- Edge Node UUID on NSX-T Enforcement Point type: string type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Edge Node. title: |- Edge Node x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyEdgeNodeInterSiteBgpSummary: properties: edge_node_path: description: |- Edge node path whose status is being reported. readOnly: true title: |- Edge node path type: string last_update_timestamp: description: | Timestamp when the inter-site IBGP neighbors status was last updated. format: int64 readOnly: true type: integer neighbor_status: description: |- Status of all inter-site IBGP neighbors. items: $ref: '#/definitions/PolicyBgpNeighborStatus' readOnly: true title: |- Inter-site IBGP neighbors status type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics PolicyEdgeNodeListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Edge Node list result. items: $ref: '#/definitions/PolicyEdgeNode' title: |- Edge Node List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged Collection of Edge Node title: |- Paged Collection of Edge Node x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyExcludeList: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: members: description: |- List of the members in the exclude list items: type: string maxItems: 100 title: |- ExcludeList member list type: array required: - members type: object x-vmw-nsx-module: PolicyFirewallConfiguration x-vmw-nsx-module: PolicyFirewallConfiguration PolicyFineTuningResourceInfo: description: | It represent the resource with details of name and fields it owns. properties: fields: description: |- List of all field of any resource items: $ref: '#/definitions/PolicyFineTuningResourceInfoDetail' title: |- List of all field of any resource type: array resource_name: description: | It will represent resource with name and fields. title: |- Resource name type: string required: - fields - resource_name title: |- Contains the detail of resources with name and fields type: object x-vmw-nsx-module: PolicyFineTuning PolicyFineTuningResourceInfoDetail: description: | Contains the details of resource field properties: field_name: description: | It will represent resource with name and fields. title: |- Resource name type: string sub_type: $ref: '#/definitions/PolicyFineTuningResourceInfo' description: |- List of all field of any resource title: |- List of all field of any resource required: - field_name - sub_type title: |- Contains the details resources with field type and name type: object x-vmw-nsx-module: PolicyFineTuning PolicyFirewallCPUMemThresholdsProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - properties: sequence_number: description: | Sequence number is used to resolve conflicts when two profiles get applied to a single node. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. format: int64 maximum: 4294967295 minimum: 0 title: |- Sequence number of this profile binding map type: integer transport_nodes: description: | References of transport nodes on which the profile intended to be applied. items: $ref: '#/definitions/PolicyResourceReference' title: |- References of transport nodes type: array required: - sequence_number type: object x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding description: | This entity will be used to establish association between CPU Memory Thresholds Profile and Transport Node. Using this entity, user can specify intent for applying Firewall CPU Memory Thresholds Profile to particular Transport Node. title: |- Policy DFW CPU Memory Thresholds Profile binding map x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding PolicyFirewallCPUMemThresholdsProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Firewall CPU Memory Thresholds Profile Binding Map list results items: $ref: '#/definitions/PolicyFirewallCPUMemThresholdsProfileBindingMap' title: |- Firewall CPU Memory Thresholds Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding description: |- Paged collection of Firewall CPU Memory Thresholds Profile Binding Maps title: |- Paged collection of Firewall CPU Memory Thresholds Profile Binding Maps x-vmw-nsx-module: PolicyFirewallCPUMemThresholdsProfileBinding PolicyFirewallCpuMemThresholdsProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: cpu_threshold_percentage: default: 90 description: | CPU utilization thresholds percentage to monitor and report for distributed firewall. format: int64 maximum: 100 minimum: 10 title: |- CPU utilization thresholds percentage type: integer mem_threshold_percentage: default: 90 description: | Heap memory thresholds percentage to monitor and report for distributed firewall. format: int64 maximum: 100 minimum: 10 title: |- Heap memory thresholds utilization percentage type: integer required: - mem_threshold_percentage - cpu_threshold_percentage type: object x-vmw-nsx-module: PolicyProfile description: |- A profile holding CPU and memory thresholds configuration. title: |- Firewall CPU and memory thresholds profile x-vmw-nsx-module: PolicyProfile PolicyFirewallCpuMemThresholdsProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- PolicyFirewallCpuMemThresholdsProfile list results items: $ref: '#/definitions/PolicyFirewallCpuMemThresholdsProfile' title: |- PolicyFirewallCpuMemThresholdsProfile list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of PolicyFirewallCpuMemThresholdsProfile title: |- Paged Collection of PolicyFirewallCpuMemThresholdsProfile x-vmw-nsx-module: PolicyProfile PolicyFirewallFloodProtectionProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - properties: sequence_number: description: | Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. format: int64 title: |- Sequence number of this profile binding map. type: integer required: - sequence_number type: object x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding description: | This entity will be used to establish association between Firewall Flood Protection profile and Group. Using this entity, user can specify intent for applying Firewall Flood Protection profile to particular Group. title: |- Policy DFW Flood Protection Profile binding map x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding PolicyFirewallFloodProtectionProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Firewall Flood Protection Profile Binding Map list results items: $ref: '#/definitions/PolicyFirewallFloodProtectionProfileBindingMap' title: |- Firewall Flood Protection Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding description: |- Paged collection of Firewall Flood Protection Profile Binding Maps title: |- Paged collection of Firewall Flood Protection Profile Binding Maps x-vmw-nsx-module: PolicyFirewallFloodProtectionProfileBinding PolicyFirewallScheduler: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: days: description: | Days of week on which rules will be enforced. If property is omitted, then days of the week will not considered while calculating the firewall schedule. It should not be present when the recurring flag is false. items: description: |- Day on which scheduled firewall rule will be enforced enum: - SUNDAY - MONDAY - TUESDAY - WEDNESDAY - THURSDAY - FRIDAY - SATURDAY type: string title: |- Days of the week type: array end_date: description: | End date on which schedule to end. Example, 12/22/2019. title: |- End date in MM/DD/YYYY type: string end_time: description: | If recurring field is set false, then this field must be present. The schedule will be enforced till the end time of the specified end date. If recurring field is set true, then this field should not be present. title: |- End time type: string recurring: default: true description: | Flag to indicate whether firewall schedule recurs or not. The default value is true and it should be set to false when the firewall schedule does not recur and is a one time time interval. title: |- Firewall schedule recurring flag type: boolean start_date: description: | Start date on which schedule to start. Example, 02/22/2019. title: |- Start date in MM/DD/YYYY type: string start_time: description: | Time in 24 hour and minutes in multiple of 30. Example, 9:00. If recurring field is set false, then this field must be present. The schedule will start getting enforced from the start time of the specified start date. If recurring field is set true, then this field should not be present. title: |- Start time type: string time_interval: description: | The recurring time interval in a day during which the schedule will be applicable. It should not be present when the recurring flag is false. items: $ref: '#/definitions/PolicyTimeIntervalValue' maxItems: 1 title: |- Recurring time interval type: array timezone: description: | Host Timezone to be used to enforce firewall rules. enum: - UTC - LOCAL title: |- Host timezone type: string required: - timezone - recurring - start_date - end_date type: object x-vmw-nsx-module: PolicyFirewallScheduler description: | An entity that encapsulates attributes to schedule firewall rules to be active to allow or block traffic for a specific period of time. Note that at least one property out of "days", "start_time", "end_time", "start_date", "end_date" is required. title: |- Policy Firewall Scheduler entity x-vmw-nsx-module: PolicyFirewallScheduler PolicyFirewallSchedulerListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged collection of PolicyFirewallSchedulers items: $ref: '#/definitions/PolicyFirewallScheduler' readOnly: true title: |- Paged collection of PolicyFirewallSchedulers type: array type: object x-vmw-nsx-module: PolicyFirewallScheduler description: |- List result of PolicyFirewallSchedulers title: |- List result of PolicyFirewallSchedulers x-vmw-nsx-module: PolicyFirewallScheduler PolicyFirewallSessionTimerProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: icmp_error_reply: default: 10 description: |- The timeout value for the connection after an ICMP error came back in response to an ICMP packet. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after ICMP error type: integer icmp_first_packet: default: 20 description: |- The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new ICMP flow. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- First packet connection timeout type: integer tcp_closed: default: 20 description: |- The timeout value of connection in seconds after one endpoint sends an RST. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after RST type: integer tcp_closing: default: 120 description: |- The timeout value of connection in seconds after the first FIN has been sent. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after first TN type: integer tcp_established: default: 43200 description: |- The timeout value of connection in seconds once the connection has become fully established. format: int64 maximum: 4320000 minimum: 120 readOnly: false title: |- Connection timeout type: integer tcp_finwait: default: 45 description: |- The timeout value of connection in seconds after both FINs have been exchanged and connection is closed. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after FINs exchanged type: integer tcp_first_packet: default: 120 description: |- The timeout value of connection in seconds after the first packet has been sent. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Connection timout after first packet type: integer tcp_opening: default: 30 description: |- The timeout value of connection in seconds after a second packet has been transferred. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Connection timout after second packet type: integer udp_first_packet: default: 60 description: |- The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new UDP flow. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Connection timout after first packet type: integer udp_multiple: default: 60 description: |- The timeout value of connection in seconds if both hosts have sent packets. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Timeout after hosts sent packet type: integer udp_single: default: 30 description: |- The timeout value of connection in seconds if the source host sends more than one packet but the destination host has never sent one back. format: int64 maximum: 4320000 minimum: 10 readOnly: false title: |- Connection timeout for destination type: integer required: - tcp_closed - tcp_opening - udp_single - tcp_finwait - tcp_first_packet - tcp_closing - tcp_established - udp_multiple - icmp_error_reply - udp_first_packet - icmp_first_packet type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfile description: |- A profile holding TCP, UDP and ICMP session timeout configuration. title: |- Policy Firewall Session timeout profile x-vmw-nsx-module: PolicyFirewallSessionTimerProfile PolicyFirewallSessionTimerProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: firewall_session_timer_profile_path: description: |- PolicyPath of associated Firewall Timer Session Profile title: |- Firewall Session Timer Profile Path type: string sequence_number: description: | Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. format: int64 title: |- Sequence number of this profile binding map. type: integer required: - firewall_session_timer_profile_path type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding description: | This entity will be used to establish association between Firewall Timer session profile and Group. Using this entity, user can specify intent for applying Firewall Timer session profile to particular Group. title: |- Policy DFW Timer Session Profile binding map x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding PolicyFirewallSessionTimerProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Firewall Session Timer Profile Binding Map list results items: $ref: '#/definitions/PolicyFirewallSessionTimerProfileBindingMap' title: |- Firewall Session Timer Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding description: |- Paged collection of Firewall Session Timer Profile Binding Maps title: |- Paged collection of Firewall Session Timer Profile Binding Maps x-vmw-nsx-module: PolicyFirewallSessionTimerProfileBinding PolicyFirewallSessionTimerProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Policy Firewall Session timeout profile list results items: $ref: '#/definitions/PolicyFirewallSessionTimerProfile' title: |- Policy Firewall Session timeout profile list results type: array required: - results type: object x-vmw-nsx-module: PolicyFirewallSessionTimerProfile description: |- Paged Collection of Policy Firewall Session timeout profiles title: |- Paged Collection of Policy Firewall Session timeout profiles x-vmw-nsx-module: PolicyFirewallSessionTimerProfile PolicyGroupIPMembersListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of IP addresses that belong to the given Group items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string title: |- Paged Collection of IP addresses that belong to the given Group type: array required: - results type: object x-vmw-nsx-module: PolicyGroupRealization description: | Paginated collection of IP members belonging to a Group. title: |- Group IP members list result x-vmw-nsx-module: PolicyGroupRealization PolicyGroupMemberDetails: description: | Details of the member belonging to a Group properties: display_name: description: |- The display name of the member on the enforcement point readOnly: true title: |- The display name of the member on the enforcement point type: string id: description: |- The ID of the member on the enforcement point readOnly: true title: |- The ID of the member on the enforcement point type: string path: description: |- The path of the member, if relevant readOnly: true title: |- The path of the member, if relevant type: string title: |- Group member details type: object x-vmw-nsx-module: PolicyGroupRealization PolicyGroupMembersListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of members that belong to the given Group items: $ref: '#/definitions/PolicyGroupMemberDetails' title: |- Paged Collection of members that belong to the given Group type: array required: - results type: object x-vmw-nsx-module: PolicyGroupRealization description: | Paginated collection of members belonging to a Group. title: |- Group members list result x-vmw-nsx-module: PolicyGroupRealization PolicyIPAddressInfo: description: | Used to specify the display name and value of the IPv4Address. properties: address_value: description: | Value of the IPv4Address. format: ipv4 type: string display_name: description: | Display name used to help identify the IPv4Address. title: |- Display name of the IPv4Address type: string next_hop: description: | Next hop used in auto-plumbing of static route. If a value is not provided, static route will not be auto-plumbed. format: ipv4 type: string required: - address_value title: |- IP address information type: object x-vmw-nsx-module: PolicyL3Vpn PolicyIgmpProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: last_member_query_interval: default: 1 description: | Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages, and is also the amount of time between Group-Specific Query messages. This value may be tuned to modify the "leave latency" of the network. A reduced value results in reduced time to detect the loss of the last member of a group. format: int32 maximum: 25 minimum: 1 title: |- Max Response Time type: integer query_interval: default: 30 description: | Interval(seconds) between general IGMP host-query messages. format: int32 maximum: 1800 minimum: 1 title: |- Interval between general IGMP host-query messages type: integer query_max_response_time: default: 10 description: | The query response interval(seconds) is the maximum amount of time that can elapse between when the querier router sends a host-query message and when it receives a response from a host. Configuring this interval allows admins to adjust the burstiness of IGMP messages on the subnet; larger values make the traffic less bursty, as host responses are spread out over a larger interval. The number of seconds represented by the query_max_response_time must be less than the query_interval. format: int32 maximum: 25 minimum: 1 title: |- The maximum elapsed time between response type: integer robustness_variable: default: 2 description: | The Robustness Variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the Robustness Variable may be increased. IGMP is robust to (Robustness Variable-1) packet losses. The Robustness Variable must not be zero, and SHOULD NOT be one. format: int32 maximum: 255 minimum: 1 title: |- The Robustness Variable type: integer type: object x-vmw-nsx-module: PolicyMulticast description: |- IGMP profile. title: |- IGMP Profile x-vmw-nsx-module: PolicyMulticast PolicyInsertParameters: description: | Parameters to let the admin specify a relative position of a security policy or rule w.r.t to another one. properties: anchor_path: description: | The security policy/rule path if operation is 'insert_after' or 'insert_before' title: | The security policy/rule path if operation is 'insert_after' or 'insert_before' type: string operation: default: insert_top description: |- Operation enum: - insert_top - insert_bottom - insert_after - insert_before title: |- Operation type: string title: | Parameters to tell where security policy/rule needs to be placed type: object x-vmw-nsx-module: Policy PolicyInterfaceStatistics: allOf: - $ref: '#/definitions/LogicalRouterPortStatistics' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Tier0 or Tier1 interface statistics on specific Enforcement Point. title: |- Tier0 or Tier1 interface statistics on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics PolicyInterfaceStatisticsSummary: allOf: - $ref: '#/definitions/LogicalRouterPortStatisticsSummary' - properties: interface_policy_path: description: |- Policy path for the interface title: |- Policy path for the interface type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Tier0 or Tier1 interface statistics on specific Enforcement Point. title: |- Tier0 or Tier1 interface statistics on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics PolicyLabel: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: refs: description: |- Policy entity paths referred by the label instance items: type: string title: |- Policy entity paths referred by the label instance type: array type: description: |- Policy intent entity type from PolicyResourceType title: |- Policy intent entity type from PolicyResourceType type: string required: - type type: object x-vmw-nsx-module: PolicyLabel description: |- Label to reference group of policy entities of same type. title: |- Label to reference group of policy entities of same type. x-vmw-nsx-module: PolicyLabel PolicyLabelListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Policy label list results items: $ref: '#/definitions/PolicyLabel' title: |- Policy label list results type: array required: - results type: object x-vmw-nsx-module: PolicyLabel description: |- Paged Collection of Domains title: |- Paged Collection of Domains x-vmw-nsx-module: PolicyLabel PolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: fall_count: default: 3 description: | Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. format: int64 title: |- Monitor fall count for active healthchecks type: integer interval: default: 5 description: | Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. format: int64 title: |- Monitor interval in seconds for active healthchecks type: integer monitor_port: description: | Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. format: int32 maximum: 65535 minimum: 0 title: |- Monitor port for active healthchecks type: integer resource_type: enum: - TcpPolicyLbMonitorProfile - UdpPolicyLbMonitorProfile - IcmpPolicyLbMonitorProfile - HttpPolicyLbMonitorProfile - HttpsPolicyLbMonitorProfile type: string rise_count: default: 3 description: | Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. format: int64 title: |- Monitor rise count for active healthchecks type: integer timeout: default: 15 description: | Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. format: int64 title: |- Monitor timeout in seconds for active healthchecks type: integer required: - resource_type type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | All the types of PolicyLbMonitorProfile extend from this abstract class. This is present for extensibility. title: |- Base class for each type or protocol of PolicyLbMonitorProfile x-vmw-nsx-module: TempPolicyLoadBalancer PolicyLbPersistenceProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - L4PolicyLbPersistenceProfile - L7PolicyLbPersistenceProfile - CustomPolicyLbPersistenceProfile type: string required: - resource_type type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Some applications maintain state and require all relevant connections to be sent to the same server as the application state is not synchronized among servers. Persistence is enabled on a PolicyLbVirtualServer by binding a persistence profile to it. title: |- Contains the information related to load balancer persistence options x-vmw-nsx-module: TempPolicyLoadBalancer PolicyLbPoolAccess: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: algorithm: default: ROUND_ROBIN description: | Load balanding algorithm controls how the incoming connections are distributed among the members. - ROUND_ROBIN - requests to the application servers are distributed in a round-robin fashion, - LEAST_CONNECTION - next request is assigned to the server with the least number of active connections enum: - ROUND_ROBIN - LEAST_CONNECTION title: |- Load balancing algorithm type: string ip_port_list: description: | IP Port list for applications within the Group to allow for non-uniform port usage by applications items: $ref: '#/definitions/IPAddressPortPair' title: |- IP Port list for applications within the Group type: array lb_monitor_profile: description: | Path of the PolicyLbMonitorProfile to actively monitor the PolicyLbPoolAccess's Group title: |- Path of the PolicyLbMonitorProfile to actively monitor the PolicyLbPoolAccess's Group type: string pool_port: description: | Port for LoadBalancer to send connections to the PolicyLbPoolAccess's Group. Pool_port could be optional, if it is not specified, LB will use PolicyLbVirtualServer port to connect to backend servers. If the PolicyLbMonitorProfile is configured in PolicyLbPoolAccess and active monitor IP protocol is TCP/UDP(which requires TCP or UDP port number), monitor_port should be specified if pool_port is unset. format: int32 maximum: 65535 minimum: 0 title: |- Port for LoadBalancer to send traffic type: integer source_nat: default: ENABLED description: | Depending on the topology, Source NAT (SNAT) may be required to ensure traffic from the server destined to the client is received by the load balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool, then load balancer uses the client IP and port (spoofing) while establishing connections to the servers. This is referred to as no-SNAT or TRANSPARENT mode. SNAT is enabled by default and will use the load balancer interface IP and an ephemeral port as the source IP and port of the server side connection. enum: - ENABLED - DISABLED title: |- Source NAT setting of the PolicyLbPoolAccess type: string type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Defining access of a Group from a PolicyLbVirtualServer and binding to PolicyLbMonitorProfile. title: |- Defining access a Group from a PolicyLbVirtualServer and binding to PolicyLbMonitorProfile x-vmw-nsx-module: TempPolicyLoadBalancer PolicyLbRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: host_match: description: | This condition is used to match HTTP request messages by the specific HTTP header field, Host. The Host request header specifies the domain name of the server. The supplied Host HTTP header match condition will be matched as a regular expression. The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre .org for PCRE and the NSX-T Administrator's Guide for the restrictions. Please note, when regular expressions are used in JSON (JavaScript Object Notation) string, every backslash character (\) needs to be escaped by one additional backslash character. title: |- Host HTTP header match condition type: string lb_virtual_server: description: | The path of PolicyLbVirtualServer to bind to this PolicyLbRule and its Group title: |- PolicyLbVirtualServer path type: string match_strategy: default: ANY description: | If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this PolicyLbRule to be considered a match - ANY indicates that either host_match or patch match may match for this PolicyLbRule to be considered a match enum: - ALL - ANY title: |- Match strategy for determining match of multiple conditions type: string path_match: description: | This condition is used to match URIs(Uniform Resource Identifier) of HTTP request messages. The URI field can be specified as a regluar expression. If an HTTP request message is requesting an URI which matches specified regular expression, it matches the condition. The syntax of whole URI looks like this: scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment] This condition matches only the path part of entire URI. The path_match field is used as a regular expression to match URI path of HTTP requests. For example, to match any URI that has "/image/" or "/images/", uri field can be specified as: "/image[s]?