NSX VMC Policy API API Guide
NSX-T Data Center 2.3.0.0.3
Introduction
NSX VMC Policy API provides a programmatic API to automate
management activities. The API follows a resource-oriented
Representational State Transfer (REST) architecture, using JSON
object encoding. Clients interact with the API using RESTful web service
calls over the HTTPS protocol.
Each API method is identified by a request method and URI. Method
parameters are specified as key-value pairs appended to the URI. Unless
otherwise noted, request and response bodies are encoded using JSON, and
must conform to the JSON schema associated with each method. The content
type of each request and reply is "application/json" unless otherwise
specified. Each request that can be made is documented in the API Methods
section. The associated request and response body schemas are documented in
the API Schemas section.
Some APIs may be marked as deprecated. This indicates that the functionality
provided by the API has been removed or replaced with a different API. The
description of the API will indicate what API(s) to call instead.
Some APIs may be marked as experimental. This indicates that the API
may be changed or removed without notice in a future NSX VMC Policy API release.
It is possible for any request to fail. Errors are reported using standard
HTTP response codes. It should be assumed the following errors could be
returned by any API method: 301 Moved Permanently, 307 Temporary Redirect, 400 Bad Request, 401 Unauthorized, 403 Forbidden, 500 Internal Server Error, 503 Service Unavailable. Where other errors may be
returned, the type of error is indicated in the API method description. All
errors are documented in the API Errors section.
Request Authentication
Most API calls require authentication. This API supports
HTTP Basic authentication and session-based authentication schemes.
Multiple authentication schemes may not be used concurrently.
HTTP Basic Authentication
To authenticate a request using HTTP Basic authentication, the caller's
credentials are passed using the 'Authorization' header. The header
content should consist of a base64-encoded string containing the username and
password separated by a single colon (":") character, as specified in
RFC 1945 section 11.1.
For example, to authenticate a request using the default credentials of
user admin with password
admin, include the following header with the
request:
Authorization: Basic YWRtaW46YWRtaW4=
The following cURL command will authenticate to the manager using basic
authentication and will issue a GET request for logical ports:
curl -k -u USERNAME:PASSWORD https://MANAGER/api/v1/logical-ports
where:
USERNAME is the user to authenticate as,
PASSWORD is the password to provide, and
MANAGER is the IP address or host name of the NSX manager
For example:
curl -k -u admin:secretPw99 https://192.168.22.32/api/v1/logical-ports
Note: the -k argument instructs cURL to skip
verifying the manager's self-signed X.509 certificate.
Session-Based Authentication
Session-based authentication is used by calling the
/api/session/create authentication API to manage
a session cookie. The session cookie returned in the result of a successful
login must be provided in subsequent requests in order to associate those
requests with the session.
Session state is local to the server responding to the API request.
Idle sessions will automatically time-out, or can be terminated
immediately using the POST /api/session/destroy API.
To obtain a session cookie, POST form data to the server using the
application/x-ww-form-urlencoded media type, with fields "j_username" and
"j_password" containing the username and password separated by an ampersand.
Since an ampersand is a UNIX shell metacharacter, you may need to
surround the argument with single quotes.
The following cURL command
will authenticate to the server, will deposit the session cookie
in the file "cookies.txt", and will write all HTTP response headers
to the file headers.txt. One of these headers is the X-XSRF-TOKEN
header that you will need to provide in subsequent requests.
curl -k -c cookies.txt -D headers.txt -X POST -d 'j_username=USERNAME&j_password=PASSWORD' https://MANAGER/api/session/create
For example:
curl -k -c cookies.txt -D headers.txt -X POST -d 'j_username=admin&j_password=secretPw99' https://192.168.22.32/api/session/create
The manager will respond with the roles and permissions granted to the user,
and cURL will deposit the session cookie into the file "cookies.txt".
In subsequent cURL requests, use the -b argument to specify the cookie file.
You also need to pass the X-XSRF-TOKEN header that was saved to the
headers.txt file, using cURL's -H option:
curl -k -b cookies.txt -H "`grep X-XSRF-TOKEN headers.txt`" https://192.168.22.32/api/v1/logical-ports
When the session expires, the manager will respond with a 403 Forbidden
HTTP response, at which point you must obtain a new session cookie
and X-XSRF-TOKEN.
Session cookies can be destroyed by using the /api/session/destroy
API:
curl -k -b cookies.txt -H "`grep X-XSRF-TOKEN headers.txt`" -X POST https://MANAGER/api/session/destroy
Example Requests and Responses
Example requests and responses are provided for most of the API calls below.
Your actual response might differ from the example in the number of fields
returned because optional empty fields are not returned when you make an API
call.
Restrictions on Certain Fields in a Request
When configuring layer 2 switching, the following fields can contain any
character except semicolon (;), vertical bar (|), equal sign (=), comma (,),
tilde (~), and the "at" sign (@). They also have a length limitation as
specified below:
- Logical switch display name. Maximum length: 80 bytes.
- Host switch name in TransportZone. Maximum length: 80 bytes.
- Uplink name in UplinkHostSwitchProfile. Maximum length: 47 bytes.
Optimistic Concurrency Control and the _revision property
Overview
In order to prevent one client from overwriting another client's
updates, NSX-T employs a technique called optimistic concurrency
control.
All REST payloads contain a property named "_revision".
This is an integer that is incremented each time an existing resource
is updated. Clients must provide this property in PUT requests
and it must match the current _revision or the update will be
rejected. This guards against the following situation:
Client 1 reads resource A.
Client 2 reads resource A.
Client 1 replaces the display_name property of resource A and does
a PUT to replace the resource.
Client 2 replaces is different property of resource A and attempts
to perform a PUT operation.
Without optimistic concurrency control, Client 2's update would
overwrite Client 1's update to the display_name property. Instead,
Client 2 receives a 409 Conflict error. To recover, Client 2 must
fetch the resource again, apply the change, and perform a PUT.
Exceptions for /policy APIs
APIs whose URI begins with /policy have slightly different behavior.
For those APIs, the _revision property must not be set when PUT
is used to create a new resource. Once the resource is created,
however, the _revision property must be provided with PUT operations.
PATCH and _revision for /policy APIs
APIs whose URI begins with /policy support the PATCH operation.
Those APIs do not require that the _revision property be provided.
A client can, however, request that the _revision property be
checked when it is performing a PATCH in the /infra path. To
do this, the client should pass the query parameter enforce_revision_check,
e.g. PATCH /infra?enforce_revision_check=true.
OpenAPI Specification of NSX-T APIs
You can download OpenAPI specifications for the various NSX-T APIs
at the following URLs:
NSX-T Data Center Manager API:
APIs for NSX-T administration; node and cluster management APIs and
fabric management APIs for on-premise customers.
- GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_api.yaml
- GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_api.json
NSX-T Data Center Manager API:
APIs for managing logical networking in NSX-T for on-premise customers.
- GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_policy_api.yaml
- GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_policy_api.json
NSX VMC Policy API:
APIs for managing logical networking in NSX-T for VMware Cloud on AWS customers.
- GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_vmc_policy_api.yaml
- GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_vmc_policy_api.json
NSX VMC AWS Integration API:
APIs for managing AWS underlay networking for VMware Cloud on AWS customers.
- GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_vmc_aws_integration_api.yaml
- GET https://<nsx-mgr>/api/v1/spec/openapi/nsx_vmc_aws_integration_api.json
Retrieve the shadow account and linked VPC account information from VMC provider. This API is a live query to VMC provider.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/accounts
Example Request:
GET https:///cloud-service/api/v1/accounts/
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
VMCAccounts+
VMCAccounts
(
schema)
linked_vpc_account |
linked VPC account number |
string |
|
shadow_account |
Shadow VPC account number |
string |
Required |
Example Response:
{
shadow_account: "482663666969",
linked_vpc_account: "909992878262"
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Get Direct Connect BGP related information, including current Autonomous System Number of the VGW attached to the VPC
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/direct-connect/bgp
Example Request:
GET https:///cloud-service/api/v1/direct-connect/bgp
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
DirectConnectBgpInfo+
DirectConnectBgpInfo
(
schema)
local_as_num |
ASN (Autonomous System Number) of the Direct Connect BGP.
The ASN paired with the VGW attached to the VPC. AWS allowed private BGP ASN range - [64512, 65534] and [4200000000, 4294967294]. If omitted in the payload, BGP ASN will not be modified. |
string |
|
mtu |
Maximum Transmission Unit
Maximum transmission unit allowed by the VIF |
int |
Readonly Maximum: 9198 |
route_preference |
Direct connect route preference over VPN routes.
Direct connect route preference over VPN routes. If omitted in the payload, route preference will not be modified. |
string |
Enum: DX_PREFERED_OVER_VPN, VPN_PREFERED_OVER_DX |
Example Response:
{
"local_as_num" : "65414",
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
This API is used to create or update DX BGP related information. For ASN update, VIFs should be disconnected from the DX VGW before making this API call. The ASN update operation will be synchronous at this point. In the future the user should make use of the Get RealizationStatus call to check update status. While an ASN update call is in progress, any other DX BGP update request will be rejected.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/direct-connect/bgp
Request Body:
DirectConnectBgpInfo+
DirectConnectBgpInfo
(
schema)
local_as_num |
ASN (Autonomous System Number) of the Direct Connect BGP.
The ASN paired with the VGW attached to the VPC. AWS allowed private BGP ASN range - [64512, 65534] and [4200000000, 4294967294]. If omitted in the payload, BGP ASN will not be modified. |
string |
|
mtu |
Maximum Transmission Unit
Maximum transmission unit allowed by the VIF |
int |
Readonly Maximum: 9198 |
route_preference |
Direct connect route preference over VPN routes.
Direct connect route preference over VPN routes. If omitted in the payload, route preference will not be modified. |
string |
Enum: DX_PREFERED_OVER_VPN, VPN_PREFERED_OVER_DX |
Example Request:
PUT https:///cloud-service/api/v1/direct-connect/bgp
{
"local_as_num" : "65414"
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
DirectConnectBgpInfo+
DirectConnectBgpInfo
(
schema)
local_as_num |
ASN (Autonomous System Number) of the Direct Connect BGP.
The ASN paired with the VGW attached to the VPC. AWS allowed private BGP ASN range - [64512, 65534] and [4200000000, 4294967294]. If omitted in the payload, BGP ASN will not be modified. |
string |
|
mtu |
Maximum Transmission Unit
Maximum transmission unit allowed by the VIF |
int |
Readonly Maximum: 9198 |
route_preference |
Direct connect route preference over VPN routes.
Direct connect route preference over VPN routes. If omitted in the payload, route preference will not be modified. |
string |
Enum: DX_PREFERED_OVER_VPN, VPN_PREFERED_OVER_DX |
Example Response:
{
"local_as_num" : "65414"
}
Required Permissions:
crud
Feature:
vmc_user_features
Additional Errors:
Retrieve BGP routes that are advertised by Direct Connect from VMC provider to on-premise datacenter. This API is a live query to VMC provider.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/direct-connect/routes/advertised
Example Request:
GET https:///cloud-service/api/v1/routes/advertised
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
BGPAdvertisedRoutes+
BGPAdvertisedRoutes
(
schema)
advertised_routes |
Routes advertised to on-premise datacenter via Direct Connect |
array of AdvertisedRoute |
|
failed_advertised_routes |
Number of routes failed to advertise |
int |
|
Example Response:
{
"advertised_routes": [
{
"ipv4_cidr": "10.69.14.0/25",
"advertisement_state": "SUCCESS"
},
{
"ipv4_cidr": "10.70.25.192/27",
"advertisement_state": "SUCCESS"
}
],
"failed_advertised_routes": 0
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Retrieve BGP routes that are learned by Direct Connect from on-premise datacenter. This API is a live query to VMC provider.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/direct-connect/routes/learned
Example Request:
GET https:///cloud-service/api/v1/routes/learned
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
BGPLearnedRoutes+
BGPLearnedRoutes
(
schema)
ipv4_cidr |
The CIDR of the target network of learned route
The route that is learned from BGP via Direct Connect |
array of IPv4CIDRBlock |
|
Example Response:
{
"ipv4_cidr": [
"0.0.0.0/0"
]
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Return all non-connected VIFs (with states "avalible", "down", "pending" and "confirming") and connected VIFs that are available to the SDDC.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/direct-connect/vifs
Example Request:
GET https:///cloud-service/api/v1/vifs/
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
VifsListResult+
VifsListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
VIFs list |
array of VirtualInterface |
|
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"results": [{
"id": "dxvif-fglqwzf5",
"name": "vmc-sddc-1",
"state": "CONNECTED",
"direct_connect_id" : "dxcon-17e8147e",
"bgp_status" : "DOWN"
}]
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Perform the attach operation in VMC provider to attach the specified VIF (Virtual Interface) to the SDDC.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/direct-connect/vifs/<vif-id>
Query Parameters:
VifAction+
VifAction
(
schema)
action |
Direct Connect VIF (Virtual Interface) action |
string |
Required Enum: ATTACH |
Example Request:
POST https:///cloud-service/api/v1/vifs/dxvif-fglqwzf5?action=ATTACH
Successful Response:
Required Permissions:
crud
Feature:
vmc_user_features
Additional Errors:
Detach and delete a Direct Connect VIF (Virtual Interface) from the SDDC. Detach and delete are one operation in VMC provider, a Direct Connect VIF will be deleted after detached.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/direct-connect/vifs/<vif-id>
Example Request:
DELETE https:///cloud-service/api/v1/vifs/dxvif-fglqwzf5
Successful Response:
Required Permissions:
crud
Feature:
vmc_user_features
Additional Errors:
List linked VPC information.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/linked-vpcs
Example Request:
GET https:///cloud-service/api/v1/linked-vpcs
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
LinkedVpcsListResult+
LinkedVpcsListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Linked VPCs list |
array of LinkedVpcInfo |
|
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"result_count": 1,
"results": [
{
"linked_vpc_id":"vpc-efeda78a",
"linked_vpc_addresses":[
"172.31.0.0/16"
],
"linked_vpc_subnet_addresses":[
"172.31.32.0/20"
],
"route_table_ids":[
"rtb-588ad73d"
],
"arn_role":"arn:aws:iam::122674636182:role/sddc-formation-493513ce-6488-476-RemoteRole-E38OM4XJOCLD",
"linked_vpc_nat_ips":[
"172.31.32.159"
],
"external_id":"vmc",
"linked_account":"122674636182"
}
]
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Get linked VPC information.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/linked-vpcs/<linked-vpc-id>
Example Request:
GET https:///cloud-service/api/v1/linked-vpcs/vpc-efeda78a
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
LinkedVpcInfo+
LinkedVpcInfo
(
schema)
active_eni |
Active Network Interface
Active network interface used for linked vpc traffic |
string |
|
arn_role |
ARN role for linked VPC operations |
string |
Required |
external_id |
External identifier for ARN role |
string |
Required |
linked_account |
Linked VPC account number |
string |
Required |
linked_vpc_addresses |
Linked VPC CIDRs |
array of IPv4CIDRBlock |
Required |
linked_vpc_id |
Linked VPC identifier |
string |
|
linked_vpc_nat_ips |
The IPs of linked VPC NAT rule for service access. |
array of IPv4Address |
Required |
linked_vpc_subnets |
Linked VPC ENIs subnet information.