/". The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre .org for PCRE and the NSX-T Administrator's Guide for the restrictions. Please note, when regular expressions are used in JSON (JavaScript Object Notation) string, every backslash character (\) needs to be escaped by one additional backslash character. title: |- HTTP request uri match condition type: string sequence_number: description: | This field is used to resolve conflicts between multiple PolicyLbRules associated with a single PolicyLbVirtualServer and will be applied numerically or low to high format: int32 title: |- Sequence number of the this PolicyLbRule type: integer type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Binding of a LbPoolAccess and Group to a PolicyLbVirtualServer used to route application traffic passing through load balancers. PolicyLbRule uses match conditions to match application traffic passing through a PolicyLbVirtualServer using HTTP or HTTPS. Can bind multiple PolicyLbVirtualServers to a Group. Each PolicyLbRule consists of two optional match conditions, each match contidion defines a criterion for application traffic. If no match conditions are specified, then the PolicyLbRule will always match and it is used typically to define default rules. If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the PolicyLbRule to be considered a match. A match indicates that the PolicyLbVirtualServer should route the request to the Group (parent of PolicyLbRule). title: |- Binding of a LbPoolAccess and Group to a PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer PolicyLbVirtualServer: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: access_log_enabled: default: false description: | If access log is enabled, all HTTP requests sent to an L7 virtual server are logged to the access log file. Both successful requests (backend server returns 2xx) and unsuccessful requests (backend server returns 4xx or 5xx) are logged to access log, if enabled. title: |- Access log enabled setting type: boolean ip_address: description: | Configures the IP address of the PolicyLbVirtualServer where it receives all client connections and distributes them among the backend servers. format: ip type: string lb_persistence_profile: description: | Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is disabled by default. title: |- Persistence Profile used by PolicyLbVirtualServer type: string ports: description: | Ports contains a list of at least one port or port range such as "80", "1234-1236". Each port element in the list should be a single port or a single port range. items: description: | Examples- Single port "8080", Range of ports "8090-8095" format: port-or-range type: string title: |- Virtual server port number(s) or port range(s) type: array resource_type: enum: - TcpPolicyLbVirtualServer - UdpPolicyLbVirtualServer - HttpPolicyLbVirtualServer - HttpsPolicyLbVirtualServer - CustomPolicyLbVirtualServer type: string router_path: description: | Path to router type object that PolicyLbVirtualServer connects to. The only supported router object is Network. title: |- Path to router type object for PolicyLbVirtualServer type: string traffic_source: type: string required: - ip_address - router_path - ports - resource_type type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | All the types of PolicyLbVirtualServer extend from this abstract class. This is present for extensibility. title: |- Base class for each type of PolicyLbVirtualServer x-vmw-nsx-module: TempPolicyLoadBalancer PolicyListResult: allOf: - $ref: '#/definitions/ListResult' - type: object x-vmw-nsx-module: Policy description: |- Paged Collection of security policies title: |- Paged Collection of security policies x-vmw-nsx-module: Policy PolicyMulticastConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: false description: |- Enable/disable Multicast Configuration. title: |- Enable/disable Multicast Configuration type: boolean igmp_profile_path: description: | Updates to IGMP profile applied on all Tier0 gateways consuming the configuration. title: |- Policy path to IGMP profile type: string pim_profile_path: description: | Updates to PIM profile applied on all Tier0 gateways consuming the configuration. title: |- Policy path to PIM profile type: string replication_multicast_range: description: |- Replication multicast range. Required when enabled. format: ipv4-cidr-block title: |- Replication multicast range type: string type: object x-vmw-nsx-module: PolicyMulticast description: |- Multicast routing configuration. title: |- Multicast routing configuration x-vmw-nsx-module: PolicyMulticast PolicyNATRuleCounters: description: | Gives the statistics count of a NAT rule. properties: active_sessions: description: | Gives the total number of active sessions. format: int64 readOnly: true title: |- Active sessions type: integer total_bytes: description: | Gives the total number of bytes. format: int64 readOnly: true title: |- Total bytes type: integer total_packets: description: | Gives the total number of packets. format: int64 readOnly: true title: |- Total packets type: integer title: |- Statistics count type: object x-vmw-nsx-module: PolicyNAT PolicyNat: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: nat_type: description: |- Represents a NAT section under tier-0/tier-1. enum: - INTERNAL - USER - DEFAULT - NAT64 title: |- NAT section under tier-0/tier-1 type: string type: object x-vmw-nsx-module: PolicyNAT description: | Represents NAT section. This object is created by default when corresponding tier-0/tier-1 is created. Under tier-0/tier-1 there will be 4 different NATs(sections). (INTERNAL, USER, DEFAULT and NAT64). title: |- Contains list of NAT Rules x-vmw-nsx-module: PolicyNAT PolicyNatRule: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: action: description: | Source NAT(SNAT) - translates a source IP address in an outbound packet so that the packet appears to originate from a different network. SNAT is only supported when the logical router is running in active-standby mode. Destination NAT(DNAT) - translates the destination IP address of inbound packets so that packets are delivered to a target address into another network. DNAT is only supported when the logical router is running in active-standby mode. Reflexive NAT(REFLEXIVE) - IP-Range and CIDR are supported to define the "n". The number of original networks should be exactly the same as that of translated networks. The address translation is deterministic. Reflexive is supported on both Active/Standby and Active/Active LR. NO_SNAT and NO_DNAT - These do not have support for translated_fields, only source_network and destination_network fields are supported. NAT64 - translates an external IPv6 address to a internal IPv4 address. enum: - SNAT - DNAT - REFLEXIVE - NO_SNAT - NO_DNAT - NAT64 title: |- Represents action of NAT Rule SNAT, DNAT, REFLEXIVE type: string destination_network: description: | This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For DNAT and NO_DNAT rules, this is a mandatory field, and represents the destination network for the incoming packets. For other type of rules, optionally it can contain destination network of outgoing packets. NULL value for this field represents ANY network. format: list-of-address-or-block-or-range type: string enabled: default: true description: | The flag, which suggests whether the NAT rule is enabled or disabled. The default is True. title: |- Policy NAT Rule enabled flag type: boolean firewall_match: default: MATCH_INTERNAL_ADDRESS description: | It indicates how the firewall matches the address after NATing if firewall stage is not skipped. MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped. For NO_SNAT or NO_DNAT, it must be BYPASS or leave it unassigned enum: - MATCH_EXTERNAL_ADDRESS - MATCH_INTERNAL_ADDRESS - BYPASS title: |- Represents the firewall match flag type: string logging: default: false description: | The flag, which suggests whether the logging of NAT rule is enabled or disabled. The default is False. title: |- Policy NAT Rule logging flag type: boolean scope: description: | Represents the array of policy paths of ProviderInterface or NetworkInterface or labels of type ProviderInterface or NetworkInterface on which the NAT rule should get enforced. The interfaces must belong to the same router for which the NAT Rule is created. items: type: string title: |- Array of policy paths of labels, ProviderInterface, NetworkInterface type: array sequence_number: default: 0 description: | The sequence_number decides the rule_priority of a NAT rule. Sequence_number and rule_priority have 1:1 mapping.For each NAT section, there will be reserved rule_priority numbers.The valid range of rule_priority number is from 0 to 2147483647(MAX_INT). 1. INTERNAL section rule_priority reserved from 0 - 1023 (1024 rules) valid sequence_number range 0 - 1023 2. USER section rule_priority reserved from 1024 - 2147482623 (2147481600 rules) valid sequence_number range 0 - 2147481599 3. DEFAULT section rule_priority reserved from 2147482624 - 2147483647 (1024 rules) valid sequence_number range 0 - 1023 format: int32 title: |- Sequence number of the Nat Rule type: integer service: description: | It represents the path of Service on which the NAT rule will be applied. If not provided or if it is blank then Policy manager will consider it as ANY. title: |- Represents the service on which the NAT rule will be applied type: string source_network: description: | This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, NO_SNAT, NAT64 and REFLEXIVE rules, this is a mandatory field and represents the source network of the packets leaving the network. For DNAT and NO_DNAT rules, optionally it can contain source network of incoming packets. NULL value for this field represents ANY network. format: list-of-address-or-block-or-range type: string translated_network: description: | This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, DNAT, NAT64 and REFLEXIVE rules, this ia a mandatory field, which represents the translated network address. For NO_SNAT and NO_DNAT this should be empty. format: list-of-address-or-block-or-range type: string translated_ports: description: |- Port number or port range format: port-or-range type: string required: - action type: object x-vmw-nsx-module: PolicyNAT description: |- Represents a NAT rule between source and destination at T0/T1 router. title: |- Represents a NAT rule between source and destination at T0/T1 router x-vmw-nsx-module: PolicyNAT PolicyNatRuleListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- NAT Rules list results items: $ref: '#/definitions/PolicyNatRule' title: |- NAT Rules list results type: array required: - results type: object x-vmw-nsx-module: PolicyNAT description: |- Paged Collection of NAT Rules title: |- Paged Collection of NAT Rules x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatistics: allOf: - $ref: '#/definitions/PolicyNATRuleCounters' - properties: last_update_timestamp: description: | Timestamp when the data was last updated. format: int64 readOnly: true type: integer warning_message: description: | The warning message about the NAT Rule Statistics. readOnly: true title: |- Warning Message type: string type: object x-vmw-nsx-module: PolicyNAT description: | Gives the Statistics of a NAT rule. title: |- Statistics of NAT Rule x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- NAT rules statistics per enforcement point items: $ref: '#/definitions/PolicyNatRuleStatisticsPerEnforcementPoint' title: |- NAT rules statistics per enforcement point type: array required: - results type: object x-vmw-nsx-module: PolicyNAT description: | Gives the collection of NAT rule statistics per enforcement point. title: |- Collection of NAT Rule statistics x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsPerEnforcementPoint: description: | Gives the statistics of a NAT rule per enforcement point. properties: enforcement_point_path: description: | Policy Path referencing the enforcement point from where the statistics are fetched. title: |- Enforcement point Path type: string rule_path: description: | Path of NAT Rule. title: |- Path of NAT Rule type: string rule_statistics: description: | Gives NAT rule stats on an enforcement point. items: $ref: '#/definitions/PolicyNatRuleStatistics' readOnly: true title: |- Rule statistics per enforcement point type: array title: |- Statistics of NAT Rule per enforcement point type: object x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsPerLogicalRouter: description: | Gives the statistics of a NAT rule per logical router on specified enforcement point. properties: enforcement_point_path: description: | Policy Path referencing the enforcement point from where the statistics are fetched. title: |- Enforcement point Path type: string last_update_timestamp: description: | Timestamp when the data was last updated. format: int64 readOnly: true type: integer per_node_statistics: description: | Detailed Rule statistics per logical router. items: $ref: '#/definitions/PolicyNatRuleStatisticsPerTransportNode' readOnly: true title: |- Detailed Rule statistics type: array router_path: description: | Path of the router. title: |- Router path type: string statistics: $ref: '#/definitions/PolicyNATRuleCounters' description: | Rolled up statistics for all rules on the logical router. readOnly: true title: |- Rolled up statistics title: |- Statistics of NAT Rule per logical router type: object x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsPerLogicalRouterListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- NAT rules statistics per logical router items: $ref: '#/definitions/PolicyNatRuleStatisticsPerLogicalRouter' title: |- NAT rules statistics per logical router type: array required: - results type: object x-vmw-nsx-module: PolicyNAT description: | Gives the collection of NAT rule statistics per logical router on specified enforcement point. title: |- Collection of NAT rule statistics per logical router x-vmw-nsx-module: PolicyNAT PolicyNatRuleStatisticsPerTransportNode: allOf: - $ref: '#/definitions/PolicyNATRuleCounters' - properties: last_update_timestamp: description: | Timestamp when the data was last updated. format: int64 readOnly: true type: integer transport_node_path: description: | Policy path of the Edge Node. readOnly: true title: |- Node path type: string type: object x-vmw-nsx-module: PolicyNAT description: | Gives the Statistics of a NAT rule. title: |- Statistics of NAT Rule x-vmw-nsx-module: PolicyNAT PolicyNonCompliantConfig: properties: affected_resources: description: |- Resources/Services impacted by non compliant configuration items: $ref: '#/definitions/PolicyResourceReference' readOnly: true title: |- Resources/Services impacted by non compliant configuration type: array description: description: |- Detail description of non compliant configuration with suggestive action readOnly: true title: |- Detail description of non compliant configuration with suggestive action type: string non_compliance_code: description: |- Code for non compliant configuration format: int64 readOnly: true title: |- Code for non compliant configuration type: integer reported_by: $ref: '#/definitions/PolicyResourceReference' description: |- Id and name of non compliant resource/service readOnly: true title: |- Id and name of non compliant resource/service type: object x-vmw-nsx-module: PolicyCompliance PolicyPimProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: rp_address: description: |- Static IPv4 multicast address configuration. format: ip type: string type: object x-vmw-nsx-module: PolicyMulticast description: |- PIM profile. title: |- PIM profile x-vmw-nsx-module: PolicyMulticast PolicyRealizedResource: allOf: - $ref: '#/definitions/PolicyResource' - properties: alarms: description: |- Alarm info detail items: $ref: '#/definitions/PolicyAlarmResource' title: |- Alarm info detail type: array intent_reference: description: |- Desire state paths of this object items: type: string title: |- Desire state paths of this object type: array realization_api: description: |- Realization API of this object on enforcement point title: |- Realization API of this object on enforcement point type: string realization_specific_identifier: description: |- Realization id of this object title: |- Realization id of this object type: string runtime_error: description: | It define the root cause for runtime error. title: |- String representation of runtime error type: string runtime_status: description: | Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive. title: |- String representation of runtime status type: string state: description: |- Realization state of this object enum: - UNAVAILABLE - UNREALIZED - REALIZED - ERROR title: |- Realization state of this object type: string required: - state type: object x-vmw-nsx-module: PolicyRealizedState description: |- Abstract base class for all the realized policy objects title: |- Abstract base class for all the realized policy objects x-vmw-nsx-module: PolicyRealizedState PolicyRelatedApiError: description: |- Detailed information about errors from API call to an enforcement point properties: details: description: |- Further details about the error title: |- Further details about the error type: string error_code: description: |- A numeric error code format: int64 title: |- A numeric error code type: integer error_data: description: |- Additional data about the error title: |- Additional data about the error type: object error_message: description: |- A description of the error title: |- A description of the error type: string module_name: description: |- The module name where the error occurred title: |- The module name where the error occurred type: string title: |- Detailed information about errors from API call to an enforcement point type: object x-vmw-nsx-module: PolicyRealizedState PolicyResource: allOf: - $ref: '#/definitions/ManagedResource' - properties: parent_path: description: |- Path of its parent readOnly: true title: |- Path of its parent type: string path: description: |- Absolute path of this object readOnly: true title: |- Absolute path of this object type: string relative_path: description: |- Path relative from its parent readOnly: true title: |- Relative path of this object type: string unique_id: description: | This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. readOnly: true title: |- A unique identifier assigned by the system type: string type: object x-vmw-nsx-module: Policy description: |- Abstract base class for all the policy objects. title: |- Abstract base class for all the policy objects x-vmw-nsx-module: Policy PolicyResourceReference: allOf: - $ref: '#/definitions/ResourceReference' - properties: path: description: |- Absolute path of this object. readOnly: true title: |- Absolute path of this object type: string type: object x-vmw-nsx-module: Policy description: |- Policy resource reference. title: |- Policy resource reference x-vmw-nsx-module: Policy PolicyResourceReferenceForEP: allOf: - $ref: '#/definitions/PolicyResourceReference' - type: object x-vmw-nsx-module: PolicyGroupRealization description: | Policy resource reference for enforcement point title: |- Policy resource reference for enforcement point x-vmw-nsx-module: PolicyGroupRealization PolicyResourceReferenceForEPListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of policy resource references for enforcement point items: $ref: '#/definitions/PolicyResourceReferenceForEP' title: |- Paged Collection of policy resource references for enforcement point type: array required: - results type: object x-vmw-nsx-module: PolicyGroupRealization description: | Paginated collection of policy resource references for enforcement point title: |- Policy resource reference list for enforcement point x-vmw-nsx-module: PolicyGroupRealization PolicyResourceReferenceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Policy resource references list results items: $ref: '#/definitions/PolicyResourceReference' title: |- Policy resource references list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of PolicyResourceReference title: |- Paged Collection of PolicyResourceReference x-vmw-nsx-module: Policy PolicyRuntimeAlarm: description: | Alarm associated with the PolicyRuntimeInfoPerEP that exposes potential errors when retrieving runtime information from the enforcement point. properties: error_details: $ref: '#/definitions/PolicyApiError' description: | Detailed information about errors from an API call made to the enforcement point, if any. readOnly: true title: |- Error Detailed Information error_id: description: |- Alarm error id. readOnly: true title: |- Alarm Error Id type: string message: description: |- Error message describing the issue. readOnly: true title: |- Error Message to Describe the Issue type: string title: |- Alarm of PolicyRuntimeInfoPerEP type: object x-vmw-nsx-module: PolicyBaseStatistics PolicyRuntimeInfoPerEP: description: | Runtime Info Per Enforcement Point. properties: alarm: $ref: '#/definitions/PolicyRuntimeAlarm' description: |- Alarm information details. readOnly: true title: |- Alarm Information Details enforcement_point_path: description: | Policy Path referencing the enforcement point where the info is fetched. readOnly: true title: |- Enforcement point Path type: string title: |- PolicyRuntimeInfoPerEP type: object x-vmw-nsx-module: PolicyBaseStatistics PolicyServiceChain: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: failure_policy: default: ALLOW description: |- Failure policy for the service defines the action to be taken i.e to allow or to block the traffic during failure scenarios. enum: - ALLOW - BLOCK readOnly: false title: |- Failure Policy type: string forward_path_service_profiles: description: |- Forward path service profiles are applied to ingress traffic. items: type: string maxItems: 4 readOnly: false title: |- Forward path service profiles type: array path_selection_policy: default: ANY description: |- Path selection policy can be - ANY - Service Insertion is free to redirect to any service path regardless of any load balancing considerations or flow pinning. LOCAL - Preference to be given to local service insances. REMOTE - Preference to be given to the SVM co-located on the same host. ROUND_ROBIN - All active service paths are hit with equal probability. enum: - ANY - LOCAL - REMOTE - ROUND_ROBIN readOnly: false title: |- Path Selection Policy type: string reverse_path_service_profiles: description: |- Reverse path service profiles are applied to egress traffic and is optional. 2 different set of profiles can be defined for forward and reverse path. If not defined, the reverse of the forward path service profile is applied. items: type: string maxItems: 4 readOnly: false title: |- Reverse path service profiles type: array service_segment_path: description: |- Path to service segment using which the traffic needs to be redirected. items: type: string maxItems: 1 minItems: 1 readOnly: false title: |- Path to service segment type: array required: - service_segment_path - forward_path_service_profiles type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- Service chain is a set of network Services. A Service chain is made up of ordered list of service profiles belonging to any same or different services. title: |- Policy Service Chain x-vmw-nsx-module: PolicyServiceInsertion PolicyServiceInstance: allOf: - $ref: '#/definitions/BasePolicyServiceInstance' - properties: attributes: description: |- List of attributes specific to a partner for which the service is created. There attributes are passed on to the partner appliance. items: $ref: '#/definitions/Attribute' maxItems: 128 title: |- Deployment Template attributes type: array compute_id: description: |- Id of the compute(ResourcePool) to which this service needs to be deployed. title: |- Id of the compute resource. type: string context_id: description: |- UUID of VCenter/Compute Manager as seen on NSX Manager, to which this service needs to be deployed. title: |- Id of the compute manager type: string deployment_spec_name: description: |- Form factor for the deployment of partner service. title: |- Name of the Deployment Specification type: string deployment_template_name: description: |- Template for the deployment of partnet service. title: |- Name of the Deployment Template type: string failure_policy: default: BLOCK description: |- Failure policy for the Service VM. If this values is not provided, it will be defaulted to FAIL_CLOSE. enum: - ALLOW - BLOCK title: |- Failure policy for the Service VM type: string primary_gateway_address: description: | Gateway address for primary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided. format: address-or-block-or-range type: string primary_interface_mgmt_ip: description: |- Management IP Address of primary interface of the Service format: address-or-block-or-range type: string primary_interface_network: description: |- Path of the segment to which primary interface of the Service VM needs to be connected title: |- Path of the segment to which primary interface of the Service VM needs to be connected type: string primary_portgroup_id: description: | Id of the standard or ditsributed port group for primary management console. Please note that only 1 of the 2 values from 1. primary_interface_network 2. primary_portgroup_id are allowed to be passed. Both can't be passed in the same request. title: |- Id of the standard or ditsributed port group for primary management console type: string primary_subnet_mask: description: | Subnet for primary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided. format: address-or-block-or-range type: string secondary_gateway_address: description: | Gateway address for secondary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided. format: address-or-block-or-range type: string secondary_interface_mgmt_ip: description: |- Management IP Address of secondary interface of the Service format: address-or-block-or-range type: string secondary_interface_network: description: |- Path of segment to which secondary interface of the Service VM needs to be connected title: |- Path of segment to which secondary interface of the Service VM needs to be connected type: string secondary_portgroup_id: description: | Id of the standard or ditsributed port group for secondary management console. Please note that only 1 of the 2 values from 1. secondary_interface_network 2. secondary_portgroup_id are allowed to be passed. Both can't be passed in the same request. title: |- Id of the standard or ditsributed port group for secondary management console type: string secondary_subnet_mask: description: | Subnet for secondary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided. format: address-or-block-or-range type: string storage_id: description: |- Id of the storage(Datastore). VC moref of Datastore to which this service needs to be deployed. title: |- Id of the storage type: string required: - primary_interface_mgmt_ip - compute_id - deployment_spec_name - deployment_template_name - storage_id - attributes type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Represents an instance of partner Service and its configuration. title: |- Represents an instance of partner Service and its configuration x-vmw-nsx-module: PolicyServiceInsertion PolicyServiceProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: attributes: description: |- List of attributes specific to a partner for which the service is created. These attributes are passed on to the partner appliance and are opaque to NSX. If a vendor template exposes configurable parameters, then their values are specified here. items: $ref: '#/definitions/Attribute' maxItems: 128 readOnly: false title: |- Service profile attributes type: array redirection_action: description: |- The redirection action represents if the packet is exclusively redirected to the service, or if a copy is forwarded to the service. Redirection action is not applicable to guest introspection service. enum: - PUNT - COPY readOnly: false title: |- Redirection action type: string vendor_template_key: description: |- The vendor template key property of actual vendor template. This should be used when multiple templates with same name exist. title: |- Vendor Template Key type: string vendor_template_name: description: |- Name of the vendor template for which this Service Profile is being created. readOnly: false title: |- Vendor template name type: string type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- Service profile represents specialization of a vendor template. User may provide any of the vendor_template_name or vendor_template_key properties. But in case of multiple vendor templates with the same name, it is recommended to use the vendor_template_key. When both attributes are provided, name is ignored and only key is used to identify the template. If there are multiple templates with same name, and vendor_template_name is provided, realization will fail. title: |- Policy Service Profile for a given Service x-vmw-nsx-module: PolicyServiceInsertion PolicySubAttributes: description: |- Policy Sub Attributes data holder properties: datatype: description: |- Datatype for sub attribute enum: - STRING title: |- Datatype for sub attribute type: string key: description: |- Key for sub attribute enum: - TLS_CIPHER_SUITE - TLS_VERSION - CIFS_SMB_VERSION title: |- Key for sub attribute type: string value: description: | Multiple sub attribute values can be specified as elements of array. items: type: string minItems: 1 title: |- Value for sub attribute key type: array uniqueItems: true required: - datatype - value - key title: |- Policy Sub Attributes data holder type: object x-vmw-nsx-module: PolicyContextProfile PolicyTimeIntervalValue: description: |- Time