Infromation related to the subnets where linked ENIs were created. |
array of LinkedSubnetInfo |
Required |
route_table_ids |
The identifiers of route tables to be dynamically updated with SDDC networks |
array of string |
Required |
service_arn_role |
service ARN role |
string |
|
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
List services connected to this linked vpc, for example, S3. The response consist of all available services along with their status.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/linked-vpcs/<linked-vpc-id>/connected-services
Example Request:
GET https:///cloud-service/api/v1/linked-vpcs/vpc-01/connected-services
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
ConnectedServiceListResult+
ConnectedServiceListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Connected service status list |
array of ConnectedServiceStatus |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"results": [{
"name": "s3",
"enabled" : true
}]
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Connect/Disconnect the service to the given linked vpc. For example, connect S3. The user will know what services are available through the GET call. If the user is trying to connect/disconnect an unknown service, the POST call will throw a 400 Bad Request error.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/linked-vpcs/<linked-vpc-id>/connected-services/<service-name>
Request Body:
ConnectedServiceStatus+
ConnectedServiceStatus
(
schema)
enabled |
status of service |
boolean |
Required Readonly |
name |
service name |
string |
Required Readonly |
Example Request:
PUT https:///cloud-service/api/v1/linked-vpcs/vpc-01/connected-services/s3
{
"name": "s3",
"enabled" : true
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
ConnectedServiceStatus+
ConnectedServiceStatus
(
schema)
enabled |
status of service |
boolean |
Required Readonly |
name |
service name |
string |
Required Readonly |
Example Response:
{
"name": "s3",
"enabled" : true
}
Required Permissions:
crud
Feature:
vmc_user_features
Additional Errors:
List Management VM information.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/mgmt-vms
Example Request:
GET https:///cloud-service/api/v1/mgmt-vms
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
MgmtVmsListResult+
MgmtVmsListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Management VMs list |
array of MgmtVmInfo |
|
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"result_count": 2,
"results": [
{
"display_name": "vm101",
"ip": "10.0.224.10",
"id": "vm101",
"ports": [
443
],
"protocols": [
"ICMP"
]
},
{
"display_name": "vm104",
"ip": "10.0.224.10",
"id": "vm104",
"ports": [
443
],
"protocols": [
"ICMP"
]
}
]
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Get management VM access information.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/mgmt-vms/<vm-id>
Example Request:
GET https:///cloud-service/api/v1/mgmt-vms/
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
MgmtVmInfo+
MgmtVmInfo
(
schema)
display_name |
Management VM name |
string |
|
group_path |
Group path in policy manager
For each management VM, a dedicated policy group will be created.
This property will reflect its group path.
|
string |
Readonly |
id |
Management VM identifier |
string |
Readonly |
ip_attachment_pairs |
IP address and attachment id pairs for tagging managment VM |
array of IpAttachmentPair |
|
ips |
Local IPs of a management VM |
array of IPElement |
|
services |
Services which are allowed for inbound firewall rule for a management VM.
Details services path and display name.
|
array of MgmtServiceEntry |
|
Example Response:
{
"display_name":"VC",
"ips": ["10.0.224.10/32", "10.0.1.2/24"],
"protocols": ["ICMP"],
"ports": ["443"]
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
List all public IPs obtained in the SDDC.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/public-ips
Example Request:
GET https:///cloud-service/api/v1/public-ips/
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
PublicIpsListResult+
PublicIpsListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Public IP list |
array of PublicIp |
|
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"result_count": 2,
"results": [
{
"ip": "34.212.160.142",
"id": "nsx-public-ip",
"display_name": "nsx-public-ip"
},
{
"ip": "34.218.111.236",
"id": "nsx-public-ip-2",
"display_name": "nsx-public-ip-2"
}
]
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Delete a public IP. The IP will be released in VMC provider.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/public-ips/<public-ip-id>
Query Parameters:
DeleteRequestParameters+
DeleteRequestParameters
(
schema)
force |
Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being
referred as a resource reference.
|
boolean |
Default: "False" |
Example Request:
DELETE https:///cloud-service/api/v1/public-ips/nsx-public-ip
DELETE https:///cloud-service/api/v1/public-ips/nsx-public-ip?force=true
Successful Response:
Required Permissions:
crud
Feature:
vmc_user_features
Additional Errors:
This API is used to create or update a public IP. In creating, the API allocates a new public IP from VMC provider. In updating, only the display name can be modified, the IP is read-only.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/public-ips/<public-ip-id>
PublicIp
(
schema)
display_name |
|
string |
|
id |
Public IP identifier |
string |
Readonly |
ip |
|
IPv4Address |
Readonly |
Example Request:
PUT https:///cloud-service/v1/public-ips/nsx-public-ip
{
"id": "nsx-public-ip",
"display_name":"nsx-public-ip"
}
Successful Response:
Response Headers:
Content-type: application/json
PublicIp
(
schema)
display_name |
|
string |
|
id |
Public IP identifier |
string |
Readonly |
ip |
|
IPv4Address |
Readonly |
Example Response:
{
"ip": "34.212.160.142",
"id": "nsx-public-ip",
"display_name": "nsx-public-ip"
}
Required Permissions:
crud
Feature:
vmc_user_features
Additional Errors:
Get the public IP information.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/public-ips/<public-ip-id>
Example Request:
GET https:///cloud-service/api/v1/public-ips/nsx-public-ip
Successful Response:
Response Headers:
Content-type: application/json
PublicIp
(
schema)
display_name |
|
string |
|
id |
Public IP identifier |
string |
Readonly |
ip |
|
IPv4Address |
Readonly |
Example Response:
{
"ip": "34.212.160.142",
"id": "nsx-public-ip",
"display_name": "nsx-public-ip"
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Get the consolidated status of an intent object, specified by path in query parameter. The intent object is indicated by a specific VMC-App API and can contain multiple objects. For example, /infra/direct-connect/bgp can return the consolidated status of ASN update and route preference update.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/realized-state/status
Query Parameters:
VmcIntentPathRequestParameter+
Example Request:
GET https:///cloud-service/api/v1/infra/realized-state/status?intent-path=/infra/direct-connect/bgp
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
VmcConsolidatedRealizedStatus+
VmcConsolidatedRealizedStatus
(
schema)
consolidated_status |
Consolidated Realized status
Consolidated state of objects for a given intent entity. |
VmcConsolidatedStatus |
|
consolidated_status_per_object |
Consolidated status per enforcement point
Aggregated consolidated status by enforcement point. |
array of VmcConsolidatedStatusPerObject |
|
intent_path |
Intent path
Intent path of the object representing this consolidated state.
|
string |
|
Example Response:
{
"consolidated_status_per_object": [
{
"consolidated_status": {
"consolidated_status": "SUCCESS",
"status_message" : ""
},
"object_id": "local_asn"
}
],
"consolidated_status": {
"consolidated_status": "SUCCESS"
},
"intent_path": " /infra/direct-connect/bgp"
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Get the user-level SDDC configuration parameters
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/cloud-service/api/v1/infra/sddc-user-config
Example Request:
GET https:///cloud-service/api/v1/sddc-user-config
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
SddcUserConfiguration+
SddcUserConfiguration
(
schema)
all_uplink_interface_label |
All uplink interfaces label name |
string |
Required |
all_vpn_interface_label |
All VPN interfaces label name |
string |
Required |
cgw_snat_ip |
CGW SNAT ip address |
IPv4Address |
|
compute_gateway |
Compute gateway name |
string |
Required |
dx_interface_label |
DirectConnect interface label name |
string |
Required |
linked_vpc_interface_label |
Linked VPC interface label name |
string |
Required |
management_gateway |
Management gateway name |
string |
Required |
management_gateway_label |
Management gateway label name |
string |
Required |
mgmt_subnet |
Management VMs CIDRs |
array of IPv4CIDRBlock |
Required |
mgw_snat_ip |
MGW SNAT ip address |
IPv4Address |
|
provider_name |
Provider Name |
string |
Required |
public_interface_label |
Public interface label name |
string |
Required |
sddc_infra_subnet |
SDDC Infra CIDRs |
array of IPv4CIDRBlock |
Required |
vpn_dx_ips |
Local IPs for VPN tunnel over Direct Connect |
array of IPv4Address |
|
vpn_internet_ips |
Public IPs for VPN tunnel over internet |
array of IPv4Address |
|
Example Response:
{
"sddc_infra_addresses": ["10.0.0.1/24"],
"mgmt_addresses": ["10.0.0.2/24"],
"vpn_internet_ip": "10.161.10.53",
"compute_gateway": "cgw",
"linked_vpc_interface_label": "cgw-cross-vpc",
"management_gateway": "mgw",
"provider_name": "vmc",
"public_interface_label": "cgw-public",
"dx_interface_label": "cgw-direct-connect"
}
Required Permissions:
read
Feature:
vmc_user_features
Additional Errors:
Read infra. Returns only the infra related properties. Inner object
are not populated.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra
Query Parameters:
ChildTypesRequestParameter+
ChildTypesRequestParameter
(
schema)
filter |
Filter string as java regex
Filter string, can contain multiple or single java regular expressions
separated by ';' Sample query string to prevent loading services and
deployment zones--> filter=Type-^(?!.*?(?:Service|DeploymentZone)).*$
|
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra
Successful Response:
Response Headers:
Content-type: application/json
Infra
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
connectivity_strategy |
Connectivity strategy used by this tenant
This field indicates the default connectivity policy for the infra
or tenant space
WHITELIST - Adds a default drop rule. Administrator can then use "allow"
rules (aka whitelist) to allow traffic between groups
BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules
(aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled
NONE - No default rules are added. This is the default setting
|
string |
Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE Default: "NONE" |
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
domains |
Domains for infra
This field is used while creating or updating the infra space.
|
array of Domain |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Infra |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "Infra",
"id": "infra",
"display_name": "infra",
"path": "/infra",
"relative_path": "infra",
"connectivity_strategy": "NONE",
"_create_user": "system",
"_create_time": 1517296394552,
"_last_modified_user": "system",
"_last_modified_time": 1517296394552,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
Update the infra including all the nested entities
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra
Infra
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
connectivity_strategy |
Connectivity strategy used by this tenant
This field indicates the default connectivity policy for the infra
or tenant space
WHITELIST - Adds a default drop rule. Administrator can then use "allow"
rules (aka whitelist) to allow traffic between groups
BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules
(aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled
NONE - No default rules are added. This is the default setting
|
string |
Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE Default: "NONE" |
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
domains |
Domains for infra
This field is used while creating or updating the infra space.
|
array of Domain |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Infra |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra
{
"display_name": "infra",
"path": "/infra",
"relative_path": "infra",
"connectivity_strategy": "NONE",
"_revision": 0
}
Successful Response:
Response Headers:
Content-type: application/json
Infra
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
connectivity_strategy |
Connectivity strategy used by this tenant
This field indicates the default connectivity policy for the infra
or tenant space
WHITELIST - Adds a default drop rule. Administrator can then use "allow"
rules (aka whitelist) to allow traffic between groups
BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules
(aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled
NONE - No default rules are added. This is the default setting
|
string |
Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE Default: "NONE" |
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
domains |
Domains for infra
This field is used while creating or updating the infra space.
|
array of Domain |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Infra |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "Infra",
"id": "infra",
"display_name": "infra",
"path": "/infra",
"relative_path": "infra",
"connectivity_strategy": "NONE",
"_create_user": "system",
"_create_time": 1517296394552,
"_last_modified_user": "system",
"_last_modified_time": 1517296394552,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Update the infra including all the nested entities
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra
Infra
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
connectivity_strategy |
Connectivity strategy used by this tenant
This field indicates the default connectivity policy for the infra
or tenant space
WHITELIST - Adds a default drop rule. Administrator can then use "allow"
rules (aka whitelist) to allow traffic between groups
BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules
(aka blacklist) to block traffic between groups
WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled
BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled
NONE - No default rules are added. This is the default setting
|
string |
Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE Default: "NONE" |
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
domains |
Domains for infra
This field is used while creating or updating the infra space.
|
array of Domain |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Infra |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra
{
"display_name": "infra",
"path": "/infra",
"relative_path": "infra",
"connectivity_strategy": "NONE",
}
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Paginated list of all domains for infra.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains
Query Parameters:
DomainListRequestParameters+
DomainListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
DomainListResult+
DomainListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Domain list results |
array of Domain |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 1,
"results": [
{
"resource_type": "Domain",
"description": "VMC Domain",
"id": "vmc",
"display_name": "VMC domain",
"path": "/infra/domains/vmc",
"parent_path": "/infra/domains/vmc",
"relative_path": "vmc",
"_create_user": "admin",
"_create_time": 1517307910473,
"_last_modified_user": "admin",
"_last_modified_time": 1517307910473,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
If a domain with the domain-id is not already present, create a new
domain. If it already exists, patch the domain
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Domain
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_maps |
Communication maps for this Domain
List of communication maps under this domain.
|
array of CommunicationMap |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
groups |
Groups under this Domain
This field is used while creating or updating the Domain.
Please take a look at the UpdateTenant API documentation for details.
|
array of Group |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Domain |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc
{
"description": "VMC Domain Patched",
"display_name": "VMC domain",
"_revision":0
}
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Read a domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc
Successful Response:
Response Headers:
Content-type: application/json
Domain
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_maps |
Communication maps for this Domain
List of communication maps under this domain.
|
array of CommunicationMap |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
groups |
Groups under this Domain
This field is used while creating or updating the Domain.
Please take a look at the UpdateTenant API documentation for details.
|
array of Group |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Domain |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "Domain",
"description": "VMC Domain",
"id": "vmc",
"display_name": "VMC domain",
"path": "/infra/domains/vmc",
"parent_path": "/infra/domains/vmc",
"relative_path": "vmc",
"_create_user": "admin",
"_create_time": 1517307910473,
"_last_modified_user": "admin",
"_last_modified_time": 1517307910473,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
If a domain with the domain-id is not already present, create a new
domain. If it already exists, update the domain including the nested
groups. This is a full replace
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Domain
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_maps |
Communication maps for this Domain
List of communication maps under this domain.
|
array of CommunicationMap |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
groups |
Groups under this Domain
This field is used while creating or updating the Domain.
Please take a look at the UpdateTenant API documentation for details.
|
array of Group |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Domain |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc
{
"description": "VMC Domain",
"display_name": "VMC domain",
"_revision":0
}
Successful Response:
Response Headers:
Content-type: application/json
Domain
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_maps |
Communication maps for this Domain
List of communication maps under this domain.
|
array of CommunicationMap |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
groups |
Groups under this Domain
This field is used while creating or updating the Domain.
Please take a look at the UpdateTenant API documentation for details.
|
array of Group |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Domain |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "Domain",
"description": "VMC Domain",
"id": "vmc",
"display_name": "VMC domain",
"path": "/infra/domains/vmc",
"parent_path": "/infra/domains/vmc",
"relative_path": "vmc",
"_create_user": "admin",
"_create_time": 1517307910473,
"_last_modified_user": "admin",
"_last_modified_time": 1517307910473,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Delete the domain along with all the entities contained by this domain.