interval on which firewall schedule will be applicable properties: end_interval: description: | Time in 24 hour and minutes in multiple of 30. Example, 17:30. title: |- End time of the interval type: string start_interval: description: | Time in 24 hour and minutes in multiple of 30. Example, 9:00. title: |- Start time of the interval type: string required: - start_interval - end_interval title: |- Time interval on which firewall schedule will be applicable type: object x-vmw-nsx-module: PolicyFirewallScheduler PolicyTransportZone: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: is_default: default: false description: | Flag to indicate if the transport zone is the default one. Only one transport zone can be the default one for a given transport zone type. title: |- Flag to indicate if the transport zone is the default one type: boolean nsx_id: description: |- UUID of transport zone on NSX-T enforcement point. readOnly: true title: |- Transport Zone UUID on NSX-T Enforcement Point type: string tz_type: description: | Transport Zone Type. enum: - OVERLAY_STANDARD - OVERLAY_ENS - VLAN_BACKED - UNKNOWN readOnly: true title: |- Transport Zone Type type: string uplink_teaming_policy_names: description: |- The names of switching uplink teaming policies that all transport nodes in this transport zone support. Uplinkin teaming policies are only valid for VLAN backed transport zones. items: type: string title: |- Names of the switching uplink teaming policies that are supported by this transport zone. type: array type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Transport Zone. title: |- Transport Zone x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyTransportZoneListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Transport Zone list result. items: $ref: '#/definitions/PolicyTransportZone' title: |- Transport Zone List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged Collection of Transport Zone title: |- Paged Collection of Transport Zone x-vmw-nsx-module: PolicyEnforcementPointManagement PolicyUrlCategorizationConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: context_profiles: description: | The ids of the context profiles that provides the list of categories to be detected. items: type: string title: |- Context profiles type: array enabled: description: | Property which specifies the enabling/disabling of the feature. title: |- Enabled type: boolean update_frequency: default: 30 description: | The frequency in minutes at which the updates are downloaded from the URL categorization cloud service. The minimum allowed value is 5 minutes. format: int32 minimum: 5 title: |- Policy URL Categorization Update Frequency type: integer required: - enabled type: object x-vmw-nsx-module: PolicyUrlCategorization description: | The type contains information about the configuration of the feature for a specific node. It contains information like the whether the feature is enabled/disabled, the context profiles defining the category list to detect. title: |- URL categorization entity x-vmw-nsx-module: PolicyUrlCategorization PoolMemberSetting: description: | The setting is used to add, update or remove pool members from pool. For static pool members, admin_state, display_name and weight can be updated. For dynamic pool members, only admin_state can be updated. properties: admin_state: default: ENABLED description: |- Member admin state enum: - ENABLED - DISABLED - GRACEFUL_DISABLED type: string display_name: description: | Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail. title: |- Pool member display name type: string ip_address: description: |- Pool member IP address format: ip type: string port: description: |- Pool member port number format: port-or-range type: string weight: description: | Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail. format: int64 maximum: 255 minimum: 1 title: |- Pool member weight type: integer required: - ip_address title: |- Pool member setting type: object x-vmw-nsx-module: LoadBalancer PortAddressBindingEntry: description: |- Detailed information about static address for the port. properties: ip_address: description: |- IP Address for port binding title: |- IP address type: string mac_address: description: |- Mac address for port binding format: mac-address type: string vlan_id: description: |- VLAN ID for port binding format: int64 type: integer title: |- Address binding information type: object x-vmw-nsx-module: PolicyConnectivity PortAttachment: description: |- Detail information about port attachment properties: allocate_addresses: description: |- Indicate how IP will be allocated for the port enum: - IP_POOL - MAC_POOL - BOTH - NONE title: |- Allocate addresses type: string app_id: description: | ID used to identify/look up a child attachment behind a parent attachment title: |- App Id type: string context_id: description: | If type is CHILD and the parent port is on the same segment as the child port, then this field should be VIF ID of the parent port. If type is CHILD and the parent port is on a different segment, then this field should be policy path of the parent port. If type is INDEPENDENT/STATIC, then this field should be transport node ID. title: |- Context ID based on the type type: string context_type: description: |- Set to PARENT when type field is CHILD. Read only field. enum: - PARENT readOnly: true title: |- Context Type type: string hyperbus_mode: default: DISABLE description: |- Flag to indicate if hyperbus configuration is required. enum: - ENABLE - DISABLE title: |- Hyperbus mode type: string id: description: |- VIF UUID on NSX Manager. If the attachement type is PARENT, this property is required. title: |- Port attachment ID type: string traffic_tag: description: | Not valid when type field is INDEPENDENT, mainly used to identify traffic from different ports in container use case. format: int64 type: integer type: description: |- Type of port attachment. STATIC is added to replace INDEPENDENT. INDEPENDENT type and PARENT type are deprecated. enum: - PARENT - CHILD - INDEPENDENT - STATIC title: |- Attachement type type: string title: |- Attachment information on the port type: object x-vmw-nsx-module: PolicyConnectivity PortDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/DiscoveryProfileBindingMap' - properties: ip_discovery_profile_path: description: |- PolicyPath of associated IP Discovery Profile title: |- IP Discovery Profile Path type: string mac_discovery_profile_path: description: |- PolicyPath of associated Mac Discovery Profile title: |- Mac Discovery Profile Path type: string type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: | This entity will be used to establish association between discovery profile and Port. Using this entity, user can specify intent for applying discovery profile to particular Port. Port here is Logical Port. title: |- Port Discovery Profile binding map x-vmw-nsx-module: PolicyDiscoveryProfileBinding PortDiscoveryProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port Discovery Profile Binding Map list results items: $ref: '#/definitions/PortDiscoveryProfileBindingMap' title: |- Port Discovery Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Paged collection of Port Discovery Profile Binding Maps title: |- Paged collection of Port Discovery Profile Binding Maps x-vmw-nsx-module: PolicyDiscoveryProfileBinding PortMirroringProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: destination_group: description: | Data from source group will be copied to members of destination group. Only IPSET group and group with membership criteria VM is supported. IPSET group allows only three ip's. title: |- Destination group path type: string direction: default: BIDIRECTIONAL description: |- Port mirroring profile direction enum: - INGRESS - EGRESS - BIDIRECTIONAL title: |- Direction type: string encapsulation_type: default: GRE description: |- User can provide Mirror Destination type e.g GRE, ERSPAN_TWO or ERSPAN_THREE.If profile type is REMOTE_L3_SPAN, encapsulation type is used else ignored. enum: - GRE - ERSPAN_TWO - ERSPAN_THREE title: |- Mirror Destination encapsulation type type: string erspan_id: default: 0 description: | Used by physical switch for the mirror traffic forwarding. Must be provided and only effective when encapsulation type is ERSPAN type II or type III. format: int32 maximum: 1023 minimum: 0 title: |- ERSPAN session id type: integer gre_key: default: 0 description: |- User-configurable 32-bit key only for GRE format: int32 minimum: 0 title: |- GRE encapsulation key type: integer profile_type: default: REMOTE_L3_SPAN description: |- Allows user to select type of port mirroring session. enum: - REMOTE_L3_SPAN - LOGICAL_SPAN type: string snap_length: description: | If this property is set, the packet will be truncated to the provided length. If this property is unset, entire packet will be mirrored. format: int32 maximum: 65535 minimum: 60 title: |- Maximum packet length for packet truncation type: integer required: - destination_group type: object x-vmw-nsx-module: PolicyPortMirroring description: |- Mirrors Data from source to destination title: |- Mirrors Data from source to destination x-vmw-nsx-module: PolicyPortMirroring PortMirroringProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port Mirroring Profiles list results items: $ref: '#/definitions/PortMirroringProfile' title: |- Port Mirroring Profiles list results type: array required: - results type: object x-vmw-nsx-module: PolicyPortMirroring description: |- Paged collection of port mirroring profiles title: |- Paged collection of port mirroring profiles x-vmw-nsx-module: PolicyPortMirroring PortMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/MonitoringProfileBindingMap' - properties: ipfix_l2_profile_path: description: |- PolicyPath of associated IPFIX L2 Profile title: |- IPFIX L2 Profile Path type: string port_mirroring_profile_path: description: |- PolicyPath of associated Port Mirroring Profile title: |- Port Mirroring Profile Path type: string type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: | This entity will be used to establish association between monitoring profile and Port. Using this entity, user can specify intent for applying monitoring profile to particular Port. Port here is Segment Port. title: |- Port Monitoring Profile binding map x-vmw-nsx-module: PolicyMonitoringProfileBinding PortMonitoringProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port Monitoring Profile Binding Map list results items: $ref: '#/definitions/PortMonitoringProfileBindingMap' title: |- Port Monitoring Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Paged collection of Port Monitoring Profile Binding Maps title: |- Paged collection of Port Monitoring Profile Binding Maps x-vmw-nsx-module: PolicyMonitoringProfileBinding PortQoSProfileBindingMap: allOf: - $ref: '#/definitions/QoSProfileBindingMap' - properties: qos_profile_path: description: |- PolicyPath of associated QoS Profile title: |- QoS Profile Path type: string type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: | This entity will be used to establish association between qos profile and Port. Using this entity, you can specify intent for applying qos profile to particular Port. Port here is Segment Port. title: |- Port QoS Profile binding map x-vmw-nsx-module: PolicyQoSProfileBinding PortQoSProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port QoS Profile Binding Map list results items: $ref: '#/definitions/PortQoSProfileBindingMap' title: |- Port QoS Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Paged collection of Port QoS Profile Binding Maps title: |- Paged collection of Port QoS Profile Binding Maps x-vmw-nsx-module: PolicyQoSProfileBinding PortSecurityProfileBindingMap: allOf: - $ref: '#/definitions/SecurityProfileBindingMap' - properties: segment_security_profile_path: description: |- The policy path of the asscociated Segment Security profile title: |- Segment Security Profile Path type: string spoofguard_profile_path: description: |- The policy path of the asscociated SpoofGuard profile title: |- SpoofGuard Profile Path type: string type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: | Contains the binding relationship between port and security profile. title: |- Security profile binding map for port x-vmw-nsx-module: PolicySecurityProfileBinding PortSecurityProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Port security profile binding map list results items: $ref: '#/definitions/PortSecurityProfileBindingMap' title: |- Port security profile binding map list results type: array required: - results type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Paged collection of port security profile binding maps title: |- Paged collection of port security profile binding maps x-vmw-nsx-module: PolicySecurityProfileBinding PrefixEntry: description: |- Network prefix entry properties: action: default: PERMIT description: | Action for the prefix list. enum: - PERMIT - DENY title: |- Action for the prefix list type: string ge: description: | Prefix length greater than or equal to. format: int32 maximum: 128 minimum: 1 title: |- Prefix length greater than or equal to type: integer le: description: | Prefix length less than or equal to. format: int32 maximum: 128 minimum: 1 title: |- Prefix length less than or equal to type: integer network: description: | Network prefix in CIDR format. "ANY" matches all networks. title: |- Network prefix in CIDR format type: string required: - network title: |- Network prefix entry type: object x-vmw-nsx-module: PolicyConnectivity PrefixList: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: prefixes: description: | Specify ordered list of network prefixes. items: $ref: '#/definitions/PrefixEntry' minItems: 1 title: |- Ordered list of network prefixes type: array required: - prefixes type: object x-vmw-nsx-module: PolicyConnectivity description: |- A named list of prefixes for routing purposes. title: |- A named list of prefixes for routing purposes x-vmw-nsx-module: PolicyConnectivity PrefixListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- PrefixList results items: $ref: '#/definitions/PrefixList' title: |- PrefixList results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of PrefixLists title: |- Paged collection of PrefixLists x-vmw-nsx-module: PolicyConnectivity ProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: profile_path: description: |- PolicyPath of associated Profile title: |- Profile Path type: string required: - profile_path type: object x-vmw-nsx-module: PolicyProfile description: | This entity will be used to establish association between profile and policy entities. title: |- Policy base profile binding map x-vmw-nsx-module: PolicyProfile PropertyItem: description: |- Represents a label-value pair. properties: condition: description: |- If the condition is met then the property will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string field: description: |- Represents field value of the property. maxLength: 1024 title: |- Field of the Property type: string heading: default: false description: |- Set to true if the field is a heading. Default is false. title: |- If true, represents the field as a heading type: boolean label: $ref: '#/definitions/Label' description: |- If a field represents a heading, then label is not needed title: |- Label of the property navigation: description: |- Hyperlink of the specified UI page that provides details. This will be linked with value of the property. maxLength: 1024 title: |- Navigation to a specified UI page type: string render_configuration: description: |- Render configuration to be applied, if any. items: $ref: '#/definitions/RenderConfiguration' title: |- Render Configuration type: array separator: default: false description: |- If true, separates this property in a widget. title: |- A separator after this property type: boolean type: default: String description: |- Data type of the field. enum: - String - Number - Date - Url maxLength: 255 title: |- field data type type: string required: - field - type title: |- LabelValue Property type: object x-vmw-nsx-module: NsxDashboard QoSBaseRateLimiter: description: |- A Limiter configuration entry that specifies type and metrics discriminator: resource_type properties: enabled: type: boolean resource_type: description: | Type rate limiter enum: - IngressRateLimiter - IngressBroadcastRateLimiter - EgressRateLimiter type: string required: - enabled - resource_type title: |- A Limiter configuration entry that specifies type and metrics type: object x-vmw-nsx-module: PolicyQoS QoSDscp: description: |- Dscp value is ignored in case of 'TRUSTED' DscpTrustMode. properties: mode: description: | When you select the Trusted mode the inner header DSCP value is applied to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic, the outer IP header takes the default value.Untrusted mode is supported on overlay-based and VLAN-based logical port. enum: - TRUSTED - UNTRUSTED type: string priority: default: 0 description: |- Internal Forwarding Priority format: int32 maximum: 63 minimum: 0 title: |- Internal Forwarding Priority type: integer title: |- One of QoS or Encapsulated-Remote-Switched-Port-Analyzer type: object x-vmw-nsx-module: PolicyQoS QoSProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: class_of_service: default: 0 description: | Class of service groups similar types of traffic in the network and each type of traffic is treated as a class with its own level of service priority. The lower priority traffic is slowed down or in some cases dropped to provide better throughput for higher priority traffic. format: int32 maximum: 7 minimum: 0 title: |- Class of service type: integer dscp: $ref: '#/definitions/QoSDscp' shaper_configurations: description: |- Array of Rate limiter configurations to applied on Segment or Port. items: $ref: '#/definitions/QoSBaseRateLimiter' maxItems: 3 minItems: 0 type: array type: object x-vmw-nsx-module: PolicyQoS x-vmw-nsx-module: PolicyQoS QoSProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Base QoS Profile Binding Map title: |- Base QoS Profile Binding Map x-vmw-nsx-module: PolicyQoSProfileBinding QoSProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- QoS profiles list results items: $ref: '#/definitions/QoSProfile' title: |- QoS profiles list results type: array required: - results type: object x-vmw-nsx-module: PolicyQoS description: |- Paged collection of QoS profiles title: |- Paged collection of QoS profiles x-vmw-nsx-module: PolicyQoS RAConfig: properties: hop_limit: default: 64 description: | The maximum number of hops through which packets can pass before being discarded. format: int64 maximum: 255 minimum: 0 title: |- Hop limit type: integer prefix_lifetime: default: 2592000 description: | The time interval in seconds, in which the prefix is advertised as valid. format: int64 maximum: 4294967295 minimum: 0 title: |- Lifetime of prefix type: integer prefix_preferred_time: default: 604800 description: | The time interval in seconds, in which the prefix is advertised as preferred. format: int64 maximum: 4294967295 minimum: 0 title: |- Prefix preferred time type: integer ra_interval: default: 600 description: | Interval between 2 Router advertisement in seconds. format: int64 maximum: 1800 minimum: 4 title: |- RA interval type: integer router_lifetime: default: 1800 description: | Router lifetime value in seconds. A value of 0 indicates the router is not a default router for the receiving end. Any other value in this field specifies the lifetime, in seconds, associated with this router as a default router. format: int64 maximum: 65520 minimum: 0 title: |- Lifetime of router type: integer type: object x-vmw-nsx-module: Routing RaDNSConfig: properties: dns_server: description: | DNS server. items: description: |- IPv6 address format: ipv6 type: string maxItems: 8 title: |- DNS server type: array dns_server_lifetime: default: 1800000 description: |- Lifetime of DNS server in milliseconds format: int64 maximum: 4294967295 minimum: 0 title: |- Lifetime of DNS server in milliseconds type: integer domain_name: description: | Domain name in RA message. items: type: string maxItems: 8 title: |- Domain name type: array domain_name_lifetime: default: 1800000 description: |- Lifetime of Domain names in milliseconds format: int64 maximum: 4294967295 minimum: 0 title: |- Lifetime of Domain names in milliseconds type: integer type: object x-vmw-nsx-module: Routing Reaction: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: actions: description: | Actions that need to be taken when the events occur. These actions must appear in the order that they need to be taken in. This field can be interpreted as the HOW of the Reaction, or simply as "Then That". items: $ref: '#/definitions/Action' maxItems: 1 minItems: 1 title: |- Reaction Actions type: array events: description: | Events that provide contextual variables about what the reaction should react to. This field can be interpreted as the WHAT of the Reaction, or simply as "If This" Clause. items: $ref: '#/definitions/Event' maxItems: 1 minItems: 1 title: |- Reaction Events type: array required: - events - actions type: object x-vmw-nsx-module: PolicyReaction description: | Reaction represents a programmable entity which encapsulates the events and the actions in response to the events, or simply "If This Then That". title: |- Reaction x-vmw-nsx-module: PolicyReaction RealizedVirtualMachine: allOf: - $ref: '#/definitions/PolicyRealizedResource' - properties: compute_ids: description: |- List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] items: type: string readOnly: true title: |- List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] type: array host_id: description: |- Id of the host on which the vm exists. readOnly: true title: |- Id of the host on which the vm exists. type: string local_id_on_host: description: |- Id of the vm unique within the host. readOnly: true title: |- Id of the vm unique within the host. type: string power_state: description: |- Current power state of this virtual machine in the system. enum: - VM_RUNNING - VM_STOPPED - VM_SUSPENDED - UNKNOWN readOnly: true title: |- Current power state of this virtual machine in the system. type: string type: object x-vmw-nsx-module: PolicyRealizedState description: |- Realized Virtual Machine title: |- Realized Virtual Machine x-vmw-nsx-module: PolicyRealizedState RealizedVirtualMachineListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of VMs items: $ref: '#/definitions/RealizedVirtualMachine' title: Virtual machine list result title: |- Paged Collection of VMs type: array type: object x-vmw-nsx-module: PolicyGroupStatistics x-vmw-nsx-module: PolicyGroupStatistics RedirectionPolicy: allOf: - $ref: '#/definitions/Policy' - properties: north_south: description: | This is the read only flag which will state the direction of this | redirection policy. True denotes that it is NORTH-SOUTH and false | value means it is an EAST-WEST redirection policy. readOnly: true title: |- Flag to denote whether it is north south policy type: boolean redirect_to: description: | Paths to which traffic will be redirected to. As of now, only 1 is | supported. Paths allowed are | 1. Policy Service Instance | 2. Service Instance Endpoint | 3. Virtual Endpoint | 4. Policy Service Chain items: type: string maxItems: 1 title: |- List of redirect to target paths type: array rules: description: | Redirection rules that are a part of this RedirectionPolicy. At max, there can be 1000 rules in a given RedirectPolicy. items: $ref: '#/definitions/RedirectionRule' maxItems: 1000 title: |- Redirection rules that are a part of this RedirectionPolicy type: array type: object x-vmw-nsx-module: PolicyServiceInsertion description: | Ordered list of rules long with the path of PolicyServiceInstance to which the traffic needs to be redirected. | Please note that the scope property must be provided for NS redirection | policy if redirect to is a service chain. For NS, when redirect to is not | to the service chain, and scope is specified on RedirectionPolicy, it | will be ignored. The scope will be determined from redirect to path | instead. For EW policy, scope must not be supplied in the request. | Path to either Tier0 or Tier1 is allowed as the scope. Only 1 path | can be specified as a scope. | Also, note that, if stateful flag is not sent, it will be treated as true. If statelessness is intended, false must be sent explicitly as the value | for stateful field. title: | Contains ordered list of rules and path to PolicyServiceInstance x-vmw-nsx-module: PolicyServiceInsertion RedirectionRule: allOf: - $ref: '#/definitions/BaseRule' - properties: action: description: | The action to be applied to all the services enum: - REDIRECT - DO_NOT_REDIRECT title: |- Action type: string type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- It define redirection rule for service insertion title: |- It define redirection rule for service insertion x-vmw-nsx-module: PolicyServiceInsertion RegistrationToken: description: |- Appliance registration access token properties: roles: description: |- List results items: type: string title: |- List results type: array token: description: |- Access token title: |- Access token type: string user: description: |- User delegated by token title: |- User delegated by token type: string required: - roles title: |- Appliance registration access token type: object x-vmw-nsx-module: RegistrationTokenEndPoint RelatedApiError: description: |- Detailed information about a related API error properties: details: description: |- Further details about the error title: |- Further details about the error type: string error_code: description: |- A numeric error code format: int64 title: |- A numeric error code type: integer error_data: description: |- Additional data about the error title: |- Additional data about the error type: object error_message: description: |- A description of the error title: |- A description of the error type: string module_name: description: |- The module name where the error occurred title: |- The module name where the error occurred type: string title: |- Detailed information about a related API error type: object x-vmw-nsx-module: Common RelatedAttribute: description: | Related attribute on the target resource for conditional constraints based on related attribute value. Example - destinationGroups/service/action is related attribute of sourceGroups in communcation entry. properties: attribute: description: |- Related attribute name on the target entity. title: |- Related attribute name on the target entity. type: string required: - attribute title: |- Related attribute details. type: object x-vmw-nsx-module: PolicyConstraints RelatedAttributeConditionalExpression: allOf: - $ref: '#/definitions/ConstraintExpression' - properties: condition: $ref: '#/definitions/ConditionalValueConstraintExpression' description: | Conditional value expression for target based on realted attribute value. title: |- Conditiona value constraint expression. related_attribute: $ref: '#/definitions/RelatedAttribute' description: |- Related attribute. title: |- Related attribute. required: - related_attribute - condition type: object x-vmw-nsx-module: PolicyConstraints description: | Represents the leaf level type expression to express constraint as value of realted attribute to the target. Example - Constraint traget attribute 'X' (example in Constraint), if destinationGroups contains 'vCeneter' then allow only values "HTTPS", "HTTP" for attribute X. { "target":{ "target_resource_type":"CommunicationEntry", "attribute":"services", "path_prefix": "/infra/domains/{{DOMAIN}}/edge-communication-maps/default/communication-entries/" }, "constraint_expression": { "resource_type": "RelatedAttributeConditionalExpression", "related_attribute":{ "attribute":"destinationGroups" }, "condition" : { "operator":"INCLUDES", "rhs_value": ["/infra/domains/mgw/groups/VCENTER"], "value_constraint": { "resource_type": "ValueConstraintExpression", "operator":"INCLUDES", "values":["/infra/services/HTTP", "/infra/services/HTTPS"] } } } } title: | Represents the leaf level type expression to express constraint as value of realted attribute to the target. Uses ConditionalValueConstraintExpression to constrain the target value based on the related attribute value on the same resource. x-vmw-nsx-module: PolicyConstraints RemoteFileServer: description: |- Remote file server properties: directory_path: description: |- Remote server directory to copy bundle files to title: |- Remote server