The groups that are a part of this domain are also deleted along with
the domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>
Example Request:
DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
List all communication maps for a domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps
Query Parameters:
CommunicationMapListRequestParameters+
CommunicationMapListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
CommunicationMapListResult+
CommunicationMapListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
CommunicationMap list results |
array of CommunicationMap |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 2,
"results": [
{
"resource_type": "CommunicationMap",
"description": "comm map",
"id": "application-section-1",
"display_name": "application-section-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1",
"parent_path": "/infra/domains/vmc",
"relative_path": "application-section-1",
"category": "Application",
"precedence": 0,
"_create_user": "admin",
"_create_time": 1517317362027,
"_last_modified_user": "admin",
"_last_modified_time": 1517317382962,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
},
{
"resource_type": "CommunicationMap",
"id": "communication-map",
"display_name": "communication-map",
"path": "/infra/domains/vmc/communication-maps/communication-map",
"parent_path": "/infra/domains/vmc",
"relative_path": "communication-map",
"precedence": 100,
"_create_user": "admin",
"_create_time": 1517307910504,
"_last_modified_user": "admin",
"_last_modified_time": 1517307910504,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
policy_dfw
Additional Errors:
Patch the communication map for a domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Body:
CommunicationMap+
CommunicationMap
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
category |
A way to classify a communication map, if needed.
Policy framework provides four pre-defined categories for classifying
a communication map. They are "Emergency", "Infrastructure"
"Environmental" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these communication
maps. Emergency category has the highest priority followed by
Infrastructure, Environmental and then Application rules. Administrator
can choose to categorize a communication map into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
|
string |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_entries |
CommunicationEntries that are a part of this CommunicationMap |
array of CommunicationEntry |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
precedence |
Precedence to resolve conflicts across Domains
This field is used to resolve conflicts between communication maps
across domains. In order to change the precedence of a communication
map, it is recommended to send a PUT request to the following URL
/infra/domains//communication-map?action=revise
The precedence field will reflect the value of the computed precedence
upon execution of the above mentioned PUT request.
For scenarios where the administrator is using a template to update
several communication maps, the only way to set the precedence is to
explicitly specify the precedence number for each communication map.
|
int |
|
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationMap |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1
{
"description": "comm map patched",
"display_name": "application-section-1",
"category":"Application",
"communication_entries": [
{
"description": " comm entry",
"display_name": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"action": "ALLOW"
}
]
}
Successful Response:
Required Permissions:
crud
Feature:
policy_dfw
Additional Errors:
Deletes the communication map along with all the communication entries
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Example Request:
DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1
Successful Response:
Required Permissions:
crud
Feature:
policy_dfw
Additional Errors:
Read communication-map for a domain.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+
CommunicationMap
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
category |
A way to classify a communication map, if needed.
Policy framework provides four pre-defined categories for classifying
a communication map. They are "Emergency", "Infrastructure"
"Environmental" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these communication
maps. Emergency category has the highest priority followed by
Infrastructure, Environmental and then Application rules. Administrator
can choose to categorize a communication map into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
|
string |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_entries |
CommunicationEntries that are a part of this CommunicationMap |
array of CommunicationEntry |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
precedence |
Precedence to resolve conflicts across Domains
This field is used to resolve conflicts between communication maps
across domains. In order to change the precedence of a communication
map, it is recommended to send a PUT request to the following URL
/infra/domains//communication-map?action=revise
The precedence field will reflect the value of the computed precedence
upon execution of the above mentioned PUT request.
For scenarios where the administrator is using a template to update
several communication maps, the only way to set the precedence is to
explicitly specify the precedence number for each communication map.
|
int |
|
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationMap |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "CommunicationMap",
"description": "comm map",
"id": "application-section-1",
"display_name": "application-section-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1",
"parent_path": "/infra/domains/vmc",
"relative_path": "application-section-1",
"communication_entries": [
{
"resource_type": "CommunicationEntry",
"description": " comm entry",
"id": "ce-1",
"display_name": "ce-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1",
"parent_path": "/infra/domains/vmc/communication-maps/application-section-1",
"relative_path": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"logged": false,
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"scope": [
"ANY"
],
"action": "ALLOW",
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"_create_user": "admin",
"_create_time": 1517317382942,
"_last_modified_user": "admin",
"_last_modified_time": 1517317382962,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
}
],
"category": "Application",
"precedence": 0,
"_create_user": "admin",
"_create_time": 1517317362027,
"_last_modified_user": "admin",
"_last_modified_time": 1517317362027,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
policy_dfw
Additional Errors:
Create or Update the communication map for a domain. This is a full replace.
All the CommunicationEntries are replaced.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>
Request Body:
CommunicationMap+
CommunicationMap
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
category |
A way to classify a communication map, if needed.
Policy framework provides four pre-defined categories for classifying
a communication map. They are "Emergency", "Infrastructure"
"Environmental" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these communication
maps. Emergency category has the highest priority followed by
Infrastructure, Environmental and then Application rules. Administrator
can choose to categorize a communication map into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
|
string |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_entries |
CommunicationEntries that are a part of this CommunicationMap |
array of CommunicationEntry |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
precedence |
Precedence to resolve conflicts across Domains
This field is used to resolve conflicts between communication maps
across domains. In order to change the precedence of a communication
map, it is recommended to send a PUT request to the following URL
/infra/domains//communication-map?action=revise
The precedence field will reflect the value of the computed precedence
upon execution of the above mentioned PUT request.
For scenarios where the administrator is using a template to update
several communication maps, the only way to set the precedence is to
explicitly specify the precedence number for each communication map.
|
int |
|
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationMap |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1
{
"description": "comm map",
"display_name": "application-section-1",
"_revision":0,
"category":"Application",
"communication_entries": [
{
"description": " comm entry",
"display_name": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"action": "ALLOW"
}
]
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+
CommunicationMap
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
category |
A way to classify a communication map, if needed.
Policy framework provides four pre-defined categories for classifying
a communication map. They are "Emergency", "Infrastructure"
"Environmental" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these communication
maps. Emergency category has the highest priority followed by
Infrastructure, Environmental and then Application rules. Administrator
can choose to categorize a communication map into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
|
string |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_entries |
CommunicationEntries that are a part of this CommunicationMap |
array of CommunicationEntry |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
precedence |
Precedence to resolve conflicts across Domains
This field is used to resolve conflicts between communication maps
across domains. In order to change the precedence of a communication
map, it is recommended to send a PUT request to the following URL
/infra/domains//communication-map?action=revise
The precedence field will reflect the value of the computed precedence
upon execution of the above mentioned PUT request.
For scenarios where the administrator is using a template to update
several communication maps, the only way to set the precedence is to
explicitly specify the precedence number for each communication map.
|
int |
|
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationMap |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "CommunicationMap",
"description": "comm map",
"id": "application-section-1",
"display_name": "application-section-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1",
"parent_path": "/infra/domains/vmc",
"relative_path": "application-section-1",
"communication_entries": [
{
"resource_type": "CommunicationEntry",
"description": " comm entry",
"id": "ce-1",
"display_name": "ce-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1",
"parent_path": "/infra/domains/vmc/communication-maps/application-section-1",
"relative_path": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"logged": false,
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"scope": [
"ANY"
],
"action": "ALLOW",
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"_create_user": "admin",
"_create_time": 1517317382942,
"_last_modified_user": "admin",
"_last_modified_time": 1517317382962,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
}
],
"category": "Application",
"precedence": 0,
"_create_user": "admin",
"_create_time": 1517317362027,
"_last_modified_user": "admin",
"_last_modified_time": 1517317362027,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
policy_dfw
Additional Errors:
This is used to re-order a communictation entry within a communication map.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>?action=revise
Query Parameters:
CommunicationEntryInsertParameters+
CommunicationEntryInsertParameters
(
schema)
anchor_path |
The communication map/communication entry path if operation is
'insert_after' or 'insert_before'
|
string |
|
operation |
Operation |
string |
Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top" |
Request Body:
CommunicationEntry+
CommunicationEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
action |
Action
The action to be applied to all the services
|
string |
Enum: ALLOW, DROP, REJECT |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_groups |
Destination group paths
We need paths as duplicate names may exist for groups under different
domains.In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
|
array of string |
Maximum items: 128 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
logged |
Enable logging flag
Flag to enable packet logging. Default is disabled. |
boolean |
Default: "False" |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationEntry |
string |
|
scope |
The list of policy paths where the communication entry is applied
Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied
on multiple LRs/LRPs.
|
array of string |
Maximum items: 128 |
sequence_number |
Sequence number of the this CommunicationEntry
This field is used to resolve conflicts between multiple
CommunicationEntries under CommunicationMap for a Domain
|
int |
|
services |
Names of services
In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
|
array of string |
Maximum items: 128 |
source_groups |
Source group paths
We need paths as duplicate names may exist for groups under different
domains. In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
|
array of string |
Maximum items: 128 |
tag |
Tag applied on the communication entry
User level field which will be printed in CLI and packet logs.
|
string |
Maximum length: 32 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
POST https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/emergency-section/communication-entries/ce-1?action=revise&anchor_path=/infra/domains/vmc/communication-maps/emergency-section/communication-entries/ce-2&operation=insert_after
{
"description": " comm entry",
"display_name": "ce-1",
"path": "/infra/domains/vmc_domain/communication-maps/emergency-section/communication-entries/ce-1",
"parent_path": "/infra/domains/vmc_domain/communication-maps/emergency-section",
"relative_path": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc_domain/groups/webgroup"
],
"logged": false,
"destination_groups": [
"/infra/domains/vmc_domain/groups/appgroup"
],
"scope": [
"ANY"
],
"action": "ALLOW",
"services": [
"/infra/services/AD_Server",
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"_revision": 1
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntry+
CommunicationEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
action |
Action
The action to be applied to all the services
|
string |
Enum: ALLOW, DROP, REJECT |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_groups |
Destination group paths
We need paths as duplicate names may exist for groups under different
domains.In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
|
array of string |
Maximum items: 128 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
logged |
Enable logging flag
Flag to enable packet logging. Default is disabled. |
boolean |
Default: "False" |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationEntry |
string |
|
scope |
The list of policy paths where the communication entry is applied
Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied
on multiple LRs/LRPs.
|
array of string |
Maximum items: 128 |
sequence_number |
Sequence number of the this CommunicationEntry
This field is used to resolve conflicts between multiple
CommunicationEntries under CommunicationMap for a Domain
|
int |
|
services |
Names of services
In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
|
array of string |
Maximum items: 128 |
source_groups |
Source group paths
We need paths as duplicate names may exist for groups under different
domains. In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
|
array of string |
Maximum items: 128 |
tag |
Tag applied on the communication entry
User level field which will be printed in CLI and packet logs.
|
string |
Maximum length: 32 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "CommunicationEntry",
"description": " comm entry",
"id": "ce-1",
"display_name": "ce-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1",
"parent_path": "/infra/domains/vmc/communication-maps/application-section-1",
"relative_path": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"logged": false,
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"scope": [
"ANY"
],
"action": "ALLOW",
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"_create_user": "admin",
"_create_time": 1517317382942,
"_last_modified_user": "admin",
"_last_modified_time": 1517317382962,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
}
Required Permissions:
crud
Feature:
policy_dfw
Additional Errors:
This is used to set a precedence of a communication map w.r.t others.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>?action=revise
Query Parameters:
CommunicationMapInsertParameters+
CommunicationMapInsertParameters
(
schema)
anchor_path |
The communication map/communication entry path if operation is
'insert_after' or 'insert_before'
|
string |
|
operation |
Operation |
string |
Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top" |
Request Body:
CommunicationMap+
CommunicationMap
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
category |
A way to classify a communication map, if needed.
Policy framework provides four pre-defined categories for classifying
a communication map. They are "Emergency", "Infrastructure"
"Environmental" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these communication
maps. Emergency category has the highest priority followed by
Infrastructure, Environmental and then Application rules. Administrator
can choose to categorize a communication map into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
|
string |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_entries |
CommunicationEntries that are a part of this CommunicationMap |
array of CommunicationEntry |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
precedence |
Precedence to resolve conflicts across Domains
This field is used to resolve conflicts between communication maps
across domains. In order to change the precedence of a communication
map, it is recommended to send a PUT request to the following URL
/infra/domains//communication-map?action=revise
The precedence field will reflect the value of the computed precedence
upon execution of the above mentioned PUT request.
For scenarios where the administrator is using a template to update
several communication maps, the only way to set the precedence is to
explicitly specify the precedence number for each communication map.
|
int |
|
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationMap |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
POST https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1?action=revise&anchor_path=/infra/domains/vmc/communication-maps/emergency-section&operation=insert_before
{
"description": "comm map revised",
"display_name": "application-section-1",
"category":"Application",
"communication_entries": [
{
"description": " comm entry",
"display_name": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"action": "ALLOW"
}
]
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
CommunicationMap+
CommunicationMap
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
category |
A way to classify a communication map, if needed.
Policy framework provides four pre-defined categories for classifying
a communication map. They are "Emergency", "Infrastructure"
"Environmental" and "Application". There is a pre-determined order in
which the policy framework manages the priority of these communication
maps. Emergency category has the highest priority followed by
Infrastructure, Environmental and then Application rules. Administrator
can choose to categorize a communication map into the above categories
or can choose to leave it empty. If empty it will have the least
precedence w.r.t the above four categories.
|
string |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
communication_entries |
CommunicationEntries that are a part of this CommunicationMap |
array of CommunicationEntry |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
precedence |
Precedence to resolve conflicts across Domains
This field is used to resolve conflicts between communication maps
across domains. In order to change the precedence of a communication
map, it is recommended to send a PUT request to the following URL
/infra/domains//communication-map?action=revise
The precedence field will reflect the value of the computed precedence
upon execution of the above mentioned PUT request.
For scenarios where the administrator is using a template to update
several communication maps, the only way to set the precedence is to
explicitly specify the precedence number for each communication map.
|
int |
|
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationMap |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "CommunicationMap",
"description": "comm map",
"id": "application-section-1",
"display_name": "application-section-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1",
"parent_path": "/infra/domains/vmc",
"relative_path": "application-section-1",
"communication_entries": [
{
"resource_type": "CommunicationEntry",
"description": " comm entry",
"id": "ce-1",
"display_name": "ce-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1",
"parent_path": "/infra/domains/vmc/communication-maps/application-section-1",
"relative_path": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"logged": false,
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"scope": [
"ANY"
],
"action": "ALLOW",
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"_create_user": "admin",
"_create_time": 1517317382942,
"_last_modified_user": "admin",
"_last_modified_time": 1517317382962,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
}
],
"category": "Application",
"precedence": 0,
"_create_user": "admin",
"_create_time": 1517317362027,
"_last_modified_user": "admin",
"_last_modified_time": 1517317362027,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
policy_dfw
Additional Errors:
List Groups for a domain
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups
Query Parameters:
GroupListRequestParameters+
GroupListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
GroupListResult+
GroupListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Group list results |
array of Group |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 1,
"results": [
{
"resource_type": "Group",
"description": "web group",
"id": "webgroup",
"display_name": "web group",
"path": "/infra/domains/vmc/groups/webgroup",
"parent_path": "/infra/domains/vmc",
"relative_path": "webgroup",
"expression": [
{
"resource_type": "Condition",
"member_type": "VirtualMachine",
"value": "webvm",
"key": "Tag",
"operator": "EQUALS",
"_protection": "NOT_PROTECTED"
}
],
"_create_user": "admin",
"_create_time": 1517308749250,
"_last_modified_user": "admin",
"_last_modified_time": 1517308749250,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
If a group with the group-id is not already present, create a new group.