directory to copy bundle files to type: string port: default: 22 description: |- Server port format: int64 maximum: 65535 minimum: 1 title: |- Server port type: integer protocol: $ref: '#/definitions/FileTransferProtocol' description: |- Protocol to use to copy file title: |- Protocol to use to copy file server: description: |- Remote server hostname or IP address format: hostname-or-ip title: |- Remote server hostname or IP address type: string required: - directory_path - protocol - server title: |- Remote file server type: object x-vmw-nsx-module: BackupConfiguration RemoteServerFingerprint: description: |- Remote server properties: port: default: 22 description: |- Server port format: int64 maximum: 65535 minimum: 1 title: |- Server port type: integer server: description: |- Remote server hostname or IP address format: hostname-or-ip title: |- Remote server hostname or IP address type: string ssh_fingerprint: description: |- SSH fingerprint of server title: |- SSH fingerprint of server type: string required: - ssh_fingerprint - server title: |- Remote server type: object x-vmw-nsx-module: BackupConfiguration RemoteServerFingerprintRequest: description: |- Remote server properties: port: default: 22 description: |- Server port format: int64 maximum: 65535 minimum: 1 title: |- Server port type: integer server: description: |- Remote server hostname or IP address format: hostname-or-ip title: |- Remote server hostname or IP address type: string required: - server title: |- Remote server type: object x-vmw-nsx-module: BackupConfiguration RenderConfiguration: description: |- Render configuration to be applied to the widget. properties: color: description: |- The color to use when rendering an entity. For example, set color as 'RED' to render a portion of donut in red. enum: - GREY - DARK_GREY - LIGHT_GREY - SKY_BLUE - BLUE - GREEN - YELLOW - RED - DARK_RED title: |- Color of the entity type: string condition: description: |- If the condition is met then the rendering specified for the condition will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string display_value: description: |- If specified, overrides the field value. This can be used to display a meaningful value in situations where field value is not available or not configured. maxLength: 255 title: |- Overridden value to display, if any type: string icons: description: |- Icons to be applied at dashboard for widgets and UI elements. items: $ref: '#/definitions/Icon' minItems: 0 title: |- Icons type: array tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the UI element if the condition is met. items: $ref: '#/definitions/Tooltip' minItems: 0 title: |- Multi-line tooltip type: array title: |- Render Configuration type: object x-vmw-nsx-module: NsxDashboard Resource: description: |- Base class for resources properties: _links: description: |- The server will populate this field when returing the resource. Ignored on PUT and POST. items: $ref: '#/definitions/ResourceLink' readOnly: true title: |- References related to this resource type: array _schema: description: |- Schema for this resource readOnly: true title: |- Schema for this resource type: string _self: $ref: '#/definitions/SelfResourceLink' description: |- Link to this resource readOnly: true title: |- Link to this resource title: |- Base class for resources type: object x-vmw-nsx-module: Common ResourceFieldPointer: description: |- Resource Field Pointer representing the exact value within a policy object. properties: field_pointer: description: |- Field Pointer referencing the exact field within the policy object. title: |- Field Pointer type: string path: description: | Policy Path referencing a policy object. If not supplied, the field pointer will be applied to the event source. title: |- Resource Path type: string required: - field_pointer title: |- Resource Field Pointer type: object x-vmw-nsx-module: PolicyReaction ResourceInfo: description: | It represents the resource information which could identify resource. properties: resource_ids: description: | It will represent resource identifiers. For example, policy objects will be represented with paths and virtual machine will be represented with external ids. items: type: string title: |- Resource identifiers type: array resource_type: description: | It will represent resource type on which tag bulk operation to be performed. Supported resource type is VirtualMachine. title: |- Resource type type: string required: - resource_ids - resource_type title: |- Represents resources information type: object x-vmw-nsx-module: PolicyTag ResourceInfoListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Resource info list results items: $ref: '#/definitions/PolicyFineTuningResourceInfo' title: |- Resource info list results type: array required: - results type: object x-vmw-nsx-module: PolicyFineTuning description: |- Collection of resource info objects title: |- Collection of resource info objects x-vmw-nsx-module: PolicyFineTuning ResourceLink: description: |- A link to a related resource properties: action: description: |- Optional action readOnly: true title: |- Optional action type: string href: description: |- Link to resource readOnly: true title: |- Link to resource type: string rel: description: |- Custom relation type (follows RFC 5988 where appropriate definitions exist) readOnly: true title: |- Link relation type type: string title: |- A link to a related resource type: object x-vmw-nsx-module: Common ResourceOperation: allOf: - $ref: '#/definitions/Source' - properties: operation_types: description: |- Operation types. items: description: | Resource Operation Type represents a change in state of a resource with regard to the interaction with DAO layer: POST_CREATE: post-create change event. POST_UPDATE: post-update change event. PRE_DELETE: pre-delete change event. enum: - POST_CREATE - POST_UPDATE - PRE_DELETE type: string minItems: 1 title: |- Operation Types type: array resource_pointer: description: | Regex path representing a regex expression on resources. This regex is used to identify the object(s) that is/are the source of the Event. For instance: specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question. title: |- Resource Pointer type: string required: - resource_pointer - operation_types type: object x-vmw-nsx-module: PolicyReaction description: | Resource Operation is an Event Source that represents a resource that is being changed at very specific points of time, with regard to its interaction with dao layer. title: |- Resource Operation x-vmw-nsx-module: PolicyReaction ResourceReference: description: |- A weak reference to an NSX resource. properties: is_valid: description: |- Will be set to false if the referenced NSX resource has been deleted. readOnly: true title: |- Target validity type: boolean target_display_name: description: |- Display name of the NSX resource. maxLength: 255 readOnly: true title: |- Target display name type: string target_id: description: |- Identifier of the NSX resource. maxLength: 64 readOnly: false title: |- Target ID type: string target_type: description: |- Type of the NSX resource. maxLength: 255 readOnly: false title: |- Target type type: string type: object x-vmw-nsx-module: Common ResourceTagStatus: description: | It represents tag operation status for a resource and details of the failure if any. properties: details: description: |- Details about the error if any title: |- Details about the error if any type: string resource_display_name: description: |- Resource display name title: |- Resource display name type: string resource_id: description: |- Resource id title: |- Resource id type: string tag_status: description: |- Status of tag apply or remove operation enum: - Success - Error title: |- Status of tag apply or remove operation type: string required: - tag_status - resource_id title: |- Tag operation status for a resource type: object x-vmw-nsx-module: PolicyTag ResourceTypeTagStatus: description: | Tag operation status for particular resource type and resource ids. properties: resource_tag_status: description: | List of resources on which tag needs to be applied items: $ref: '#/definitions/ResourceTagStatus' title: |- List of resources on which tag needs to be applied type: array resource_type: description: |- Resource type title: |- Resource type type: string required: - resource_type title: |- Tag operation status for particular resource type and resource ids. type: object x-vmw-nsx-module: PolicyTag RestoreStep: description: |- Restore step info properties: description: description: |- Restore step description readOnly: true title: |- Restore step description type: string status: $ref: '#/definitions/PerStepRestoreStatus' step_number: description: |- Restore step number format: int64 readOnly: true title: |- Restore step number type: integer value: description: |- Restore step value readOnly: true title: |- Restore step value type: string title: |- Restore step info type: object x-vmw-nsx-module: ClusterRestore RevisionedResource: allOf: - $ref: '#/definitions/Resource' - properties: _revision: description: |- The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. format: int32 title: |- Generation of this resource config type: integer type: object x-vmw-nsx-module: Common description: |- A base class for types that track revisions title: |- A base class for types that track revisions x-vmw-nsx-module: Common Role: description: |- Role properties: role: description: |- Short identifier for the role. Must be all lower case with no spaces. title: |- Role identifier type: string role_display_name: description: |- A short, human-friendly display name of the role. title: |- Display name for role type: string required: - role title: |- Role type: object x-vmw-nsx-module: AAA RoleBinding: allOf: - $ref: '#/definitions/ManagedResource' - properties: identity_source_id: description: |- The ID of the external identity source that holds the referenced external entity. Currently, only external LDAP servers are allowed. title: |- ID of the external identity source type: string identity_source_type: default: VIDM description: |- Identity source type enum: - VIDM - LDAP title: |- Identity source type type: string name: description: |- User/Group's name readOnly: true title: |- User/Group's name type: string roles: description: |- Roles items: $ref: '#/definitions/Role' readOnly: true title: |- Roles type: array stale: description: |- Property 'stale' can be considered to have these values - absent - This type of rolebinding does not support stale property TRUE - Rolebinding is stale in vIDM meaning the user is no longer present in vIDM FALSE - Rolebinding is available in vIDM UNKNOWN - Rolebinding's state of staleness in unknown Once rolebindings become stale, they can be deleted using the API POST /aaa/role-bindings?action=delete_stale_bindings enum: - 'TRUE' - 'FALSE' - UNKNOWN readOnly: true title: |- Stale in vIDM type: string type: description: |- Type enum: - remote_user - remote_group - local_user - principal_identity readOnly: true title: |- Type type: string type: object x-vmw-nsx-module: AAA description: |- User/Group's role binding title: |- User/Group's role binding x-vmw-nsx-module: AAA RoleBindingListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/RoleBinding' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA RoleListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/Role' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA RoleWithFeatures: allOf: - $ref: '#/definitions/ManagedResource' - properties: features: description: |- Features items: $ref: '#/definitions/FeaturePermission' title: |- Features type: array role: description: |- Short identifier for the role. Must be all lower case with no spaces. readOnly: true title: |- Role identifier type: string required: - features type: object x-vmw-nsx-module: AAA description: |- Role title: |- Role x-vmw-nsx-module: AAA RoleWithFeaturesListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/RoleWithFeatures' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA RouteAdvertisementRule: description: |- Route advertisement rules and filtering properties: action: default: PERMIT description: | Action to advertise filtered routes to the connected Tier0 gateway. PERMIT: Enables the advertisment DENY: Disables the advertisement enum: - PERMIT - DENY title: |- Action to advertise routes type: string name: description: | Display name should be unique. title: |- Display name for rule type: string prefix_operator: default: GE description: | Prefix operator to filter subnets. GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured. EQ prefix operator filter all the routes with prefix length equal to the subnets configured. enum: - GE - EQ title: |- Prefix operator to match subnets type: string route_advertisement_types: description: | Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised. items: description: | Control routes advertised by Tier-1 instance. TIER1_STATIC_ROUTES: Advertise all STATIC routes. TIER1_CONNECTED: Advertise all subnets configured on connected Interfaces and Segments. TIER1_NAT: Advertise all NAT IP addresses. TIER1_LB_VIP: Advertise all Load-balancer VIPs. TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses. TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets. enum: - TIER1_STATIC_ROUTES - TIER1_CONNECTED - TIER1_NAT - TIER1_LB_VIP - TIER1_LB_SNAT - TIER1_DNS_FORWARDER_IP - TIER1_IPSEC_LOCAL_ENDPOINT type: string title: |- Enable different types of route advertisements type: array subnets: description: | Network CIDRs to be routed. items: format: ip-cidr-block type: string title: |- Network CIDRs type: array required: - action - name title: |- Route advertisement rules and filtering type: object x-vmw-nsx-module: PolicyConnectivity RouteAggregationEntry: description: |- List of routes to be aggregated properties: prefix: description: |- CIDR of aggregate address format: ip-cidr-block title: |- CIDR of aggregate address type: string summary_only: default: true description: | Send only summarized route. Summarization reduces number of routes advertised by representing multiple related routes with prefix property. title: |- Send only summarized route type: boolean required: - prefix title: |- List of routes to be aggregated type: object x-vmw-nsx-module: PolicyConnectivity RouteBasedIPSecVpnSession: allOf: - $ref: '#/definitions/IPSecVpnSession' - properties: force_whitelisting: default: false description: | If true the default firewall rule Action is set to DROP, otherwise set to ALLOW. This filed is deprecated and recommended to change Rule action filed. Note that this filed is not synchornied with default rule field. title: |- Flag to add default whitelisting Gateway Policy rule for the VTI interface. type: boolean x-deprecated: true tunnel_interfaces: description: |- IP Tunnel interfaces. items: $ref: '#/definitions/IPSecVpnTunnelInterface' maxItems: 1 minItems: 1 title: |- IP Tunnel interfaces type: array required: - tunnel_interfaces type: object x-vmw-nsx-module: PolicyIPSecVpn description: |- A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site. title: |- Route based VPN session x-vmw-nsx-module: PolicyIPSecVpn RouteBasedL3VpnSession: allOf: - $ref: '#/definitions/L3VpnSession' - properties: default_rule_logging: default: false description: | Indicates if logging should be enabled for the default whitelisting rule for the VTI interface. title: |- Enable logging for whitelisted rule for the VTI interface type: boolean force_whitelisting: default: false description: | The default firewall rule Action is set to DROP if true otherwise set to ALLOW. title: |- Flag to add default whitelisting FW rule for the VTI interface. type: boolean routing_config_path: description: | This is a deprecated field. Any specified value is not saved and will be ignored. title: |- Routing configuration policy path type: string x-deprecated: true tunnel_subnets: description: | Virtual tunnel interface (VTI) port IP subnets to be used to configure route-based L3Vpn session. A max of one tunnel subnet is allowed. items: $ref: '#/definitions/TunnelSubnet' maxItems: 1 minItems: 1 title: |- Virtual Tunnel Interface (VTI) IP subnets type: array uniqueItems: true required: - tunnel_subnets type: object x-vmw-nsx-module: PolicyL3Vpn description: | A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn. title: |- Route based L3Vpn Session x-vmw-nsx-module: PolicyL3Vpn RouteDetails: description: |- BGP route details. properties: as_path: description: |- BGP AS path attribute. readOnly: true title: |- AS path type: string local_pref: description: |- BGP Local Preference attribute. format: int64 readOnly: true title: |- Local preference type: integer med: description: |- BGP Multi Exit Discriminator attribute. format: int64 readOnly: true title: |- Multi Exit Discriminator type: integer network: description: |- CIDR network address. format: ip-cidr-block readOnly: true type: string next_hop: description: |- Next hop IP address. format: ip readOnly: true type: string weight: description: |- BGP Weight attribute. format: int64 readOnly: true title: |- Weight type: integer title: |- BGP route details type: object x-vmw-nsx-module: AggSvcLogicalRouter RouteMapEntry: description: |- Route map entry properties: action: description: | Action for the route map entry enum: - PERMIT - DENY title: |- Action for the route map entry type: string community_list_matches: description: | Community list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry. items: $ref: '#/definitions/CommunityMatchCriteria' title: |- Community list match criteria type: array prefix_list_matches: description: | Prefix list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry. items: type: string maxItems: 500 title: |- Prefix list match criteria type: array set: $ref: '#/definitions/RouteMapEntrySet' description: | Set criteria for route map entry title: |- Set criteria for route map entry required: - action title: |- Route map entry type: object x-vmw-nsx-module: PolicyConnectivity RouteMapEntrySet: description: |- Set criteria for route map entry properties: as_path_prepend: description: | AS path prepend to influence route selection. title: |- AS path prepend to influence route selection type: string community: description: | Set BGP regular or large community for matching routes. A maximum of one value for each community type separated by space. Well-known community name, community value in aa:nn (2byte:2byte) format for regular community and community value in aa:bb:nn (4byte:4byte:4byte) format for large community are supported. title: |- Set BGP community type: string local_preference: default: 100 description: | Local preference indicates the degree of preference for one BGP route over other BGP routes. The path with highest local preference is preferred. format: int64 maximum: 4294967295 title: |- Local preference to set for matching BGP routes type: integer med: description: | Multi exit descriminator (MED) is a hint to BGP neighbors about the preferred path into an autonomous system (AS) that has multiple entry points. A lower MED value is preferred over a higher value. format: int32 maximum: 4294967295 minimum: 0 title: |- Multi exit descriminator type: integer prefer_global_v6_next_hop: description: | For incoming and import route_maps on receiving both v6 global and v6 link-local address for the route, prefer to use the global address as the next hop. By default, it prefers the link-local next hop. title: |- Prefer global v6 next hop over local next hop type: boolean weight: description: | Weight is used to select a route when multiple routes are available to the same network. Route with the highest weight is preferred. format: int32 maximum: 65535 minimum: 0 title: |- Weight used to select certain path type: integer title: |- Set criteria for route map entry type: object x-vmw-nsx-module: PolicyConnectivity RouterNexthop: description: |- Next hop configuration for network properties: admin_distance: default: 1 description: |- Cost associated with next hop route format: int32 maximum: 255 minimum: 1 title: |- Cost associated with next hop route type: integer ip_address: description: |- Next hop gateway IP address format: ip type: string scope: description: | Interface path associated with current route. For example: specify a policy path referencing the IPSec VPN Session. items: type: string maxItems: 1 minItems: 1 title: |- Interface path associated with current route type: array title: |- Next hop configuration for network type: object x-vmw-nsx-module: PolicyConnectivity RoutesPerTransportNode: description: |- BGP routes per transport node. properties: routes: description: | Array of BGP neighbor route details for this transport node. items: $ref: '#/definitions/RouteDetails' readOnly: true title: |- BGP neighbor route details type: array source_address: description: |- BGP neighbor source address. format: ip readOnly: true type: string transport_node_id: description: |- Transport node id readOnly: true title: |- Transport node id type: string title: |- Routes per transport node type: object x-vmw-nsx-module: AggSvcLogicalRouter RoutingEntry: description: | Routing table entry. properties: admin_distance: description: | Admin distance. format: int32 readOnly: true title: |- Admin distance type: integer interface: description: |- The policy path of the interface which is used as the next hop title: |- The policy path of the interface which is used as the next hop type: string lr_component_id: description: |- Logical router component(Service Router/Distributed Router) id title: |- Logical router component(Service Router/Distributed Router) id type: string lr_component_type: description: |- Logical router component(Service Router/Distributed Router) type title: |- Logical router component(Service Router/Distributed Router) type type: string network: description: | Network CIDR. readOnly: true title: |- Network CIDR type: string next_hop: description: | Next hop address. format: ip readOnly: true type: string route_type: description: | Network address CIDR. readOnly: true title: |- Route type (USER, CONNECTED, NSX_INTERNAL,..) type: string title: |- Routing table entry type: object x-vmw-nsx-module: PolicyConnectivityStatistics RoutingTable: description: | Routing table. properties: count: description: |- Entry count. format: int32 readOnly: true title: |- Entry count type: integer edge_node: description: | Transport node ID. readOnly: true title: |- Transport node ID type: string route_entries: description: |- Route entries. items: $ref: '#/definitions/RoutingEntry' title: |- Route entries type: array required: - route_entries title: |- Routing table type: object x-vmw-nsx-module: PolicyConnectivityStatistics RoutingTableListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Paged Collection of Routes per transport node ID. items: $ref: '#/definitions/RoutingTable' title: Routing table title: |- Paged Collection of Routes per transport node ID type: array type: object x-vmw-nsx-module: PolicyConnectivityStatistics x-vmw-nsx-module: PolicyConnectivityStatistics RowListField: description: |- Root of the api result set for forming rows. properties: alias: description: |- Short name or alias of row list field, if any. If unspecified, the row list field can be referenced by its index in the array of row list fields as $ (for example, $0). maxLength: 255 title: |- Alias Name type: string path: description: |- JSON path to the root of the api result set for forming rows. maxLength: 1024 title: |- JSON path type: string required: - path title: |- List of fields from which rows are formed type: object x-vmw-nsx-module: NsxDashboard Rule: allOf: - $ref: '#/definitions/BaseRule' - properties: action: description: | The action to be applied to all the services enum: - ALLOW - DROP - REJECT title: |- Action type: string type: object x-vmw-nsx-module: Policy description: |- A rule indicates the action to be performed for various types of traffic flowing between workload groups. title: |- A rule specifies the security policy rule between the workload groups x-vmw-nsx-module: Policy RuleListResult: allOf: - $ref: '#/definitions/BaseRuleListResult' - properties: results: description: |- Rule list results items: $ref: '#/definitions/Rule' title: |- Rule list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Rules title: |- Paged Collection of Rules x-vmw-nsx-module: Policy RuleStatistics: allOf: - $ref: '#/definitions/Resource' - properties: byte_count: description: | Aggregated number of bytes processed by the rule. format: int64 readOnly: true title: |- Bytes count type: integer hit_count: description: |- Aggregated number of hits received by the rule. format: int64 readOnly: true title: |- Hits count type: integer internal_rule_id: description: | Realized id of the rule on NSX MP. Policy Manager can create more than one rule per policy rule, in which case this identifier helps to distinguish between the multple rules created. readOnly: true title: |- NSX internal rule id type: string lr_path: description: |- Path of the LR on which the section is applied in case of Edge FW. readOnly: true title: |- Logical Router (Tier-0/Tier1) path type: string max_popularity_index: description: | Maximum value of popularity index of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. format: int64 readOnly: true title: |- The maximum popularity index type: integer max_session_count: description: | Maximum value of sessions count of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. format: int64 readOnly: true title: |- Maximum Sessions count type: integer packet_count: description: | Aggregated number of packets processed by the rule. format: int64 readOnly: true title: |- Packets count type: integer popularity_index: description: |- This is calculated by sessions count divided by age of the rule. format: int64 readOnly: true title: |- The index of the popularity of rule type: integer rule: description: |- Path of the rule. readOnly: true title: |- Rule path type: string session_count: description: | Aggregated number of sessions processed by the rule. format: int64 readOnly: true title: |- sessions count type: integer total_session_count: description: | Aggregated number of sessions processed by all the rules This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. format: int64 readOnly: true title: |- Total Sessions count type: integer type: object x-vmw-nsx-module: Policy x-vmw-nsx-module: Policy RuleStatisticsForEnforcementPoint: description: |- Rule statistics for a specfic enforcement point. properties: enforcement_point: description: |- Rule statistics for a single enforcement point readOnly: true title: |- Enforcement point path type: string statistics: $ref: '#/definitions/RuleStatistics' description: |- Statistics for the specified enforcement point readOnly: true title: |- Rule Statistics title: |- Rule statistics for an enforcement point type: object x-vmw-nsx-module: Policy RuleStatisticsListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- RuleStatistics list results items: $ref: '#/definitions/RuleStatisticsForEnforcementPoint' title: |- RuleStatistics list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of rule statistics title: |- Paged Collection of rule statistics x-vmw-nsx-module: Policy SearchResponse: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List of records matching the search query. items: type: object readOnly: true title: |- Search results type: array type: object x-vmw-nsx-module: Search description: |- Search response title: |- SearchResponse x-vmw-nsx-module: Search SecurityPolicy: allOf: - $ref: '#/definitions/Policy' - properties: connectivity_strategy: description: | This field indicates the default connectivity policy for the security policy. Based on the connectivitiy strategy, a default rule for this security policy will be created. An appropriate action will be set on the rule based on the value of the connectivity strategy. If NONE is selected or no connectivity strategy is specified, then no default rule for the security policy gets created. The default rule that gets created will be a any-any rule and applied to entities specified in the scope of the security policy. Specifying the connectivity_strategy without specifying the scope is not allowed. The scope has to be a Group and one cannot specify IPAddress directly in the group that is used as scope. This default rule is only applicable for the Layer3 security policies. WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rule is created. enum: - WHITELIST - BLACKLIST - WHITELIST_ENABLE_LOGGING - BLACKLIST_ENABLE_LOGGING - NONE title: |- Connectivity strategy applicable for this SecurityPolicy type: string default_rule_id: description: | Based on the value of the connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule. format: int64 readOnly: true title: |- Default rule ID associated with the connectivity_strategy type: integer rules: description: |- Rules that are a part of this SecurityPolicy items: $ref: '#/definitions/Rule' title: |- Rules that are a part of this SecurityPolicy type: array type: object x-vmw-nsx-module: Policy description: | Ordered list of Rules. title: |- Contains ordered list of Rules x-vmw-nsx-module: Policy SecurityPolicyListResult: allOf: - $ref: '#/definitions/PolicyListResult' - properties: results: description: |- SecurityPolicy list results items: $ref: '#/definitions/SecurityPolicy' title: |- SecurityPolicy list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of security policies title: |- Paged Collection of security policies x-vmw-nsx-module: Policy SecurityPolicyStatistics: description: | Aggregate statistics of all the rules in a security policy. properties: internal_section_id: description: | Realized id of the section on NSX MP. Policy Manager can create more than one section per SecurityPolicy, in which case this identifier helps to distinguish between the multiple sections created. readOnly: true title: |- NSX internal section id type: string lr_path: description: | Path of the LR on which the section is applied in case of Gateway Firewall. readOnly: true title: |- Logical Router (Tier-0/Tier1) path type: string result_count: description: |- Total count for rule statistics format: int64 readOnly: true title: |- Rule stats count type: integer results: description: |- List of rule statistics. items: $ref: '#/definitions/RuleStatistics' maxItems: 1000 readOnly: true title: |- Statistics for all rules type: array title: |- Security policy statistics type: object x-vmw-nsx-module: Policy SecurityPolicyStatisticsForEnforcementPoint: description: | Aggregate statistics of all the rules in a security policy for a specific enforcement point. properties: enforcement_point: description: |- Enforcement point to fetch the statistics from. readOnly: true title: |- Enforcement point path type: string statistics: $ref: '#/definitions/SecurityPolicyStatistics' description: |- Statistics for the specified enforcement point readOnly: true title: |- Security Policy Statistics title: |- Security policy statistics for an enforcement point type: object x-vmw-nsx-module: Policy SecurityPolicyStatisticsListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Security Policy statistics list results items: $ref: '#/definitions/SecurityPolicyStatisticsForEnforcementPoint' title: |- Security Policy statistics list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Security Policy statistics title: |- Paged Collection of Security Policy statistics x-vmw-nsx-module: Policy SecurityProfileBindingMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Base security profile binding map title: |- Base security profile binding map x-vmw-nsx-module: PolicySecurityProfileBinding Segment: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: address_bindings: description: |- Static address binding used for the Segment. items: $ref: '#/definitions/PortAddressBindingEntry' maxItems: 512 title: |- Address bindings for the Segment type: array admin_state: default: UP description: |- Represents Desired state of the Segment enum: - UP - DOWN title: |- Represents Desired state of the Segment type: string advanced_config: $ref: '#/definitions/SegmentAdvancedConfig' description: | Advanced configuration for Segment. title: |- Advanced configuration for Segment bridge_profiles: description: |- Multiple distinct L2 bridge profiles can be configured. items: $ref: '#/definitions/BridgeProfileConfig' title: |- Bridge Profile Configuration type: array connectivity_path: description: | Policy path to the connecting Tier-0 or Tier-1. Valid only for segments created under Infra. title: |- Policy path to the connecting Tier-0 or Tier-1 type: string dhcp_config_path: description: | Policy path to DHCP server or relay configuration to use for all IPv4 & IPv6 subnets configured on this segment. title: |- Policy path to DHCP configuration type: string domain_name: description: |- DNS domain name title: |- DNS domain name type: string extra_configs: description: | This property could be used for vendor specific configuration in key value string pairs, the setting in extra_configs will be automatically inheritted by segment ports in the Segment. items: $ref: '#/definitions/SegmentExtraConfig' title: |- Extra configs on Segment type: array federation_config: $ref: '#/definitions/FederationConnectivityConfig' description: |- Additional config for federation. readOnly: true title: |- Federation releated config l2_extension: $ref: '#/definitions/L2Extension' description: |- Configuration for extending Segment through L2 VPN title: |- Configuration for extending Segment through L2 VPN ls_id: description: | This property is deprecated. The property will continue to work as expected for existing segments. The segments that are newly created with ls_id will be ignored. Sepcify pre-creted logical switch id for Segment. title: |- Pre-created logical switch id for Segment type: string x-deprecated: true mac_pool_id: description: |- Mac pool id that associated with a Segment. title: |- Allocation mac pool associated with the Segment type: string metadata_proxy_paths: description: |- Policy path to metadata proxy configuration. Multiple distinct MD proxies can be configured. items: type: string title: |- Metadata Proxy Configuration Paths type: array overlay_id: description: | Used for overlay connectivity of segments. The overlay_id should be allocated from the pool as definied by enforcement-point. If not provided, it is auto-allocated from the default pool on the enforcement-point. format: int32 maximum: 2147483647 minimum: 0 title: |- Overlay connectivity ID for this Segment type: integer replication_mode: default: MTEP description: | If this field is not set for overlay segment, then the default of MTEP will be used. enum: - MTEP - SOURCE title: |- Replication mode of the Segment type: string subnets: description: |- Subnet configuration. Max 1 subnet items: $ref: '#/definitions/SegmentSubnet' title: |- Subnet configuration. Max 1 subnet type: array transport_zone_path: description: | Policy path to the transport zone. Supported for VLAN backed segments as well as Overlay Segments. - This field is required for VLAN backed Segments. - For overlay Segments, it is auto assigned if only one transport zone exists in the enforcement point. Default transport zone is auto assigned for overlay segments if none specified. title: |- Policy path to the transport zone type: string type: description: | Segment type based on configuration. enum: - ROUTED - EXTENDED - ROUTED_AND_EXTENDED - DISCONNECTED readOnly: true title: |- Segment type type: string vlan_ids: description: | VLAN ids for a VLAN backed Segment. Can be a VLAN id or a range of VLAN ids specified with '-' in between. items: type: string title: |- VLAN ids for VLAN backed Segment type: array type: object x-vmw-nsx-module: PolicyConnectivity description: | Segment configuration to attach workloads. title: |- Segment configuration x-vmw-nsx-module: PolicyConnectivity SegmentAdvancedConfig: allOf: - $ref: '#/definitions/ConnectivityAdvancedConfig' - properties: address_pool_paths: description: | Policy path to IP address pools. items: type: string maxItems: 1 title: |- Policy path to IP address pools type: array hybrid: default: false description: | When set to true, all the ports created on this segment will behave in a hybrid fashion. The hybrid port indicates to NSX that the VM intends to operate in underlay mode, but retains the ability to forward egress traffic to the NSX overlay network. This property is only applicable for segment created with transport zone type OVERLAY_STANDARD. This property cannot be modified after segment is created. title: |- Flag to identify a hybrid logical switch type: boolean inter_router: default: false description: | When set to true, any port attached to this logical switch will not be visible through VC/ESX UI title: |- Flag to indicate if the logical switch will provide inter-router connectivity type: boolean local_egress: default: false description: | This property is used to enable proximity routing with local egress. When set to true, logical router interface (downlink) connecting Segment to Tier0/Tier1 gateway is configured with prefix-length 32. title: |- Flag to enable local egress type: boolean local_egress_routing_policies: description: | An ordered list of routing policies to forward traffic to the next hop. items: $ref: '#/definitions/LocalEgressRoutingEntry' minItems: 1 title: |- Local egress routing policies type: array multicast: description: | Enable multicast for a segment. Only applicable for segments connected to Tier0 gateway. title: |- Enable multicast on the downlink type: boolean uplink_teaming_policy_name: description: |- The name of the switching uplink teaming policy for the Segment. This name corresponds to one of the switching uplink teaming policy names listed in TransportZone associated with the Segment. See transport_zone_path property above for more details. When this property is not specified, the segment will not have a teaming policy associated with it and the host switch's default teaming policy will be used by MP. title: |- Uplink Teaming Policy Name type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Advanced configuration for Segment title: |- Advanced configuration for Segment x-vmw-nsx-module: PolicyConnectivity SegmentConfigurationState: allOf: - $ref: '#/definitions/ConfigurationState' - properties: segment_path: description: |- Segment path readOnly: true title: |- Segment path type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Segment state on specific Enforcement Point. title: |- Segment state on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics SegmentCrossSiteTrafficStats: properties: last_update_timestamp: description: | Timestamp when the l2 forwarder statistics was last updated. format: int64 readOnly: true type: integer rx_stats: $ref: '#/definitions/InterSitePortCounters' description: |- Total received data counters. readOnly: true title: |- Received data counters segment_path: description: | Policy path of Segment to attach interface. readOnly: true title: |- Policy path of Segment to attach interface type: string tx_stats: $ref: '#/definitions/InterSitePortCounters' description: |- Total sent data counters. readOnly: true title: |- Sent data counters type: object x-vmw-nsx-module: PolicyConnectivityStatistics SegmentDhcpConfig: description: | DHCP IPv4 and IPv6 configurations are extended from this abstract class. discriminator: resource_type properties: dns_servers: description: | IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property. items: description: |- IPv4 or IPv6 address format: ip type: string maxItems: 2 title: |- DNS servers for subnet type: array lease_time: default: 86400 description: | DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config. format: int64 maximum: 4294967295 minimum: 60 title: |- DHCP lease time for subnet type: integer resource_type: enum: - SegmentDhcpV4Config - SegmentDhcpV6Config type: string server_address: description: | IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment. format: ip-cidr-block type: string required: - resource_type title: |- DHCP configuration for segment subnet type: object x-vmw-nsx-module: PolicyConnectivity SegmentDhcpV4Config: allOf: - $ref: '#/definitions/SegmentDhcpConfig' - properties: options: $ref: '#/definitions/DhcpV4Options' description: | IPv4 DHCP options for segment subnet. title: |- DHCP options type: object x-vmw-nsx-module: PolicyConnectivity description: |- DHCP configuration of IPv4 subnet in a segment title: |- DHCP configuration of IPv4 subnet in a segment x-vmw-nsx-module: PolicyConnectivity SegmentDhcpV6Config: allOf: - $ref: '#/definitions/SegmentDhcpConfig' - properties: domain_names: description: | Domain names for subnet. items: type: string title: |- Domain names for subnet type: array excluded_ranges: description: |- Excluded addresses to define dynamic ip allocation ranges. items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string maxItems: 128 minItems: 0 title: |- Excluded range of IPv6 addresses type: array options: $ref: '#/definitions/DhcpV6Options' description: | IPv6 DHCP options based on the address family of the subnet. title: |- DHCP options preferred_time: description: | The length of time that a valid address is preferred. When the preferred lifetime expires, the address becomes deprecated. format: int64 maximum: 4294967295 minimum: 60 title: |- Preferred time type: integer sntp_servers: description: | IPv6 address of SNTP servers for subnet. items: description: |- IPv6 address format: ipv6 type: string title: |- SNTP servers for subnet type: array type: object x-vmw-nsx-module: PolicyConnectivity description: |- DHCP configuration of IPv6 subnet in a segment title: |- DHCP configuration of IPv6 subnet in a segment x-vmw-nsx-module: PolicyConnectivity SegmentDiscoveryProfileBindingMap: allOf: - $ref: '#/definitions/DiscoveryProfileBindingMap' - properties: ip_discovery_profile_path: description: |- PolicyPath of associated IP Discovery Profile title: |- IP Discovery Profile Path type: string mac_discovery_profile_path: description: |- PolicyPath of associated Mac Discovery Profile title: |- Mac Discovery Profile Path type: string type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: | This entity will be used to establish association between discovery profile and Segment. Using this entity, user can specify intent for applying discovery profile to particular segments. title: |- Segment Discovery Profile binding map x-vmw-nsx-module: PolicyDiscoveryProfileBinding SegmentDiscoveryProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment Discovery Profile Binding Map list results items: $ref: '#/definitions/SegmentDiscoveryProfileBindingMap' title: |- Segment Discovery Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyDiscoveryProfileBinding description: |- Paged collection of Segment Discovery Profile Binding Maps title: |- Paged collection of Segment Discovery Profile Binding Maps x-vmw-nsx-module: PolicyDiscoveryProfileBinding SegmentExtraConfig: description: | Segment extra config is intended for supporting vendor specific configuration on the data path, it can be set as key value string pairs on either segment or segment port. properties: config_pair: $ref: '#/definitions/UnboundedKeyValuePair' description: |- Key value pair in string for the configuration title: |- Key value pair in string for the configuration required: - config_pair title: |- Vendor specific configuration on segment or Segment port type: object x-vmw-nsx-module: PolicyConnectivity SegmentL2ForwarderSiteSpanInfo: properties: inter_site_forwarder_status: description: |- Inter-site forwarder status per node. items: $ref: '#/definitions/L2ForwarderStatusPerNode' readOnly: true title: |- Inter-site forwarder status per node type: array last_update_timestamp: description: | Timestamp when the L2 forwarder remote mac addresses was last updated. format: int64 readOnly: true type: integer remote_macs_per_site: description: | L2 forwarder remote mac addresses per site for logical switch. items: $ref: '#/definitions/L2ForwarderRemoteMacsPerSite' readOnly: true title: |- L2 forwarder remote mac addresses per site type: array segment_path: description: | Policy path of a segment. readOnly: true title: |- Segment path type: string type: object x-vmw-nsx-module: PolicyConnectivityStatistics SegmentListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment list results items: $ref: '#/definitions/Segment' title: |- Segment list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Segments title: |- Paged collection of Segments x-vmw-nsx-module: PolicyConnectivity SegmentMonitoringProfileBindingMap: allOf: - $ref: '#/definitions/MonitoringProfileBindingMap' - properties: ipfix_l2_profile_path: description: |- PolicyPath of associated IPFIX L2 Profile title: |- IPFIX L2 Profile Path type: string port_mirroring_profile_path: description: |- PolicyPath of associated Port Mirroring Profile title: |- Port Mirroring Profile Path type: string type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: | This entity will be used to establish association between monitoring profile and Segment. Using this entity, you can specify intent for applying monitoring profile to particular segment. title: |- Segment Monitoring Profile binding map x-vmw-nsx-module: PolicyMonitoringProfileBinding SegmentMonitoringProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment Monitoring Profile Binding Map list results items: $ref: '#/definitions/SegmentMonitoringProfileBindingMap' title: |- Segment Monitoring Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyMonitoringProfileBinding description: |- Paged collection of Segment Monitoring Profile Binding Maps title: |- Paged collection of Segment Monitoring Profile Binding Maps x-vmw-nsx-module: PolicyMonitoringProfileBinding SegmentPort: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: address_bindings: description: |- Static address binding used for the port. items: $ref: '#/definitions/PortAddressBindingEntry' maxItems: 512 title: |- Address bindings for the port type: array admin_state: default: UP description: |- Represents desired state of the segment port enum: - UP - DOWN title: |- Represents desired state of the segment port type: string attachment: $ref: '#/definitions/PortAttachment' description: |- Only VIF attachment is supported title: |- VIF attachment extra_configs: description: | This property could be used for vendor specific configuration in key value string pairs. Segment port setting will override segment setting if the same key was set on both segment and segment port. items: $ref: '#/definitions/SegmentExtraConfig' title: |- Extra configs on segment port type: array ignored_address_bindings: description: | IP Discovery module uses various mechanisms to discover address bindings being used on each segment port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported. items: $ref: '#/definitions/PortAddressBindingEntry' maxItems: 16 minItems: 0 title: |- Address bindings to be ignored by IP Discovery module type: array init_state: description: | Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation, and cannot be modified. enum: - UNBLOCKED_VLAN title: |- Initial state of this logical ports type: string source_site_id: description: | This field will refer to the source site on which the segment port is discovered. This field is populated by GM, when it receives corresponding notification from LM. readOnly: true title: |- source site(LM) id. type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Policy port will create LogicalPort on LogicalSwitch corresponding to the Segment. Address bindings cannot be removed after realization. title: |- Policy port object for segment x-vmw-nsx-module: PolicyConnectivity SegmentPortListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Place holder for the list result items: $ref: '#/definitions/SegmentPort' title: |- SegmentPort list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- List SegmentPort objects title: |- Paged collection of SegmentPort x-vmw-nsx-module: PolicyConnectivity SegmentPortStatistics: allOf: - $ref: '#/definitions/LogicalPortStatistics' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Segment port statistics on specific Enforcement Point. title: |- Segment port statistics on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics SegmentQoSProfileBindingMap: allOf: - $ref: '#/definitions/QoSProfileBindingMap' - properties: qos_profile_path: description: |- PolicyPath of associated QoS Profile title: |- QoS Profile Path type: string type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: | This entity will be used to establish association between qos profile and Segment. Using this entity, you can specify intent for applying qos profile to particular segment. title: |- Segment QoS Profile binding map x-vmw-nsx-module: PolicyQoSProfileBinding SegmentQoSProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment QoS Profile Binding Map list results items: $ref: '#/definitions/SegmentQoSProfileBindingMap' title: |- Segment QoS Profile Binding Map list results type: array required: - results type: object x-vmw-nsx-module: PolicyQoSProfileBinding description: |- Paged collection of Segment QoS Profile Binding Maps title: |- Paged collection of Segment QoS Profile Binding Maps x-vmw-nsx-module: PolicyQoSProfileBinding SegmentSecurityProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: bpdu_filter_allow: description: | Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering. List of allowed MACs - 01:80:c2:00:00:00, 01:80:c2:00:00:01, 01:80:c2:00:00:02, 01:80:c2:00:00:03, 01:80:c2:00:00:04, 01:80:c2:00:00:05, 01:80:c2:00:00:06, 01:80:c2:00:00:07, 01:80:c2:00:00:08, 01:80:c2:00:00:09, 01:80:c2:00:00:0a, 01:80:c2:00:00:0b, 01:80:c2:00:00:0c, 01:80:c2:00:00:0d, 01:80:c2:00:00:0e, 01:80:c2:00:00:0f, 00:e0:2b:00:00:00, 00:e0:2b:00:00:04, 00:e0:2b:00:00:06, 01:00:0c:00:00:00, 01:00:0c:cc:cc:cc, 01:00:0c:cc:cc:cd, 01:00:0c:cd:cd:cd, 01:00:0c:cc:cc:c0, 01:00:0c:cc:cc:c1, 01:00:0c:cc:cc:c2, 01:00:0c:cc:cc:c3, 01:00:0c:cc:cc:c4, 01:00:0c:cc:cc:c5, 01:00:0c:cc:cc:c6, 01:00:0c:cc:cc:c7 items: description: | A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB. format: mac-address type: string maxItems: 32 minItems: 0 title: |- Disable BPDU filtering on this whitelist type: array bpdu_filter_enable: default: true description: | Indicates whether BPDU filter is enabled. BPDU filtering is enabled by default. title: |- BPDU filtering status type: boolean dhcp_client_block_enabled: default: false description: | Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default. title: |- Enable DHCP client block type: boolean dhcp_client_block_v6_enabled: default: false description: | Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is disabled by default. title: |- Enable DHCP client block v6 type: boolean dhcp_server_block_enabled: default: true description: | Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default. title: |- Enable DHCP server block type: boolean dhcp_server_block_v6_enabled: default: true description: | Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is disabled by default. title: |- Enable DHCP server block v6 type: boolean non_ip_traffic_block_enabled: default: false description: | A flag to block all traffic except IP/(G)ARP/BPDU. title: |- Enable non IP traffic block type: boolean ra_guard_enabled: default: false description: | Enable or disable Router Advertisement Guard. title: |- Enable Router Advertisement Guard type: boolean rate_limits: $ref: '#/definitions/TrafficRateLimits' description: |- Allows configuration of rate limits for broadcast and multicast traffic. Rate limiting is disabled by default title: |- Rate limiting configuration rate_limits_enabled: default: false description: | Enable or disable Rate Limits title: |- Enable Rate Limits type: boolean type: object x-vmw-nsx-module: PolicySegmentSecurity description: | Security features extended by policy operations for securing logical segments. title: |- Segment Security Profile x-vmw-nsx-module: PolicySegmentSecurity SegmentSecurityProfileBindingMap: allOf: - $ref: '#/definitions/SecurityProfileBindingMap' - properties: segment_security_profile_path: description: |- The policy path of the asscociated Segment Security profile title: |- Segment Security Profile Path type: string spoofguard_profile_path: description: |- The policy path of the asscociated SpoofGuard profile title: |- SpoofGuard Profile Path type: string type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: | Contains the binding relationship between segment and security profile. title: |- Security profile binding map for segment x-vmw-nsx-module: PolicySecurityProfileBinding SegmentSecurityProfileBindingMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment security profile binding map list results items: $ref: '#/definitions/SegmentSecurityProfileBindingMap' title: |- Segment security profile binding map list results type: array required: - results type: object x-vmw-nsx-module: PolicySecurityProfileBinding description: |- Paged collection of segment security profile binding maps title: |- Paged collection of segment security profile binding maps x-vmw-nsx-module: PolicySecurityProfileBinding SegmentSecurityProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Segment Security profile list results items: $ref: '#/definitions/SegmentSecurityProfile' title: |- Segment Security profile list results type: array required: - results type: object x-vmw-nsx-module: PolicySegmentSecurity description: |- Paged collection of segment security profiles title: |- Paged collection of segment security profiles x-vmw-nsx-module: PolicySegmentSecurity SegmentStatistics: allOf: - $ref: '#/definitions/LogicalSwitchStatistics' - type: object x-vmw-nsx-module: PolicyConnectivityStatistics description: |- Segment statistics on specific Enforcement Point. title: |- Segment statistics on specific Enforcement Point x-vmw-nsx-module: PolicyConnectivityStatistics SegmentSubnet: description: |- Subnet configuration for segment properties: dhcp_config: $ref: '#/definitions/SegmentDhcpConfig' description: | Additional DHCP configuration for current subnet. title: |- Additional DHCP configuration dhcp_ranges: description: | DHCP address ranges are used for dynamic IP allocation. Supports address range and CIDR formats. First valid host address from the first value is assigned to DHCP server IP address. Existing values cannot be deleted or modified, but additional DHCP ranges can be added. items: description: | IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" format: address-or-block-or-range type: string minItems: 1 title: |- DHCP address ranges for dynamic IP allocation type: array gateway_address: description: | Gateway IP address in CIDR format for both IPv4 and IPv6. format: ip-cidr-block title: |- Gateway IP address. type: string network: description: | Network CIDR for this subnet calculated from gateway_addresses and prefix_len. readOnly: true title: |- Network CIDR for subnet type: string title: |- Subnet configuration for segment type: object x-vmw-nsx-module: PolicyConnectivity SelectableResourceReference: allOf: - $ref: '#/definitions/ResourceReference' - properties: selected: description: |- Set to true if this resource has been selected to be acted upon title: |- Set to true if this resource has been selected to be acted upon type: boolean required: - selected type: object x-vmw-nsx-module: ClusterRestore description: |- Resources to take action on title: |- Resources to take action on x-vmw-nsx-module: ClusterRestore SelfResourceLink: allOf: - $ref: '#/definitions/ResourceLink' - type: object x-vmw-nsx-module: Common description: |- The server will populate this field when returing the resource. Ignored on PUT and POST. title: |- Link to this resource x-vmw-nsx-module: Common Service: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: is_default: default: false description: | The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted. readOnly: true title: |- Flag for default services type: boolean service_entries: description: |- Service type items: $ref: '#/definitions/ServiceEntry' maxItems: 50 title: |- Service type type: array service_type: description: |- Type of service, EITHER or NON_ETHER title: |- Type of service, EITHER or NON_ETHER type: string type: object x-vmw-nsx-module: Policy description: | Used while defining a CommunicationEntry. A service may have multiple service entries. title: |- Contains the information related to a service x-vmw-nsx-module: Policy ServiceEntry: allOf: - $ref: '#/definitions/PolicyConfigResource' - discriminator: resource_type properties: resource_type: enum: - IPProtocolServiceEntry - IGMPTypeServiceEntry - ICMPTypeServiceEntry - ALGTypeServiceEntry - L4PortSetServiceEntry - EtherTypeServiceEntry - NestedServiceServiceEntry type: string required: - resource_type type: object x-vmw-nsx-module: Policy description: |- A Service entry that describes traffic title: |- A Service entry that describes traffic x-vmw-nsx-module: Policy ServiceEntryListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Service entry list results items: $ref: '#/definitions/ServiceEntry' title: |- Service entry list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Service entries title: |- Paged Collection of Service entries x-vmw-nsx-module: Policy ServiceInstanceEndpoint: allOf: - $ref: '#/definitions/BaseEndpoint' - properties: service_interface_path: description: |- Path of Service Interface to which this ServiceInstanceEndpoint is connected. readOnly: false title: |- Service Interface path type: string required: - service_interface_path type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- A ServiceInstanceEndpoint belongs to one ByodPolicyServiceInstance and is attached to one ServiceInterface. A ServiceInstanceEndpoint represents a redirection target for a RedirectionPolicy. title: |- Service EndPoint for Byod Policy Service Instance x-vmw-nsx-module: PolicyServiceInsertion ServiceInterface: allOf: - $ref: '#/definitions/BaseTier0Interface' - type: object x-vmw-nsx-module: PolicyConnectivity description: |- Service interface configuration for internal connectivity. title: |- Service interface configuration x-vmw-nsx-module: PolicyConnectivity ServiceInterfaceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Service Interface list results items: $ref: '#/definitions/ServiceInterface' title: |- Service Interface list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Service Interfaces title: |- Paged collection of Service Interfaces x-vmw-nsx-module: PolicyConnectivity ServiceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Service list results items: $ref: '#/definitions/Service' title: |- Service list results type: array required: - results type: object x-vmw-nsx-module: Policy description: |- Paged Collection of Services title: |- Paged Collection of Services x-vmw-nsx-module: Policy ServiceReference: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled: default: true description: |- A Service's operational state can be enabled or disabled. Note that would work only for NetX type of services and would not work for Guest Introsp- ection type of Services. TRUE - The Service should be enabled FALSE - The Service should be disabled readOnly: false title: |- Operational state of the Service. type: boolean partner_service_name: description: |- Unique name of Partner Service to be consumed for redirection. title: |- Name of Partner Service type: string required: - partner_service_name type: object x-vmw-nsx-module: PolicyServiceInsertion description: |- An anchor object representing the intent to consume a given 3rd party service. title: |- An anchor object representing the intent to consume a given 3rd party service. x-vmw-nsx-module: PolicyServiceInsertion ServiceSegment: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: lr_paths: description: |- Policy paths of logical routers or ports | to which this Service Segment can be connected. items: type: string title: |- Policy paths of logical routers type: array transport_zone_path: description: |- Policy path to transport zone. Only overlay transport zone is supported. title: |- Policy path to the transport zone type: string required: - transport_zone_path type: object x-vmw-nsx-module: PolicyConnectivity description: | Service Segment configuration to attach Service Insertion VM. title: |- Service Segment configuration x-vmw-nsx-module: PolicyConnectivity SessionTimerProfileBindingListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Session timer profile binding maps list results items: $ref: '#/definitions/SessionTimerProfileBindingMap' title: |- Session timer profile binding maps list results type: array required: - results type: object x-vmw-nsx-module: PolicyProfile description: |- Paged Collection of session timer profile binding maps title: |- Paged Collection of session timer profile binding maps x-vmw-nsx-module: PolicyProfile SessionTimerProfileBindingMap: allOf: - $ref: '#/definitions/ProfileBindingMap' - type: object x-vmw-nsx-module: PolicyProfile description: | This entity will be used to establish association between Session Timer profile and Logical Routers. title: |- Policy Session Timer Profile binding map x-vmw-nsx-module: PolicyProfile SetFields: allOf: - $ref: '#/definitions/Action' - properties: field_settings: description: |- Field Settings. items: $ref: '#/definitions/FieldSetting' minItems: 1 title: |- Field Settings type: array type: object x-vmw-nsx-module: PolicyReaction description: | Set Fields is an action to set fields of the source event. title: |- Set Fields x-vmw-nsx-module: PolicyReaction Site: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: fail_if_rtep_misconfigured: default: true description: | Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail. title: |- Fail onboarding if RTEPs misconfigured type: boolean fail_if_rtt_exceeded: default: true description: | Fail onboarding if maximum RTT exceeded. title: |- Fail onboarding if maximum RTT exceeded type: boolean federation_config: $ref: '#/definitions/GmFederationSiteConfig' description: |- System managed federation config. readOnly: true title: |- Federation releated config maximum_rtt: default: 250 description: | If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value. format: int64 maximum: 1000 minimum: 0 title: |- Maximum acceptable packet round trip time (RTT) type: integer site_connection_info: description: | To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate. items: $ref: '#/definitions/SiteNodeConnectionInfo' maxItems: 3 title: |- Connection information type: array site_number: description: |- 12-bit system generated site number format: int64 readOnly: true title: |- 12-bit system generated site number type: integer type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: | Site represents an NSX deployment having its own set of NSX clusters and transport nodes. It may correspond to a Data Center, VMC deployment, or NSX-Cloud deployment managed via CSM. title: |- Site x-vmw-nsx-module: PolicyEnforcementPointManagement SiteAllocationIndexForEdge: description: | Index for cross site allocation for edge cluster and its members referred by gateway. properties: index: description: | Unqiue edge cluster node index across sites based on stretch of the Gateway. For example, if a Gateway is streched to sites S1 with one edge cluster of 3 nodes and site S2 with one edge cluster of 2 nodes, the in the Global Manager will allocate the index for 5 edge nodes and 2 cluster in the rage 0 to 7. format: int64 readOnly: true title: |- Unique index across sites for gateway span type: integer target_resource_path: description: |- Edge cluster or edge node path readOnly: true title: |- Edge cluster or edge node path type: string title: | Allocation index for edge type: object x-vmw-nsx-module: PolicyConnectivity SiteFederationConfig: description: |- Site fedeation configuration. properties: rtep_ips: description: |- Remote tunnel endpoint IP addresses items: description: |- IPv4 or IPv6 address format: ip type: string readOnly: true title: |- Remote tunnel endpoint IP addresses type: array site_id: description: |- Site UUID readOnly: true title: |- Site UUID type: string site_index: description: |- Unique site index allocated (from range 0-4095) format: int64 readOnly: true title: |- Unique site index allocated (from range 0-4095) type: integer site_path: description: |- Site path readOnly: true title: |- Site path type: string title: |- Site fedeation configuration type: object x-vmw-nsx-module: PolicySiteGM SiteListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Site list result. items: $ref: '#/definitions/Site' title: |- Site List Result type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged Collection of Sites. title: |- Paged Collection of Sites x-vmw-nsx-module: PolicyEnforcementPointManagement SiteNodeConnectionInfo: description: |- Credential info to connect to a node in the federated remote site. properties: fqdn: description: | Please specify the fqdn of the Management Node of your site. title: |- Fully Qualified Domain Name of the Management Node type: string password: description: |- Password to connect to Site's Local Manager. title: |- Password type: string thumbprint: description: | Thumbprint of Site's Local Manager in the form of a SHA-256 hash represented in lower case HEX. title: |- Thumbprint of Enforcement Point type: string username: description: |- Username to connect to Site's Local Manager. title: |- Username type: string required: - fqdn title: |- Site Node Connection Info type: object x-vmw-nsx-module: PolicyEnforcementPointManagement Source: description: | Source that is logically deemed to be the "object" upon which the Event in question initially occurred upon. The Source is responsible for providing information of the occurred event. Some example sources include: - Resource. - API. discriminator: resource_type properties: resource_type: description: | Event Source resource type. enum: - ResourceOperation - ApiRequestBody title: |- Resource Type type: string required: - resource_type title: |- Event Source type: object x-vmw-nsx-module: PolicyReaction SourceFieldEvaluation: allOf: - $ref: '#/definitions/Evaluation' - properties: expected: description: | Expected values necessary to apply the specified operation on the source field value. items: type: string maxItems: 1 minItems: 1 title: |- Operator Arguments type: array field_pointer: description: | Field in the form of a pointer, describing the location of the attribute within the source of the event. title: |- Field Pointer type: string operator: description: |- Logical operator. enum: - EQ - NOT_EQ title: |- Logical Operator type: string required: - operator - expected - field_pointer type: object x-vmw-nsx-module: PolicyReaction description: | Source Field Evaluation represents an evaluation on resource fields. A source field evaluation will be evaluated against an Event Source which is of type Resource Operation. For instance, the attribute constraint could be related to the necessity that one of the source fields equals one of the specified values. title: |- Source Field Evaluation x-vmw-nsx-module: PolicyReaction Span: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: sites: description: | List of SpanSiteInfos representing the strech of the entity. items: $ref: '#/definitions/SpanSiteInfo' readOnly: true title: |- List of SpanSiteInfos type: array span_leader: description: | Represents Policy resource type streached entity's span leader. readOnly: true title: |- Policy resource type of span leader type: string span_resource: description: | Represents Policy resource path of streached entity. readOnly: true title: |- Policy resource path type: string span_resource_type: description: | Policy resource type of the streached entity. readOnly: true title: |- Policy resource type type: string type: object x-vmw-nsx-module: PolicySitesSpan description: | Represents the strech information for a federated entity available only on local manager. title: |- Represents strech information for federated entity. x-vmw-nsx-module: PolicySitesSpan SpanSiteInfo: description: | Represents the Site resource information for a Span entity including both the internal id as well as the site path. properties: site_id: description: | Site UUID representing the Site resource readOnly: true title: |- Internal ID of the Site resource type: string site_path: description: | Path of the Site resource readOnly: true title: |- Path of the Site resource type: string title: |- Represents Site resource for Span entity. type: object x-vmw-nsx-module: PolicySitesSpan SpoofGuardProfile: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: address_binding_whitelist: default: false description: | If true, enable the SpoofGuard, which only allows VM sending traffic with the IPs in the whitelist. title: |- Enable SpoofGuard type: boolean required: - address_binding_whitelist type: object x-vmw-nsx-module: PolicySpoofGuard description: | SpoofGuard is a tool that is designed to prevent virtual machines in your environment from sending traffic with IP addresses which are not authorized to send traffic from. A SpoofGuard policy profile once enabled blocks the traffic determined to be spoofed. title: |- SpoofGuard Profile x-vmw-nsx-module: PolicySpoofGuard SpoofGuardProfileListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- SpoofGuard profile list results items: $ref: '#/definitions/SpoofGuardProfile' title: |- SpoofGuard profile list results type: array required: - results type: object x-vmw-nsx-module: PolicySpoofGuard description: |- Paged collection of SpoofGuard profiles title: |- Paged collection of SpoofGuard profiles x-vmw-nsx-module: PolicySpoofGuard SslTrustObjectData: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: key_algo: description: |- Key algorithm contained in this certificate type: string passphrase: description: |- Password for private key encryption readOnly: false type: string pem_encoded: description: |- pem encoded certificate data readOnly: false type: string private_key: description: |- private key data readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: TempPolicyLoadBalancer x-vmw-nsx-module: TempPolicyLoadBalancer StandaloneHostIdfwConfiguration: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: idfw_enabled: description: |- If set to true, Idfw is enabled for standalone hosts readOnly: false title: |- Idfw enabled flag type: boolean required: - idfw_enabled type: object x-vmw-nsx-module: PolicyFirewallConfiguration description: | Idfw configuration for enable/disable idfw on standalone hosts. title: |- Standalone host idfw configuration x-vmw-nsx-module: PolicyFirewallConfiguration StatItem: description: |- Displayed as a single number. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states. properties: drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. title: |- Id of drilldown widget type: string tooltip: description: |- Multi-line text to be shown on tooltip while hovering over the stat. items: $ref: '#/definitions/Tooltip' minItems: 0 title: |- Multi-line tooltip type: array total: description: |- If expression for total is specified, it evaluates it. Total can be omitted if not needed to be shown. title: |- Total type: string value: description: |- Expression for stat to be displayed. maxLength: 1024 title: |- Stat type: string required: - value title: |- Statistic of an entity type: object x-vmw-nsx-module: NsxDashboard StaticARPConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: ip_address: description: |- IP Address format: ip type: string mac_address: description: |- MAC Address format: mac-address type: string required: - ip_address - mac_address type: object x-vmw-nsx-module: PolicyConnectivity description: | Contains Static ARP configuration for Segment. title: |- Static ARP Config x-vmw-nsx-module: PolicyConnectivity StaticFilter: description: |- Static filters properties: display_name: description: |- display name to be shown in the drop down for static filter. maxLength: 1024 title: |- Display name for static filter type: string value: description: |- Value of static filter inside dropdown filter. title: |- Value of static filter type: string title: |- Static filters type: object x-vmw-nsx-module: NsxDashboard StaticRouteBfdPeer: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: bfd_profile_path: description: |- Bfd Profile is not supported for IPv6 networks. title: |- Policy path to Bfd Profile type: string enabled: default: true description: |- Flag to enable BFD peer. title: |- Enable BFD Peer type: boolean peer_address: description: |- Only IPv4 addresses are supported. Only a single BFD config per peer address is allowed. title: |- IP Address of static route next hop peer type: string scope: description: | Represents the array of policy paths of locale services where this BFD peer should get relalized on. The locale service service and this BFD peer must belong to the same router. Default scope is empty. items: type: string title: |- Array of policy paths of locale services type: array source_addresses: description: |- Array of Tier0 external interface IP addresses. BFD peering is established from all these source addresses to the neighbor specified in peer_address. Only IPv4 addresses are supported. items: type: string maxItems: 1 minItems: 0 title: |- List of source IP addresses type: array required: - peer_address type: object x-vmw-nsx-module: PolicyConnectivity description: |- Static Route Bidirectional Forwarding Detection Peer title: |- Static Route Bidirectional Forwarding Detection Peer x-vmw-nsx-module: PolicyConnectivity StaticRouteBfdPeerListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- StaticRouteBfdPeer list results. items: $ref: '#/definitions/StaticRouteBfdPeer' title: |- StaticRouteBfdPeer list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of StaticRouteBfdPeer. title: |- Paged Colleciton of StaticRouteBfdPeer x-vmw-nsx-module: PolicyConnectivity StaticRoutes: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enabled_on_secondary: default: false description: | When false or by default northbound routes are configured only on the primary location and not on secondary location. When true, the static route will also be configured on a secondary location. Secondary location prefers route learned from the primary location and enabling this flag secondary location can override this. This flag is not applicable if all sites are primary. title: |- Flag to plumb route on secondary site type: boolean network: description: | Specify network address in CIDR format. format: address-or-block-or-range type: string next_hops: description: | Specify next hop routes for network. items: $ref: '#/definitions/RouterNexthop' minItems: 1 title: |- Next hop routes for network type: array required: - next_hops - network type: object x-vmw-nsx-module: PolicyConnectivity description: |- Static routes configuration on Tier-0 or Tier-1. title: |- Static routes configuration on Tier-0 or on Tier-1 x-vmw-nsx-module: PolicyConnectivity StaticRoutesListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Static Routes list results items: $ref: '#/definitions/StaticRoutes' title: |- Static Routes list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Static Routes title: |- Paged collection of Static Routes x-vmw-nsx-module: PolicyConnectivity StatsConfiguration: allOf: - $ref: '#/definitions/WidgetConfiguration' - properties: label: $ref: '#/definitions/Label' description: |- Displayed at the sections, by default. It labels the entities of sections. If label is not provided, the sections are not labelled. title: |- Label of the Stats Configuration navigation: description: |- Hyperlink of the specified UI page that provides details. maxLength: 1024 title: |- Navigation to a specified UI page type: string sections: description: |- Sections items: $ref: '#/definitions/DonutSection' minItems: 0 title: |- Sections type: array stat: $ref: '#/definitions/StatItem' description: |- Expression that fetches statistic. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states. If stat is not provided, then it will not be displayed. title: |- Expression for feching statistic of an entity sub_type: description: |- A sub-type of StatsConfiguration. If sub-type is not specified the parent type is rendered. The COMPACT sub_type, conserves the space for the widget. The statistic is placed on the right side on top of the status bar and the title of the widget is placed on the left side on the top of the status bar. The COMPACT style aligns itself horizontally as per the width of the container. If multiple widgets are placed insided the container then the widgets are placed one below the other to conserve the space. enum: - COMPACT title: |- Sub-type of the StatsConfiguration type: string type: object x-vmw-nsx-module: NsxDashboard description: |- Represents configuration of a statistic for an entity. Example, number of logical switches and their admin states. title: |- Stats Configuration x-vmw-nsx-module: NsxDashboard Tag: description: |- Arbitrary key-value pairs that may be attached to an entity properties: scope: default: '' description: |- Tag searches may optionally be restricted by scope maxLength: 128 readOnly: false title: |- Tag scope type: string tag: default: '' description: |- Identifier meaningful to user with maximum length of 256 characters readOnly: false title: |- Tag value type: string title: |- Arbitrary key-value pairs that may be attached to an entity type: object x-vmw-nsx-module: Common TagBulkOperation: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: apply_to: description: | List of resources on which tag needs to be applied items: $ref: '#/definitions/ResourceInfo' title: |- List of resources on which tag needs to be applied type: array remove_from: description: | List of resources from which tag needs to be removed items: $ref: '#/definitions/ResourceInfo' title: |- List of resources from which tag needs to be removed type: array tag: $ref: '#/definitions/Tag' description: |- Tag title: |- Tag required: - tag type: object x-vmw-nsx-module: PolicyTag description: | Tag and resource information on which tag to be applied or removed. title: |- Payload to update the tag on specified objects x-vmw-nsx-module: PolicyTag TagBulkOperationStatus: description: | Status of tag bulk operation properties: apply_to: description: | Tag apply operation status per resource type. items: $ref: '#/definitions/ResourceTypeTagStatus' title: |- Tag apply operation status per resource type type: array path: description: |- Intent path corresponding to tag operation title: |- Intent path corresponding to tag operation type: string remove_from: description: | Tag remove operation status per resource type items: $ref: '#/definitions/ResourceTypeTagStatus' title: |- Tag remove operation status per resource type type: array status: description: |- Overall status enum: - Success - Running - Error - Pending title: |- Overall status type: string tag: $ref: '#/definitions/Tag' description: |- Tag title: |- Tag required: - status - path - tag title: |- Status of tag bulk operation type: object x-vmw-nsx-module: PolicyTag TagInfo: allOf: - $ref: '#/definitions/Tag' - properties: tagged_objects_count: description: |- Number of objects with assigned with matching scope and tag values format: int32 readOnly: true title: |- Number of objects with assigned with matching scope and tag values type: integer type: object x-vmw-nsx-module: PolicyTag description: |- Information about arbitrary key-value pairs that may be attached to an entity title: |- Information about arbitrary key-value pairs that may be attached to an entity x-vmw-nsx-module: PolicyTag TagInfoListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tag info list results items: $ref: '#/definitions/TagInfo' title: |- Tag info list results type: array required: - results type: object x-vmw-nsx-module: PolicyTag description: |- Paged Collection of Tags title: |- Paged Collection of Tags x-vmw-nsx-module: PolicyTag TcpHeader: properties: dst_port: description: |- Destination port of tcp header format: int64 maximum: 65535 minimum: 0 title: |- Destination port of tcp header type: integer src_port: description: |- Source port of tcp header format: int64 maximum: 65535 minimum: 0 title: |- Source port of tcp header type: integer tcp_flags: description: |- TCP flags (9bits) format: int64 maximum: 511 minimum: 0 title: |- TCP flags (9bits) type: integer type: object x-vmw-nsx-module: Traceflow TcpMaximumSegmentSizeClamping: description: |- TCP MSS Clamping Direction and Value. properties: direction: default: NONE description: | Specifies the traffic direction for which to apply MSS Clamping. enum: - NONE - INBOUND_CONNECTION - OUTBOUND_CONNECTION - BOTH title: |- Maximum Segment Size Clamping Direction type: string max_segment_size: description: | MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 216 to 8960. format: int64 maximum: 8852 minimum: 108 title: |- Maximum Segment Size Value type: integer title: |- TCP MSS Clamping type: object x-vmw-nsx-module: PolicyIPSecVpn TcpPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyLbMonitorProfile' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over TCP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over TCP x-vmw-nsx-module: TempPolicyLoadBalancer TcpPolicyLbVirtualServer: allOf: - $ref: '#/definitions/PolicyLbVirtualServer' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over TCP and distributes them among the backend servers. title: |- PolicyLbVirtualServer handling connections over TCP x-vmw-nsx-module: TempPolicyLoadBalancer Tier0: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: default_rule_logging: default: false description: | Indicates if logging should be enabled for the default whitelisting rule. This filed is deprecated and recommended to change Rule logging filed. Note that this filed is not synchornied with default logging field. title: |- Enable logging for whitelisted rule type: boolean x-deprecated: true dhcp_config_paths: description: | DHCP configuration for Segments connected to Tier-0. DHCP service is configured in relay mode. items: type: string maxItems: 1 minItems: 0 title: |- DHCP configuration for Segments connected to Tier-0 type: array disable_firewall: default: false description: |- Disable or enable gateway fiewall. title: |- Disable gateway firewall type: boolean failover_mode: default: NON_PREEMPTIVE description: | Determines the behavior when a Tier-0 instance in ACTIVE-STANDBY high-availability mode restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. This property is not used when the ha_mode property is set to ACTIVE_ACTIVE. Only applicable when edge cluster is configured in Tier0 locale-service. enum: - PREEMPTIVE - NON_PREEMPTIVE title: |- Failover mode type: string federation_config: $ref: '#/definitions/FederationGatewayConfig' description: |- Additional config for federation. readOnly: true title: |- Federation releated config force_whitelisting: default: false description: | This filed is deprecated and recommended to change Rule action filed. Note that this filed is not synchornied with default rule field. title: |- Flag to add whitelisting FW rule during realization type: boolean x-deprecated: true ha_mode: default: ACTIVE_ACTIVE description: | Specify high-availability mode for Tier-0. Default is ACTIVE_ACTIVE. When ha_mode is changed from ACTIVE_ACTIVE to ACTIVE_STANDBY, inter SR iBGP (in BGP) is disabled. Changing ha_mode from ACTIVE_STANDBY to ACTIVE_ACTIVE will enable inter SR iBGP (in BGP) and previously configured preferred edge nodes (in Tier0 locale-service) are removed. enum: - ACTIVE_ACTIVE - ACTIVE_STANDBY title: |- High-availability Mode for Tier-0 type: string internal_transit_subnets: description: | Specify subnets that are used to assign addresses to logical links connecting service routers and distributed routers. Only IPv4 addresses are supported. When not specified, subnet 169.254.0.0/24 is assigned by default in ACTIVE_ACTIVE HA mode or 169.254.0.0/28 in ACTIVE_STANDBY mode. items: format: ip-cidr-block type: string maxItems: 1 title: |- Internal transit subnets in CIDR format type: array intersite_config: $ref: '#/definitions/IntersiteGatewayConfig' description: |- Inter site routing configuration when the gateway is streched. title: |- Inter site routing configuration ipv6_profile_paths: description: | IPv6 NDRA and DAD profiles configuration on Tier0. Either or both NDRA and/or DAD profiles can be configured. items: type: string maxItems: 2 minItems: 0 title: |- IPv6 NDRA and DAD profiles configuration type: array rd_admin_field: description: | If you are using EVPN service, then route distinguisher administrator address should be defined if you need auto generation of route distinguisher on your VRF configuration. format: ip type: string transit_subnets: description: | Specify transit subnets that are used to assign addresses to logical links connecting tier-0 and tier-1s. Both IPv4 and IPv6 addresses are supported. When not specified, subnet 100.64.0.0/16 is configured by default. items: format: ip-cidr-block type: string title: |- Transit subnets in CIDR format type: array vrf_config: $ref: '#/definitions/Tier0VrfConfig' description: |- VRF config, required for VRF Tier0. title: |- VRF config type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-0 configuration for external connectivity. title: |- Tier-0 configuration x-vmw-nsx-module: PolicyConnectivity Tier0DeploymentMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enforcement_point: description: |- Path of enforcement point on which Tier-0 shall be deployed. title: |- Absolute Path of Enforcement Point type: string required: - enforcement_point type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Binding of Tier-0 to the enforcement point. title: |- Tier-0 Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement Tier0DeploymentMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-0 Deployment Maps. items: $ref: '#/definitions/Tier0DeploymentMap' title: |- Tier-0 Deployment Maps type: array required: - results type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Paged collection of Tier-0 Deployment Map. title: |- Paged Collection of Tier-0 Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement Tier0GatewayState: description: |- Tier0 gateway state properties: enforcement_point_path: description: | String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. title: |- Enforcement point path type: string ipv6_status: description: | IPv6 DAD status for interfaces configured on Tier0 items: $ref: '#/definitions/IPv6Status' title: |- IPv6 DAD status for Tier0 interfaces type: array tier0_state: $ref: '#/definitions/LogicalRouterState' description: | Detailed realized state information for Tier0 title: |- Tier0 state tier0_status: $ref: '#/definitions/LogicalRouterStatus' description: | Detailed realized status information for Tier0 title: |- Tier0 status title: |- Tier0 gateway state type: object x-vmw-nsx-module: PolicyConnectivityStatistics Tier0HaVipConfig: description: |- Tier0 HA VIP Config properties: enabled: default: true description: |- Flag to enable this HA VIP config. title: |- Flag to enable this HA VIP config. type: boolean external_interface_paths: description: |- Policy paths to Tier0 external interfaces which are to be paired to provide redundancy. Floating IP will be owned by one of these interfaces depending upon which edge node is Active. items: type: string minItems: 2 title: |- Policy paths to Tier0 external interfaces for providing redundancy type: array vip_subnets: description: |- Array of IP address subnets which will be used as floating IP addresses. items: $ref: '#/definitions/InterfaceSubnet' maxItems: 2 minItems: 1 title: |- VIP floating IP address subnets type: array required: - external_interface_paths - vip_subnets title: |- Tier0 HA VIP Config type: object x-vmw-nsx-module: PolicyConnectivity Tier0Interface: allOf: - $ref: '#/definitions/BaseTier0Interface' - properties: access_vlan_id: description: |- Vlan id. format: int64 type: integer edge_cluster_member_index: description: | Specify association of interface with edge cluster member. This property is deprecated, use edge_path instead. When both properties are specifed, only edge_path property is used. format: int32 minimum: 0 title: |- Association of interface with edge cluster member type: integer x-deprecated: true edge_path: description: | Policy path to edge node to handle external connectivity. Required when interface type is EXTERNAL. title: |- Policy path to edge node type: string ipv6_profile_paths: description: | Configuration IPv6 NDRA profile. Only one NDRA profile can be configured. items: type: string maxItems: 1 minItems: 0 title: |- IPv6 NDRA profile configuration type: array ls_id: description: | Specify logical switch to which tier-0 interface is connected for external access. This property is deprecated, use segment_path instead. Both properties cannot be used together. title: |- Logical switch id to attach tier-0 interface type: string x-deprecated: true mtu: description: | Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. format: int32 minimum: 64 title: |- MTU size type: integer multicast: $ref: '#/definitions/Tier0InterfacePimConfig' description: | Multicast PIM configuration. title: |- Multicast PIM configuration segment_path: description: | Specify Segment to which this interface is connected to. Either segment_path or ls_id property is required. title: |- Segment to attach tier-0 interface type: string type: default: EXTERNAL description: | Interface type enum: - EXTERNAL - SERVICE - LOOPBACK title: |- Interface type type: string urpf_mode: default: STRICT description: |- Unicast Reverse Path Forwarding mode enum: - NONE - STRICT title: |- Unicast Reverse Path Forwarding mode type: string type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-0 interface configuration for external connectivity. title: |- Tier-0 interface configuration x-vmw-nsx-module: PolicyConnectivity Tier0InterfaceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-0 Interface list results items: $ref: '#/definitions/Tier0Interface' title: |- Tier-0 Interface list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Tier-0 Interfaces title: |- Paged collection of Tier-0 Interfaces x-vmw-nsx-module: PolicyConnectivity Tier0InterfacePimConfig: description: |- Multicast PIM configuration. properties: enabled: default: false description: | enable/disable PIM configuration. title: |- enable/disable PIM configuration type: boolean title: |- Multicast PIM configuration type: object x-vmw-nsx-module: PolicyConnectivity Tier0ListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-0 list results items: $ref: '#/definitions/Tier0' title: |- Tier-0 list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Tier-0s title: |- Paged collection of Tier-0s x-vmw-nsx-module: PolicyConnectivity Tier0RouteMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: entries: description: | Ordered list of route map entries. items: $ref: '#/definitions/RouteMapEntry' maxItems: 1000 minItems: 1 title: |- Ordered list of route map entries type: array required: - entries type: object x-vmw-nsx-module: PolicyConnectivity description: |- RouteMap for redistributing routes to BGP and other routing protocols title: |- RouteMap for redistributing routes to BGP and other routing protocols x-vmw-nsx-module: PolicyConnectivity Tier0RouteMapListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier0RouteMap results items: $ref: '#/definitions/Tier0RouteMap' title: |- Tier0RouteMap results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of RouteMaps title: |- Paged collection of RouteMaps x-vmw-nsx-module: PolicyConnectivity Tier0RouteRedistributionConfig: description: |- Route Redistribution config properties: bgp_enabled: default: true description: |- Flag to enable route redistribution for BGP. title: |- Flag to enable route redistribution for BGP. type: boolean redistribution_rules: default: [] description: | List of redistribution rules. items: $ref: '#/definitions/Tier0RouteRedistributionRule' maxItems: 5 minItems: 0 type: array title: |- Route Redistribution config type: object x-vmw-nsx-module: PolicyConnectivity Tier0RouteRedistributionRule: description: |- Single route redistribution rule properties: name: description: |- Rule name title: |- Rule name type: string route_map_path: description: |- Route map to be associated with the redistribution rule type: string route_redistribution_types: description: |- List of redistribution types items: description: | Tier-0 route redistribution types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and routes related to TIER0_ROUTER_LINK, TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types. TIER1_STATIC: Redistribute all subnets and static routes advertised by Tier-1s. TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets on Tier-0. TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets on Tier-0. TIER0_SEGMENT: Redistribute subnets configured on Segments connected to Tier-0. TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0 TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets. TIER0_NAT: Redistribute NAT IPs owned by Tier-0. TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_CONNECTED: Redistribute all subnets configured on Segments and Service Interfaces. TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets. TIER1_SEGMENT: Redistribute subnets configured on Segments connected to Tier1. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. Route redistribution destination is BGP. enum: - TIER0_STATIC - TIER0_CONNECTED - TIER0_EXTERNAL_INTERFACE - TIER0_SEGMENT - TIER0_ROUTER_LINK - TIER0_SERVICE_INTERFACE - TIER0_LOOPBACK_INTERFACE - TIER0_DNS_FORWARDER_IP - TIER0_IPSEC_LOCAL_IP - TIER0_NAT - TIER0_EVPN_TEP_IP - TIER1_NAT - TIER1_STATIC - TIER1_LB_VIP - TIER1_LB_SNAT - TIER1_DNS_FORWARDER_IP - TIER1_CONNECTED - TIER1_SERVICE_INTERFACE - TIER1_SEGMENT - TIER1_IPSEC_LOCAL_ENDPOINT type: string title: |- List of redistribution types type: array required: - route_redistribution_types title: |- Single route redistribution rule type: object x-vmw-nsx-module: PolicyConnectivity Tier0VrfConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: evpn_transit_vni: description: | L3 VNI associated with the VRF for overlay traffic. VNI must be unique and belong to configured VNI pool. format: int32 title: |- L3 VNI associated with the VRF for overlay traffic type: integer route_distinguisher: description: |- Route distinguisher. ASN: or IPAddress:. title: |- Route distinguisher type: string route_targets: description: |- Route targets. items: $ref: '#/definitions/VrfRouteTargets' maxItems: 1 minItems: 1 title: |- Route targets type: array tier0_path: description: | Default tier0 path. Cannot be modified after realization. title: |- Tier0 path type: string required: - tier0_path type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-0 vrf configuration. title: |- Tier-0 vrf configuration x-vmw-nsx-module: PolicyConnectivity Tier1: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: default_rule_logging: default: false description: | Indicates if logging should be enabled for the default whitelisting rule. This filed is deprecated and recommended to change Rule logging filed. Note that this filed is not synchornied with default logging field. title: |- Enable logging for whitelisted rule type: boolean x-deprecated: true dhcp_config_paths: description: | DHCP configuration for Segments connected to Tier-1. DHCP service is enabled in relay mode. items: type: string maxItems: 1 minItems: 0 title: |- DHCP configuration for Segments connected to Tier-1 type: array disable_firewall: default: false description: |- Disable or enable gateway fiewall. title: |- Disable gateway firewall type: boolean enable_standby_relocation: default: false description: | Flag to enable standby service router relocation. Standby relocation is not enabled until edge cluster is configured for Tier1. title: |- Flag to enable standby service router relocation. type: boolean failover_mode: default: NON_PREEMPTIVE description: | Determines the behavior when a Tier-1 instance restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. Only applicable when edge cluster is configured in Tier1 locale-service. enum: - PREEMPTIVE - NON_PREEMPTIVE title: |- Failover mode type: string federation_config: $ref: '#/definitions/FederationGatewayConfig' description: |- Additional config for federation. readOnly: true title: |- Federation releated config force_whitelisting: default: false description: | This filed is deprecated and recommended to change Rule action filed. Note that this filed is not synchornied with default rule field. title: |- Flag to add whitelisting FW rule during realization type: boolean x-deprecated: true intersite_config: $ref: '#/definitions/IntersiteGatewayConfig' description: |- Inter site routing configuration when the gateway is streched. title: |- Inter site routing configuration ipv6_profile_paths: description: | Configuration IPv6 NDRA and DAD profiles. Either or both NDRA and/or DAD profiles can be configured. items: type: string maxItems: 2 minItems: 0 title: |- IPv6 NDRA and DAD profiles configuration type: array pool_allocation: default: ROUTING description: | Supports edge node allocation at different sizes for routing and load balancer service to meet performance and scalability requirements. ROUTING: Allocate edge node to provide routing services. LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE: Specify size of load balancer service that will be configured on TIER1 gateway. enum: - ROUTING - LB_SMALL - LB_MEDIUM - LB_LARGE - LB_XLARGE title: |- Edge node allocation size type: string qos_profile: $ref: '#/definitions/GatewayQosProfileConfig' description: | QoS Profile configuration for Tier1 router link connected to Tier0 gateway. title: |- Gateway QoS Profile configuration route_advertisement_rules: description: |- Route advertisement rules and filtering items: $ref: '#/definitions/RouteAdvertisementRule' title: |- Route advertisement rules and filtering type: array route_advertisement_types: description: | Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised. items: description: | Control routes advertised by Tier-1 instance. TIER1_STATIC_ROUTES: Advertise all STATIC routes. TIER1_CONNECTED: Advertise all subnets configured on connected Interfaces and Segments. TIER1_NAT: Advertise all NAT IP addresses. TIER1_LB_VIP: Advertise all Load-balancer VIPs. TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses. TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets. enum: - TIER1_STATIC_ROUTES - TIER1_CONNECTED - TIER1_NAT - TIER1_LB_VIP - TIER1_LB_SNAT - TIER1_DNS_FORWARDER_IP - TIER1_IPSEC_LOCAL_ENDPOINT type: string title: |- Enable different types of route advertisements type: array tier0_path: description: | Specify Tier-1 connectivity to Tier-0 instance. title: |- Tier-1 connectivity to Tier-0 type: string type: description: | Tier1 connectivity type for reference. Property value is not validated with Tier1 configuration. ROUTED: Tier1 is connected to Tier0 gateway and routing is enabled. ISOLATED: Tier1 is not connected to any Tier0 gateway. NATTED: Tier1 is in ROUTED type with NAT configured locally. enum: - ROUTED - ISOLATED - NATTED title: |- Tier1 type type: string type: object x-vmw-nsx-module: PolicyConnectivity description: | Tier-1 instance configuration. title: |- Tier-1 x-vmw-nsx-module: PolicyConnectivity Tier1DeploymentMap: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: enforcement_point: description: |- Path of enforcement point on which Tier-1 shall be deployed. title: |- Absolute path of Enforcement Point type: string required: - enforcement_point type: object x-vmw-nsx-module: PolicyEnforcementPointManagement description: |- Binding of Tier-1 to the enforcement point. title: |- Tier-1 Deployment Map x-vmw-nsx-module: PolicyEnforcementPointManagement Tier1GatewayState: description: |- Tier1 gateway state properties: enforcement_point_path: description: | String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. title: |- Enforcement point path type: string ipv6_status: description: | IPv6 DAD status for interfaces configured on Tier1 items: $ref: '#/definitions/IPv6Status' title: |- IPv6 DAD status for Tier1 interfaces type: array tier1_state: $ref: '#/definitions/LogicalRouterState' description: | Detailed realized state information for Tier1 title: |- Tier1 state tier1_status: $ref: '#/definitions/LogicalRouterStatus' description: | Detailed realized status information for Tier1 title: |- Tier1 status title: |- Tier1 gateway state type: object x-vmw-nsx-module: PolicyConnectivityStatistics Tier1Interface: allOf: - $ref: '#/definitions/BaseTier0Interface' - properties: ipv6_profile_paths: description: | Configrue IPv6 NDRA profile. Only one NDRA profile can be configured. items: type: string maxItems: 1 minItems: 0 title: |- IPv6 NDRA profile configuration type: array mtu: description: | Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. format: int32 minimum: 64 title: |- MTU size type: integer segment_path: description: | Policy path of Segment to which interface is connected to. title: |- Policy path of Segment to attach interface type: string urpf_mode: default: STRICT description: |- Unicast Reverse Path Forwarding mode enum: - NONE - STRICT title: |- Unicast Reverse Path Forwarding mode type: string required: - segment_path type: object x-vmw-nsx-module: PolicyConnectivity description: |- Tier-1 interface configuration for attaching services. title: |- Tier-1 interface configuration x-vmw-nsx-module: PolicyConnectivity Tier1InterfaceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-1 Interface list results items: $ref: '#/definitions/Tier1Interface' title: |- Tier-1 Interface list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Tier-1 Interfaces title: |- Paged collection of Tier-1 Interfaces x-vmw-nsx-module: PolicyConnectivity Tier1ListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- Tier-1 list results items: $ref: '#/definitions/Tier1' title: |- Tier-1 list results type: array required: - results type: object x-vmw-nsx-module: PolicyConnectivity description: |- Paged collection of Tier-1 instances title: |- Paged collection of Tier-1 instances x-vmw-nsx-module: PolicyConnectivity TlsCertificate: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: details: description: |- list of X509Certificates. items: $ref: '#/definitions/X509Certificate' readOnly: true type: array pem_encoded: description: |- pem encoded certificate data. readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: PolicyCertificate x-vmw-nsx-module: PolicyCertificate TlsCertificateList: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- TlsCertificate list. items: $ref: '#/definitions/TlsCertificate' readOnly: true type: array type: object x-vmw-nsx-module: PolicyCertificate description: |- Certificate queries result title: |- Certificate queries result x-vmw-nsx-module: PolicyCertificate TlsCrl: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: details: $ref: '#/definitions/X509Crl' description: |- Details of the X509Crl object. readOnly: true title: |- Details of the X509Crl object pem_encoded: description: |- Pem encoded crl data. title: |- Pem encoded crl data type: string required: - pem_encoded type: object x-vmw-nsx-module: PolicyCertificate x-vmw-nsx-module: PolicyCertificate TlsCrlListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- TlsCrl list results items: $ref: '#/definitions/TlsCrl' title: |- TlsCrl list results type: array required: - results type: object x-vmw-nsx-module: PolicyCertificate description: |- Paged Collection of TlsCrl title: |- Paged Collection of TlsCrl x-vmw-nsx-module: PolicyCertificate TlsListenerCertificate: description: | Returns the certificate and thumbprint of a remote TLS listener, if the listener is running and accepting requests. If the certificate cannot be retrieved, the result property describes the problem. properties: certificate: $ref: '#/definitions/X509Certificate' description: |- The certificate of the TLS listener. readOnly: true title: |- The certificate of the TLS listener result: description: |- Result of get certificate operation. enum: - SUCCESS - CONNECTION_TIMEOUT - NO_ROUTE_TO_HOST - CONNECTION_REFUSED title: |- Result of get certificate operation type: string thumbprint: description: |- The SHA-256 thumbprint of the TLS listener. readOnly: true title: |- The SHA-256 thumbprint of the TLS listener type: string title: |- Remote TLS Listener Certificate type: object x-vmw-nsx-module: PolicySiteGM TlsTrustData: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: key_algo: description: |- Key algorithm contained in this certificate. type: string passphrase: description: |- Password for private key encryption. readOnly: false type: string pem_encoded: description: |- pem encoded certificate data. readOnly: false type: string private_key: description: |- private key data readOnly: false type: string required: - pem_encoded type: object x-vmw-nsx-module: PolicyCertificate x-vmw-nsx-module: PolicyCertificate Tooltip: description: |- Tooltip to be shown while hovering over the dashboard UI element. properties: condition: description: |- If the condition is met then the tooltip will be applied. If no condition is provided, then the tooltip will be applied unconditionally. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. maxLength: 1024 title: |- Expression for evaluating condition type: string heading: description: |- If true, displays tooltip text in bold title: |- Tooltip will be treated as header. type: boolean text: description: |- Text to be shown on tooltip while hovering over UI element. The text would be wrapped if it exceeds 80 chars. maxLength: 1024 title: |- Textbox shown at tooltip type: string required: - text title: |- Tooltip type: object x-vmw-nsx-module: NsxDashboard TraceflowConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: is_transient: default: true description: |- This field indicates if intent is transient and will be cleaned up by the system if set to true title: |- Marker to indicate if intent is transient type: boolean packet: $ref: '#/definitions/PacketData' description: |- Configuration of packet data title: |- Packet configuration segment_port_path: description: |- Segment Port Path or UUID title: |- Segment Port Path or UUID type: string timeout: default: 10 description: | Maximum time in seconds the management plane will wait for observation result to be sent by opsAgent. format: int64 maximum: 15 minimum: 5 title: |- Timeout for traceflow observation results type: integer required: - packet - segment_port_path type: object x-vmw-nsx-module: PolicyConnectivity description: |- Traceflow configuration title: |- Traceflow configuration x-vmw-nsx-module: PolicyConnectivity TrafficRateLimits: description: |- Enables traffic limit for incoming/outgoing broadcast and multicast packets. Use 0 to disable rate limiting for a specific traffic type properties: rx_broadcast: default: 0 description: |- Incoming broadcast traffic limit in packets per second format: int32 minimum: 0 readOnly: false title: |- Broadcast receive limit type: integer rx_multicast: default: 0 description: |- Incoming multicast traffic limit in packets per second format: int32 minimum: 0 readOnly: false title: |- Multicast receive limit type: integer tx_broadcast: default: 0 description: |- Outgoing broadcast traffic limit in packets per second format: int32 minimum: 0 readOnly: false title: |- Broadcast transmit limit type: integer tx_multicast: default: 0 description: |- Outgoing multicast traffic limit in packets per second format: int32 minimum: 0 readOnly: false title: |- Multicast transmit limit type: integer title: |- Rate limiting configuration type: object x-vmw-nsx-module: PolicySegmentSecurity TransportNodeSpanEnforcedStatus: allOf: - $ref: '#/definitions/EnforcedStatusPerScopeNsxT' - properties: enforced_status_per_transport_node: description: |- List of Detailed Realized Status per Transport Node. items: $ref: '#/definitions/EnforcedStatusPerTransportNode' readOnly: true title: |- List of Enforced Realized Status per Transport Node type: array type: object x-vmw-nsx-module: PolicyRealizationStatus description: | Detailed Realized Status of an Intent on a span of Transport Nodes. title: |- Enforced Realized Status across Transport Nodes x-vmw-nsx-module: PolicyRealizationStatus TransportProtocolHeader: properties: dhcp_header: $ref: '#/definitions/DhcpHeader' description: |- DHCP header title: |- DHCP header dhcpv6_header: $ref: '#/definitions/Dhcpv6Header' description: |- DHCP v6 header title: |- DHCP v6 header dns_header: $ref: '#/definitions/DnsHeader' description: |- DNS header title: |- DNS header icmp_echo_request_header: $ref: '#/definitions/IcmpEchoRequestHeader' description: |- ICMP echo request header title: |- ICMP echo request header ndp_header: $ref: '#/definitions/NdpHeader' description: |- Neighbor discovery protocol header title: |- Neighbor discovery protocol header tcp_header: $ref: '#/definitions/TcpHeader' description: |- TCP header title: |- TCP header udp_header: $ref: '#/definitions/UdpHeader' description: |- UDP header title: |- UDP header type: object x-vmw-nsx-module: Traceflow TunnelInterfaceIPSubnet: properties: ip_addresses: description: |- IPv4 Addresses items: description: |- IPv4 address format: ipv4 type: string maxItems: 1 minItems: 1 title: |- IPv4 Addresses type: array prefix_length: description: |- Subnet Prefix Length format: int64 maximum: 31 minimum: 1 title: |- Subnet Prefix Length type: integer required: - ip_addresses - prefix_length type: object x-vmw-nsx-module: PolicyIPSecVpn TunnelSubnet: properties: ip_addresses: description: |- Subnet ip addresses items: description: |- IPv4 address format: ipv4 type: string maxItems: 1 minItems: 1 title: |- Subnet ip addresses type: array uniqueItems: true prefix_length: description: |- Subnet Prefix Length format: int64 maximum: 31 minimum: 1 title: |- Subnet Prefix Length type: integer required: - ip_addresses - prefix_length type: object x-vmw-nsx-module: PolicyL3Vpn UdpHeader: properties: dst_port: default: 0 description: |- Destination port of udp header format: int64 maximum: 65535 minimum: 0 title: |- Destination port of udp header type: integer src_port: default: 0 description: |- Source port of udp header format: int64 maximum: 65535 minimum: 0 title: |- Source port of udp header type: integer type: object x-vmw-nsx-module: Traceflow UdpPolicyLbMonitorProfile: allOf: - $ref: '#/definitions/PolicyLbMonitorProfile' - properties: receive: description: | Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period. title: |- expected data received from server type: string send: description: | The data to be sent to the monitored server. title: |- data to send type: string required: - receive - send type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the Group through the PolicyLbRule object. This represents active health monitoring over UDP. Active healthchecks are initiated periodically, at a configurable interval, to each member of the Group. Only if a healthcheck fails consecutively for a specified number of times (fall_count) to a member will the member status be marked DOWN. Once a member is DOWN, a specified number of consecutive successful healthchecks (rise_count) will bring the member back to UP state. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. title: |- PolicyLbMonitorProfile for active health checks over UDP x-vmw-nsx-module: TempPolicyLoadBalancer UdpPolicyLbVirtualServer: allOf: - $ref: '#/definitions/PolicyLbVirtualServer' - type: object x-vmw-nsx-module: TempPolicyLoadBalancer description: | Virtual server acts as a facade to an application, receives all client connections over UDP and distributes them among the backend servers. title: |- PolicyLbVirtualServer handling connections over UDP x-vmw-nsx-module: TempPolicyLoadBalancer UnaryOperation: description: |- Unary Operation. properties: operand: $ref: '#/definitions/ResourceFieldPointer' description: |- Represents an argument of the operation pointing to a specific field value. title: |- Operand operator: description: |- Logical Operator describing the operation to apply to the operand. enum: - APPEND - SUBTRACT title: |- Operator type: string required: - operator - operand title: |- Unary Operation type: object x-vmw-nsx-module: PolicyReaction UnaryOperationBasedInjectionValue: allOf: - $ref: '#/definitions/InjectionValue' - properties: initial_value: $ref: '#/definitions/ResourceFieldPointer' description: | Resource field pointer representing the initial value for the injection value. If an operation is supplied, the value is handed to the operation function to produce a final result. title: |- Intitial value operation: $ref: '#/definitions/UnaryOperation' description: |- Represents an optional operation to be done on the initial value. title: |- Operation Function required: - initial_value type: object x-vmw-nsx-module: PolicyReaction description: |- Operation based Injection Value. title: |- Operation based Injection Value x-vmw-nsx-module: PolicyReaction UnboundedKeyValuePair: description: |- A key-value pair with no limitations on size properties: key: description: |- Key readOnly: false title: |- Key type: string value: description: |- Value readOnly: false title: |- Value type: string required: - value - key title: |- A key-value pair with no limitations on size type: object x-vmw-nsx-module: Common UrlAlias: description: |- Short name or alias of a url. It is used to represent the url. properties: alias: description: |- Short name or alias of url, if any. If not specified, the url can be referenced by its index in the array of urls of the datasource instance as $ (for example, $0). maxLength: 255 title: |- Url Alias Name type: string query: description: |- Search query to be applied, if any. If query string is not provided, it will be ignored. maxLength: 1024 title: |- Search query of the search api, if any type: string url: description: |- Url to fetch data from. maxLength: 1024 title: |- Url type: string required: - url title: |- Url Alias type: object x-vmw-nsx-module: NsxDashboard UserInfo: description: |- Authenticated User Info properties: roles: description: |- Permissions items: $ref: '#/definitions/NsxRole' readOnly: true title: |- Permissions type: array user_name: description: |- User Name readOnly: true title: |- User Name type: string title: |- Authenticated User Info type: object x-vmw-nsx-module: AAA ValueConstraintExpression: allOf: - $ref: '#/definitions/ConstraintExpression' - properties: operator: description: |- Operation to check for value list for resource attribute of constraint. enum: - INCLUDES - EXCLUDES - EQUALS title: |- Operation to check for value list for resource attribute of constraint. type: string values: description: |- List of values. items: type: string title: |- Array of values to perform operation. type: array required: - operator - values type: object x-vmw-nsx-module: PolicyConstraints description: | Represents the leaf level value constraint to constrain specified attribute value to the set of values to be allowed/not-allowed. Example - sourceGroups allowed to have only with list of groups. { "operator":"INCLUDES", "values":["/infra/services/HTTP", "/infra/services/HTTPS"] } title: |- Represents the leaf level value constraint. x-vmw-nsx-module: PolicyConstraints VersionList: allOf: - $ref: '#/definitions/ManagedResource' - properties: acceptable_versions: description: |- List of component versions items: type: string title: |- List of component versions type: array required: - acceptable_versions type: object x-vmw-nsx-module: VersionWhitelist x-vmw-nsx-module: VersionWhitelist VidmInfo: description: |- Vidm Info properties: display_name: description: |- User's Full Name Or User Group's Display Name readOnly: true title: |- User's Full Name Or User Group's Display Name type: string name: description: |- Username Or Groupname readOnly: true title: |- Username Or Groupname type: string type: description: |- Type enum: - remote_user - remote_group readOnly: true title: |- Type type: string title: |- Vidm Info type: object x-vmw-nsx-module: AAA VidmInfoListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- List results items: $ref: '#/definitions/VidmInfo' title: |- List results type: array required: - results type: object x-vmw-nsx-module: AAA x-vmw-nsx-module: AAA View: allOf: - $ref: '#/definitions/ManagedResource' - properties: display_name: description: |- Title of the widget. maxLength: 255 title: |- Widget Title type: string exclude_roles: description: |- Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified. maxLength: 1024 title: |- Roles to which the shared view is not visible type: string include_roles: description: |- Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. maxLength: 1024 title: |- Roles to which the shared view is visible type: string shared: default: false description: |- Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users. title: |- Share the view with other users type: boolean weight: default: 10000 description: |- Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order. format: int32 title: |- Weightage or placement of the view type: integer widgets: description: |- Array of widgets that are part of the view. items: $ref: '#/definitions/WidgetItem' minItems: 0 title: |- Widgets type: array required: - widgets - display_name type: object x-vmw-nsx-module: NsxDashboard description: |- Describes the configuration of a view to be displayed on the dashboard. title: |- Dashboard View x-vmw-nsx-module: NsxDashboard ViewList: description: |- Represents a list of views. properties: views: description: |- Array of views items: $ref: '#/definitions/View' readOnly: true title: |- Array of views type: array title: |- List of Views type: object x-vmw-nsx-module: NsxDashboard VirtualEndpoint: allOf: - $ref: '#/definitions/BaseEndpoint' - properties: service_names: description: |- One VirtualEndpoint will be created per service name. items: type: string maxItems: 1 minItems: 1 readOnly: false title: |- Services for which this endpoint to be created type: array required: - service_names type: object x-vmw-nsx-module: PolicyServiceInsertion description: | A VirtualEndpoint represents an IP (or nexthop) which is outside SDDC. It represents a redirection target for RedirectionPolicy. title: |- This endpoint is strictly of the type Virtual x-vmw-nsx-module: PolicyServiceInsertion VirtualMachine: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: compute_ids: description: |- List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] items: type: string title: |- List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] type: array external_id: description: |- Current external id of this virtual machine in the system. title: |- Current external id of this virtual machine in the system. type: string guest_info: $ref: '#/definitions/GuestInfo' description: | Guest virtual machine details include OS name, computer name of guest VM. Currently this is supported for guests on ESXi that have VMware Tools installed. title: |- Guest virtual machine details host_id: description: |- Id of the host in which this virtual machine exists. title: |- Id of the host in which this virtual machine exists. type: string local_id_on_host: description: |- Id of the vm unique within the host. title: |- Id of the vm unique within the host. type: string power_state: description: |- Current power state of this virtual machine in the system. enum: - VM_RUNNING - VM_STOPPED - VM_SUSPENDED - UNKNOWN title: |- Current power state of this virtual machine in the system. type: string source: $ref: '#/definitions/ResourceReference' description: |- Reference of the Host or Public Cloud Gateway that reported the VM title: |- Reference of the Host or Public Cloud Gateway that reported the VM type: description: |- Virtual Machine type; Edge, Service VM or other. enum: - EDGE - SERVICE - REGULAR readOnly: true title: |- Virtual Machine type; Edge, Service VM or other. type: string required: - local_id_on_host - external_id - power_state - compute_ids type: object x-vmw-nsx-module: Inventory x-vmw-nsx-module: Inventory VirtualNetworkInterface: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: device_key: description: |- Device key of the virtual network interface. title: |- Device key of the virtual network interface. type: string device_name: description: |- Device name of the virtual network interface. title: |- Device name of the virtual network interface. type: string external_id: description: |- External Id of the virtual network inferface. title: |- External Id of the virtual network inferface. type: string host_id: description: |- Id of the host on which the vm exists. title: |- Id of the host on which the vm exists. type: string ip_address_info: description: |- IP Addresses of the the virtual network interface, from various sources. items: $ref: '#/definitions/IpAddressInfo' title: |- IP Addresses of the the virtual network interface, from various sources. type: array lport_attachment_id: description: |- LPort Attachment Id of the virtual network interface. title: |- LPort Attachment Id of the virtual network interface. type: string mac_address: description: |- MAC address of the virtual network interface. title: |- MAC address of the virtual network interface. type: string owner_vm_id: description: |- Id of the vm to which this virtual network interface belongs. title: |- Id of the vm to which this virtual network interface belongs. type: string owner_vm_type: description: |- Owner virtual machine type; Edge, Service VM or other. enum: - EDGE - SERVICE - REGULAR readOnly: true title: |- Owner virtual machine type; Edge, Service VM or other. type: string vm_local_id_on_host: description: |- Id of the vm unique within the host. title: |- Id of the vm unique within the host. type: string required: - device_key - owner_vm_id - vm_local_id_on_host - mac_address - host_id - external_id type: object x-vmw-nsx-module: Inventory x-vmw-nsx-module: Inventory VirtualNetworkInterfaceListResult: allOf: - $ref: '#/definitions/ListResult' - properties: results: description: |- VirtualNetworkInterface list results items: $ref: '#/definitions/VirtualNetworkInterface' title: |- VirtualNetworkInterface list results type: array required: - results type: object x-vmw-nsx-module: Inventory x-vmw-nsx-module: Inventory VirtualPortgroup: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cm_local_id: description: |- Id of the portgroup, eg. a mo-ref from VC. readOnly: true title: |- Id of the portgroup in compute manager type: string external_id: description: |- External id of the virtual portgroup readOnly: true title: |- External id of the virtual portgroup type: string origin_type: description: |- Portgroup type like DistributedVirtualPortgroup readOnly: true title: |- Portgroup type like DistributedVirtualPortgroup type: string type: object x-vmw-nsx-module: InventoryCmObj description: |- Virtual portgroup on a virtual switch title: |- Virtual portgroup on a virtual switch x-vmw-nsx-module: InventoryCmObj VirtualSwitch: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: cm_local_id: description: |- ID of the virtual switch in compute manager readOnly: true title: |- ID of the virtual switch in compute manager type: string external_id: description: |- External id of the virtual switch readOnly: true title: |- External id of the virtual switch type: string origin_id: description: | ID of the compute manager where this virtual switch is discovered. readOnly: true title: |- ID of the compute manager type: string origin_type: description: |- Switch type like VmwareDistributedVirtualSwitch readOnly: true title: |- Switch type like VmwareDistributedVirtualSwitch type: string type: object x-vmw-nsx-module: InventoryCmObj description: |- Virtual switch on a compute manager title: |- Virtual switch on a compute manager x-vmw-nsx-module: InventoryCmObj VmToolsInfo: allOf: - $ref: '#/definitions/DiscoveredResource' - properties: external_id: description: |- Current external id of this virtual machine in the system. readOnly: true title: |- VM external ID type: string file_agent_version: description: |- Version of file agent on the VM of a third party partner solution. readOnly: true title: |- File agent version on the VM type: string host_local_id: description: |- Id of the VM which is assigned locally by the host. It is the VM-moref on ESXi hosts, in other environments it is VM UUID. readOnly: true title: |- VM ID given by the host type: string network_agent_version: description: |- Version of network agent on the VM of a third party partner solution. readOnly: true title: |- Network agent version on the VM type: string source: $ref: '#/definitions/ResourceReference' description: |- Reference of the Host or Public Cloud Gateway that reported the VM. readOnly: true title: |- Reference of the Host or Public Cloud Gateway that reported the VM. tools_version: description: |- Version of VMTools installed on the VM. readOnly: true title: |- VM tools version on the VM type: string vm_type: description: |- Type of VM - Edge, Service or other. enum: - EDGE - SERVICE - REGULAR readOnly: true title: |- Virtual Machine type type: string type: object x-vmw-nsx-module: VmToolsInfo x-vmw-nsx-module: VmToolsInfo VniPoolConfig: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: end: description: |- End value of VNI Pool range format: int32 maximum: 16777215 minimum: 75001 title: |- End value of VNI Pool range type: integer start: description: |- Start value of VNI Pool range format: int32 maximum: 16777215 minimum: 75001 title: |- Start value of VNI Pool range type: integer required: - start - end type: object x-vmw-nsx-module: PolicyConnectivity description: |- Vni Pool Configuration. title: |- Vni Pool Config x-vmw-nsx-module: PolicyConnectivity VrfRouteTargets: allOf: - $ref: '#/definitions/PolicyConfigResource' - properties: address_family: default: L2VPN_EVPN description: |- Address family. enum: - L2VPN_EVPN title: |- Address family type: string export_route_targets: description: |- Export route targets. ASN: or IPAddress:. items: type: string title: |- Export route targets type: array import_route_targets: description: |- Import route targets. ASN: or IPAddress:. items: type: string title: |- Import route targets type: array type: object x-vmw-nsx-module: PolicyConnectivity description: |- Vrf Route Targets for import/export. title: |- Vrf Route Targets x-vmw-nsx-module: PolicyConnectivity WeeklyBackupSchedule: allOf: - $ref: '#/definitions/BackupSchedule' - properties: days_of_week: description: |- Days of week when backup is taken. 0 - Sunday, 1 - Monday, 2 - Tuesday, 3 - Wednesday ... items: format: int64 type: integer maxItems: 7 minItems: 1 title: |- Days of week when backup is taken. 0 - Sunday, 1 - Monday, 2 - Tuesday, 3 - Wednesday ... type: array uniqueItems: true hour_of_day: description: |- Time of day when backup is taken format: int64 maximum: 23 minimum: 0 title: |- Time of day when backup is taken type: integer minute_of_day: description: |- Time of day when backup is taken format: int64 maximum: 59 minimum: 0 title: |- Time of day when backup is taken type: integer required: - days_of_week - minute_of_day - hour_of_day type: object x-vmw-nsx-module: BackupConfiguration description: |- Schedule to specify day of the week and time to take automated backup title: |- Schedule to specify day of the week and time to take automated backup x-vmw-nsx-module: BackupConfiguration WidgetConfiguration: allOf: - $ref: '#/definitions/ManagedResource' - discriminator: resource_type properties: datasources: description: |- The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. items: $ref: '#/definitions/Datasource' minItems: 0 title: |- Array of Datasource Instances with their relative urls type: array default_filter_value: description: |- Default filter values to be passed to datasources. This will be used when the report is requested without filter values. items: $ref: '#/definitions/DefaultFilterValue' title: |- Default filter value to be passed to datasources type: array display_name: description: |- Title of the widget. If display_name is omitted, the widget will be shown without a title. maxLength: 255 title: |- Widget Title type: string drilldown_id: description: |- Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. maxLength: 255 title: |- Id of drilldown widget type: string filter: description: |- Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. title: |- Id of filter widget for subscription type: string filter_value_required: default: true description: |- Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. title: |- Flag to indicate if filter value is necessary type: boolean footer: $ref: '#/definitions/Footer' icons: description: |- Icons to be applied at dashboard for widgets and UI elements. items: $ref: '#/definitions/Icon' title: |- Icons type: array is_drilldown: default: false description: |- Set to true if this widget should be used as a drilldown. title: |- Set as a drilldown widget type: boolean legend: $ref: '#/definitions/Legend' description: |- Legend to be displayed. If legend is not needed, do not include it. title: |- Legend for the widget resource_type: description: |- Supported visualization types are LabelValueConfiguration, DonutConfiguration, GridConfiguration, StatsConfiguration, MultiWidgetConfiguration, GraphConfiguration, ContainerConfiguration, CustomWidgetConfiguration and DropdownFilterWidgetConfiguration. enum: - LabelValueConfiguration - DonutConfiguration - MultiWidgetConfiguration - ContainerConfiguration - StatsConfiguration - GridConfiguration - GraphConfiguration - CustomWidgetConfiguration - DropdownFilterWidgetConfiguration maxLength: 255 readOnly: true title: |- Widget visualization type type: string shared: description: |- Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. title: |- Visiblity of widgets to other users type: boolean x-deprecated: true span: description: |- Represents the horizontal span of the widget / container. format: int32 maximum: 12 minimum: 1 title: |- Horizontal span type: integer weight: description: |- Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. format: int32 title: |- Weightage or placement of the widget or container type: integer x-deprecated: true required: - resource_type type: object x-vmw-nsx-module: NsxDashboard description: |- Describes the configuration of a widget to be displayed on the dashboard. WidgetConfiguration is a base type that provides attributes of a widget in-general. title: |- Dashboard Widget Configuration x-vmw-nsx-module: NsxDashboard WidgetConfigurationList: description: |- Represents a list of widget configurations. properties: widgetconfigurations: description: |- Array of widget configurations items: $ref: '#/definitions/WidgetConfiguration' readOnly: true title: |- Array of widget configurations type: array title: |- List of Widget Configurations type: object x-vmw-nsx-module: NsxDashboard WidgetItem: description: |- Represents a reference to a widget that is held by a container or a multi-widget or a View. properties: alignment: default: LEFT description: |- Aligns widget either left or right. enum: - LEFT - RIGHT title: |- Alignment of widget inside container type: string label: $ref: '#/definitions/Label' description: |- Applicable for 'DonutConfiguration' and 'StatsConfiguration' reports only. If label is not specified, then it defaults to the label of the donut or stats report. title: |- Label of the the report separator: default: false description: |- If true, separates this widget in a container. title: |- A separator after this widget type: boolean weight: default: 10000 description: |- Determines placement of widget or container relative to other widgets and containers. The lower the weight, the higher it is in the placement order. format: int32 title: |- Weightage or placement of the widget or container type: integer widget_id: description: |- Id of the widget configuration that is held by a multi-widget or a container or a view. maxLength: 255 title: |- Id of the widget configuration type: string required: - widget_id title: |- Widget held by MultiWidgetConfiguration or Container or a View type: object x-vmw-nsx-module: NsxDashboard X509Certificate: properties: dsa_public_key_g: description: |- One of the DSA cryptogaphic algorithm's strength parameters, base. readOnly: true type: string dsa_public_key_p: description: |- One of the DSA cryptogaphic algorithm's strength parameters, prime. readOnly: true type: string dsa_public_key_q: description: |- One of the DSA cryptogaphic algorithm's strength parameters, sub-prime. readOnly: true type: string dsa_public_key_y: description: |- One of the DSA cryptogaphic algorithm's strength parameters. readOnly: true type: string ecdsa_curve_name: description: |- The Curve name for the ECDSA certificate. readOnly: true title: |- ECDSA Curve Name type: string ecdsa_ec_field: description: |- Represents an elliptic curve (EC) finite field in ECDSA. enum: - F2M - FP readOnly: true title: |- ECDSA Elliptic Curve Finite Field type: string ecdsa_ec_field_f2mks: description: |- The order of the middle term(s) of the reduction polynomial in elliptic curve (EC) | characteristic 2 finite field.| Contents of this array are copied to protect against subsequent modification in ECDSA. items: format: int64 type: integer readOnly: true title: |- ECDSA Elliptic Curve F2MKS type: array ecdsa_ec_field_f2mm: description: |- The first coefficient of this elliptic curve in elliptic curve (EC) | characteristic 2 finite field for ECDSA. format: int64 readOnly: true title: |- ECDSA Elliptic Curve F2MM type: integer ecdsa_ec_field_f2mrp: description: |- The value whose i-th bit corresponds to the i-th coefficient of the reduction polynomial | in elliptic curve (EC) characteristic 2 finite field for ECDSA. readOnly: true title: |- ECDSA Elliptic Curve F2MRP type: string ecdsa_ec_field_f2pp: description: |- The specified prime for the elliptic curve prime finite field in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve F2PP type: string ecdsa_public_key_a: description: |- The first coefficient of this elliptic curve in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key A type: string ecdsa_public_key_b: description: |- The second coefficient of this elliptic curve in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key B type: string ecdsa_public_key_cofactor: description: |- The co-factor in ECDSA. format: int64 readOnly: true title: |- ECDSA Elliptic Curve Public Key Cofactor type: integer ecdsa_public_key_generator_x: description: |- X co-ordinate of G (the generator which is also known as the base point) in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key X type: string ecdsa_public_key_generator_y: description: |- Y co-ordinate of G (the generator which is also known as the base point) in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key Y type: string ecdsa_public_key_order: description: |- The order of generator G in ECDSA. readOnly: true title: |- ECDSA Elliptic Curve Public Key Order type: string ecdsa_public_key_seed: description: |- The bytes used during curve generation for later validation in ECDSA.| Contents of this array are copied to protect against subsequent modification. items: type: string readOnly: true title: |- ECDSA Elliptic Curve Public Key Seed type: array is_ca: description: |- True if this is a CA certificate. readOnly: true type: boolean is_valid: description: |- True if this certificate is valid. readOnly: true type: boolean issuer: description: |- The certificate issuers complete distinguished name. readOnly: true type: string issuer_cn: description: |- The certificate issuer's common name. readOnly: true type: string not_after: description: |- The time in epoch milliseconds at which the certificate becomes invalid. format: int64 readOnly: true type: integer not_before: description: |- The time in epoch milliseconds at which the certificate becomes valid. format: int64 readOnly: true type: integer public_key_algo: description: |- Cryptographic algorithm used by the public key for data encryption. enum: - RSA - DSA - ECDSA readOnly: true title: |- Public Key Algorithm type: string public_key_length: description: |- Size measured in bits of the public/private keys used in a cryptographic algorithm. format: int64 readOnly: true type: integer rsa_public_key_exponent: description: |- An RSA public key is made up of the modulus and the public exponent. Exponent is a power number. readOnly: true type: string rsa_public_key_modulus: description: |- An RSA public key is made up of the modulus and the public exponent. Modulus is wrap around number. readOnly: true type: string serial_number: description: |- Certificate's serial number. readOnly: true type: string signature: description: |- The signature value(the raw signature bits) used for signing and validate the cert. readOnly: true type: string signature_algorithm: description: |- The algorithm used by the Certificate Authority to sign the certificate. readOnly: true type: string subject: description: |- The certificate owners complete distinguished name. readOnly: true type: string subject_cn: description: |- The certificate owner's common name. readOnly: true type: string version: description: |- Certificate version (default v1). readOnly: true type: string type: object x-vmw-nsx-module: CertificateManager X509Crl: description: |- A CRL is a time-stamped list identifying revoked certificates. properties: crl_entries: description: |- List of X509CrlEntry. items: $ref: '#/definitions/X509CrlEntry' readOnly: true type: array issuer: description: |- Issuer's distinguished name. (DN) readOnly: true type: string next_update: description: |- Next update time for the CRL. readOnly: true type: string version: description: |- CRL's version number either 1 or 2. readOnly: true type: string title: |- A CRL is a time-stamped list identifying revoked certificates. type: object x-vmw-nsx-module: CertificateManager X509CrlEntry: description: |- Each revoked certificate is identified in a CRL by its certificate serial number. properties: revocation_date: description: |- Revocation date. readOnly: true type: string serial_number: description: |- The revoked certificate's serial number. readOnly: true type: string title: |- Each revoked certificate is identified in a CRL by its certificate serial number. type: object x-vmw-nsx-module: CertificateManager parameters: {} responses: BadGateway: description: Bad Gateway schema: $ref: '#/definitions/ApiError' BadRequest: description: Bad Request schema: $ref: '#/definitions/ApiError' BandwidthLimitExceeded: description: Bandwidth Limit Exceeded schema: $ref: '#/definitions/ApiError' BlockedbyWindowsParentalControls: description: Blocked by Windows Parental Controls schema: $ref: '#/definitions/ApiError' ClientClosedRequest: description: Client Closed Request schema: $ref: '#/definitions/ApiError' Conflict: description: Conflict schema: $ref: '#/definitions/ApiError' EnhanceYourCalm: description: Enhance Your Calm schema: $ref: '#/definitions/ApiError' ExpectationFailed: description: Expectation Failed schema: $ref: '#/definitions/ApiError' FailedDependency: description: Failed Dependency schema: $ref: '#/definitions/ApiError' Forbidden: description: Forbidden schema: $ref: '#/definitions/ApiError' GatewayTimeout: description: Gateway Timeout schema: $ref: '#/definitions/ApiError' Gone: description: Gone schema: $ref: '#/definitions/ApiError' HTTPVersionNotSupported: description: HTTP Version Not Supported schema: $ref: '#/definitions/ApiError' Iamateapot: description: I am a teapot schema: $ref: '#/definitions/ApiError' InsufficientStorage: description: Insufficient Storage schema: $ref: '#/definitions/ApiError' InternalServerError: description: Internal Server Error schema: $ref: '#/definitions/ApiError' LengthRequired: description: Length Required schema: $ref: '#/definitions/ApiError' Locked: description: Locked schema: $ref: '#/definitions/ApiError' LoopDetected: description: Loop Detected schema: $ref: '#/definitions/ApiError' MethodNotAllowed: description: Method Not Allowed schema: $ref: '#/definitions/ApiError' NetworkAuthenticationRequired: description: Network Authentication Required schema: $ref: '#/definitions/ApiError' NoResponse: description: No Response schema: $ref: '#/definitions/ApiError' NotAcceptable: description: Not Acceptable schema: $ref: '#/definitions/ApiError' NotExtended: description: Not Extended schema: $ref: '#/definitions/ApiError' NotFound: description: Not Found schema: $ref: '#/definitions/ApiError' NotImplemented: description: Not Implemented schema: $ref: '#/definitions/ApiError' PaymentRequired: description: Payment Required schema: $ref: '#/definitions/ApiError' PreconditionFailed: description: Precondition Failed schema: $ref: '#/definitions/ApiError' PreconditionRequired: description: Precondition Required schema: $ref: '#/definitions/ApiError' ProxyAuthenticationRequired: description: Proxy Authentication Required schema: $ref: '#/definitions/ApiError' Request-URITooLong: description: Request-URI Too Long schema: $ref: '#/definitions/ApiError' RequestEntityTooLarge: description: Request Entity Too Large schema: $ref: '#/definitions/ApiError' RequestHeaderFieldsTooLarge: description: Request Header Fields Too Large schema: $ref: '#/definitions/ApiError' RequestTimeout: description: Request Timeout schema: $ref: '#/definitions/ApiError' RequestedRangeNotSatisfiable: description: Requested Range Not Satisfiable schema: $ref: '#/definitions/ApiError' ReservedforWebDAV: description: Reserved for WebDAV schema: $ref: '#/definitions/ApiError' RetryWith: description: Retry With schema: $ref: '#/definitions/ApiError' ServiceUnavailable: description: Service Unavailable schema: $ref: '#/definitions/ApiError' TooManyRequests: description: Too Many Requests schema: $ref: '#/definitions/ApiError' Unauthorized: description: Unauthorized schema: $ref: '#/definitions/ApiError' UnavailableForLegalReasons: description: Unavailable For Legal Reasons schema: $ref: '#/definitions/ApiError' UnprocessableEntity: description: Unprocessable Entity schema: $ref: '#/definitions/ApiError' UnsupportedMediaType: description: Unsupported Media Type schema: $ref: '#/definitions/ApiError' UpgradeRequired: description: Upgrade Required schema: $ref: '#/definitions/ApiError' VariantAlsoNegotiates: description: Variant Also Negotiates schema: $ref: '#/definitions/ApiError'