If it already exists, update the group.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Group
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
expression |
Expression
The expression list must follow below criteria:
1. A non-empty expression list, must be of odd size. In a list, with indices
starting from 0, all conjunction expressions must be at odd indices, and all
non-conjunction expressions must be at even indices.
2. There may be at most 5 non-conjunction expressions in a list.
3. All non-conjunction expressions must be of the same type, and must be Condition
expressions or IPAddress expressions.
4. For IPAddressExpression nodes, OR is the only conjunction operator allowed.
5. For ConditionExpression, both OR and AND operators are allowed, but there
must not be two consecutive AND operators.
6. All Condition expressions must have same member type.
7. Each expression must be a valid Expression. See the definition of the Expression
type for more information.
|
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator IPAddressExpression NestedExpression |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Group |
string |
|
state |
Realization state of this group |
string |
Enum: IN_PROGRESS, SUCCESS, FAILURE |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup
{
"expression": [
{
"member_type": "VirtualMachine",
"value": "webvm",
"key": "Tag",
"operator": "EQUALS",
"resource_type": "Condition"
}
],
"description": "web group",
"display_name": "web group",
"_revision":0
}
Successful Response:
Response Headers:
Content-type: application/json
Group
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
expression |
Expression
The expression list must follow below criteria:
1. A non-empty expression list, must be of odd size. In a list, with indices
starting from 0, all conjunction expressions must be at odd indices, and all
non-conjunction expressions must be at even indices.
2. There may be at most 5 non-conjunction expressions in a list.
3. All non-conjunction expressions must be of the same type, and must be Condition
expressions or IPAddress expressions.
4. For IPAddressExpression nodes, OR is the only conjunction operator allowed.
5. For ConditionExpression, both OR and AND operators are allowed, but there
must not be two consecutive AND operators.
6. All Condition expressions must have same member type.
7. Each expression must be a valid Expression. See the definition of the Expression
type for more information.
|
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator IPAddressExpression NestedExpression |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Group |
string |
|
state |
Realization state of this group |
string |
Enum: IN_PROGRESS, SUCCESS, FAILURE |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "Group",
"description": "web group",
"id": "webgroup",
"display_name": "web group",
"path": "/infra/domains/vmc/groups/webgroup",
"parent_path": "/infra/domains/vmc",
"relative_path": "webgroup",
"expression": [
{
"resource_type": "Condition",
"member_type": "VirtualMachine",
"value": "webvm",
"key": "Tag",
"operator": "EQUALS",
"_protection": "NOT_PROTECTED"
}
],
"_create_user": "admin",
"_create_time": 1517308749250,
"_last_modified_user": "admin",
"_last_modified_time": 1517308749250,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
If a group with the group-id is not already present, create a new group.
If it already exists, patch the group.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Group
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
expression |
Expression
The expression list must follow below criteria:
1. A non-empty expression list, must be of odd size. In a list, with indices
starting from 0, all conjunction expressions must be at odd indices, and all
non-conjunction expressions must be at even indices.
2. There may be at most 5 non-conjunction expressions in a list.
3. All non-conjunction expressions must be of the same type, and must be Condition
expressions or IPAddress expressions.
4. For IPAddressExpression nodes, OR is the only conjunction operator allowed.
5. For ConditionExpression, both OR and AND operators are allowed, but there
must not be two consecutive AND operators.
6. All Condition expressions must have same member type.
7. Each expression must be a valid Expression. See the definition of the Expression
type for more information.
|
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator IPAddressExpression NestedExpression |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Group |
string |
|
state |
Realization state of this group |
string |
Enum: IN_PROGRESS, SUCCESS, FAILURE |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup
{
"expression": [
{
"member_type": "VirtualMachine",
"value": "webvm",
"key": "Tag",
"operator": "EQUALS",
"resource_type": "Condition"
}
],
"description": "web group",
"display_name": "web group"
}
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Delete Group
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Query Parameters:
GroupDeleteRequestParameters+
GroupDeleteRequestParameters
(
schema)
force |
Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being
referred as a resource reference.
|
boolean |
Default: "False" |
Example Request:
DELETE https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Read group
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/groups/<group-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/groups/webgroup
Successful Response:
Response Headers:
Content-type: application/json
Group
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
expression |
Expression
The expression list must follow below criteria:
1. A non-empty expression list, must be of odd size. In a list, with indices
starting from 0, all conjunction expressions must be at odd indices, and all
non-conjunction expressions must be at even indices.
2. There may be at most 5 non-conjunction expressions in a list.
3. All non-conjunction expressions must be of the same type, and must be Condition
expressions or IPAddress expressions.
4. For IPAddressExpression nodes, OR is the only conjunction operator allowed.
5. For ConditionExpression, both OR and AND operators are allowed, but there
must not be two consecutive AND operators.
6. All Condition expressions must have same member type.
7. Each expression must be a valid Expression. See the definition of the Expression
type for more information.
|
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator IPAddressExpression NestedExpression |
|
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Group |
string |
|
state |
Realization state of this group |
string |
Enum: IN_PROGRESS, SUCCESS, FAILURE |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "Group",
"description": "web group",
"id": "webgroup",
"display_name": "web group",
"path": "/infra/domains/vmc/groups/webgroup",
"parent_path": "/infra/domains/vmc",
"relative_path": "webgroup",
"expression": [
{
"resource_type": "Condition",
"member_type": "VirtualMachine",
"value": "webvm",
"key": "Tag",
"operator": "EQUALS",
"_protection": "NOT_PROTECTED"
}
],
"_create_user": "admin",
"_create_time": 1517308749250,
"_last_modified_user": "admin",
"_last_modified_time": 1517308749250,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
List all gateway policies across all domains ordered by precedence.
Request:
URI Path:
/policy/api/v1/infra/domains/gateway-policies
Query Parameters:
SecurityPolicyListRequestParameters+
SecurityPolicyListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains/gateway-policies
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
GatewayPolicyListResult+
GatewayPolicyListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
SecurityPolicy list results |
array of SecurityPolicy |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 2,
"results": [
{
"resource_type": "GatewayPolicy",
"id": "default",
"display_name": "/infra/domains/vmc-domain/gateway-policies/default",
"path": "/infra/domains/vmc-domain/gateway-policies/default",
"parent_path": "/infra/domains/vmc-domain",
"relative_path": "default",
"precedence": 0,
"_create_user": "admin",
"_create_time": 1516295469775,
"_last_modified_user": "admin",
"_last_modified_time": 1516432061800,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 6
},
{
"resource_type": "GatewayPolicy",
"id": "internal",
"display_name": "internal",
"path": "/infra/domains/vmc-domain/gateway-policies/internal",
"parent_path": "/infra/domains/vmc-domain",
"relative_path": "internal",
"precedence": 200,
"_create_user": "admin",
"_create_time": 1516295469778,
"_last_modified_user": "admin",
"_last_modified_time": 1516295469778,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
policy_edge_fw
Additional Errors:
Paginated list of Services for infra.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services
Query Parameters:
ServiceListRequestParameters+
ServiceListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/services
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
ServiceListResult+
ServiceListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Service list results |
array of Service |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 402,
"results": [
{
"resource_type": "Service",
"description": "AD Server",
"id": "AD_Server",
"display_name": "AD Server",
"path": "/infra/services/AD_Server",
"parent_path": "/infra/services/AD_Server",
"relative_path": "AD_Server",
"service_entries": [
{
"resource_type": "L4PortSetServiceEntry",
"id": "AD_Server",
"display_name": "AD Server",
"path": "/infra/services/AD_Server/service-entries/AD_Server",
"parent_path": "/infra/services/AD_Server",
"relative_path": "AD_Server",
"destination_ports": [
"1024"
],
"l4_protocol": "TCP",
"_create_user": "system",
"_create_time": 1517296380484,
"_last_modified_user": "system",
"_last_modified_time": 1517296380484,
"_system_owned": true,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
],
"_create_user": "system",
"_create_time": 1517296380468,
"_last_modified_user": "system",
"_last_modified_time": 1517296380468,
"_system_owned": true,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
Delete Service
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>
Example Request:
DELETE https://<policy-mgr>/policy/api/v1/infra/services/my-http
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Read a service
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/services/my-http
Successful Response:
Response Headers:
Content-type: application/json
Service
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Service |
string |
|
service_entries |
Service type |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry L7ServiceEntry |
Required |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "Service",
"description": "My HTTP",
"id": "my-http",
"display_name": "My HTTP",
"path": "/infra/services/my-http",
"parent_path": "/infra/services/my-http",
"relative_path": "my-http",
"service_entries": [
{
"resource_type": "L4PortSetServiceEntry",
"id": "MyHttpEntry",
"display_name": "MyHttpEntry",
"path": "/infra/services/my-http/service-entries/MyHttpEntry",
"parent_path": "/infra/services/my-http",
"relative_path": "MyHttpEntry",
"destination_ports": [
"8080"
],
"l4_protocol": "TCP",
"_create_user": "admin",
"_create_time": 1517310677617,
"_last_modified_user": "admin",
"_last_modified_time": 1517310677617,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
],
"_create_user": "admin",
"_create_time": 1517310677604,
"_last_modified_user": "admin",
"_last_modified_time": 1517310677604,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
Create a new service if a service with the given ID does not already
exist. Creates new service entries if populated in the service.
If a service with the given ID already exists, update the service
including the nested service entries. This is a full replace.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>
Service
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Service |
string |
|
service_entries |
Service type |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry L7ServiceEntry |
Required |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/services/my-http
{
"description": "My HTTP",
"display_name": "My HTTP",
"_revision": 0,
"service_entries": [
{
"resource_type": "L4PortSetServiceEntry",
"display_name": "MyHttpEntry",
"destination_ports": [
"8080"
],
"l4_protocol": "TCP"
}
]
}
Successful Response:
Response Headers:
Content-type: application/json
Service
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Service |
string |
|
service_entries |
Service type |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry L7ServiceEntry |
Required |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "Service",
"description": "My HTTP",
"id": "my-http",
"display_name": "My HTTP",
"path": "/infra/services/my-http",
"parent_path": "/infra/services/my-http",
"relative_path": "my-http",
"service_entries": [
{
"resource_type": "L4PortSetServiceEntry",
"id": "MyHttpEntry",
"display_name": "MyHttpEntry",
"path": "/infra/services/my-http/service-entries/MyHttpEntry",
"parent_path": "/infra/services/my-http",
"relative_path": "MyHttpEntry",
"destination_ports": [
"8080"
],
"l4_protocol": "TCP",
"_create_user": "admin",
"_create_time": 1517310677617,
"_last_modified_user": "admin",
"_last_modified_time": 1517310677617,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
],
"_create_user": "admin",
"_create_time": 1517310677604,
"_last_modified_user": "admin",
"_last_modified_time": 1517310677604,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Create a new service if a service with the given ID does not already
exist. Creates new service entries if populated in the service.
If a service with the given ID already exists, patch the service
including the nested service entries.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>
Service
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Service |
string |
|
service_entries |
Service type |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry L7ServiceEntry |
Required |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/services/my-http
{
"description": "My HTTP Patched",
"display_name": "My HTTP",
"service_entries": [
{
"resource_type": "L4PortSetServiceEntry",
"display_name": "MyHttpEntry",
"destination_ports": [
"8080"
],
"l4_protocol": "TCP"
}
]
}
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Paginated list of Service entries for the given service
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries
Query Parameters:
ServiceEntryListRequestParameters+
ServiceEntryListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
ServiceEntryListResult+
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 2,
"results": [
{
"resource_type": "L4PortSetServiceEntry",
"id": "MyHttpEntry",
"display_name": "MyHttpEntry",
"path": "/infra/services/my-http/service-entries/MyHttpEntry",
"parent_path": "/infra/services/my-http",
"relative_path": "MyHttpEntry",
"destination_ports": [
"8080"
],
"l4_protocol": "TCP",
"_create_user": "admin",
"_create_time": 1517310677617,
"_last_modified_user": "admin",
"_last_modified_time": 1517310677617,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
},
{
"resource_type": "L4PortSetServiceEntry",
"id": "https",
"display_name": "MyHttps",
"path": "/infra/services/my-http/service-entries/https",
"parent_path": "/infra/services/my-http",
"relative_path": "https",
"destination_ports": [
"7443"
],
"l4_protocol": "TCP",
"_create_user": "admin",
"_create_time": 1517316057383,
"_last_modified_user": "admin",
"_last_modified_time": 1517316057383,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
If a service entry with the service-entry-id is not already present,
create a new service entry. If it already exists, patch the service
entry.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
Request Body:
ALGTypeServiceEntry+
ALGTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
alg |
|
string |
Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
The destination_port cannot be empty and must be a single value. |
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value ALGTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
EtherTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
ether_type |
Type of the encapsulated protocol |
integer |
Required |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value EtherTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
ICMPTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
icmp_code |
ICMP message code |
integer |
Minimum: 0 Maximum: 255 |
icmp_type |
ICMP message type |
integer |
Minimum: 0 Maximum: 255 |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
protocol |
|
string |
Required Enum: ICMPv4, ICMPv6 |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value ICMPTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
IGMPTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value IGMPTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
IPProtocolServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
protocol_number |
|
integer |
Required Minimum: 0 Maximum: 255 |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value IPProtocolServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
L4PortSetServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
|
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
l4_protocol |
|
string |
Required Enum: TCP, UDP |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value L4PortSetServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
L7ServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
|
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
entity |
Application entity details
Example - If REST/HTTP then the entity coulb be a resource URI.
|
string |
|
id |
Unique identifier of this resource |
string |
Sortable |
l7_protocol |
|
string |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
operations |
L7 appliction operations
If the L7 protocol is REST/HTTP then possible operations are PUT, GET, DELETE, etc.
|
array of string |
|
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value L7ServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https
{
"resource_type": "L4PortSetServiceEntry",
"display_name": "MyHttps",
"destination_ports": [
"9443"
],
"l4_protocol": "TCP",
}
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
If a service entry with the service-entry-id is not already present,
create a new service entry. If it already exists, update the service
entry.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
Request Body:
ALGTypeServiceEntry+
ALGTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
alg |
|
string |
Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
The destination_port cannot be empty and must be a single value. |
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value ALGTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
EtherTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
ether_type |
Type of the encapsulated protocol |
integer |
Required |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value EtherTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
ICMPTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
icmp_code |
ICMP message code |
integer |
Minimum: 0 Maximum: 255 |
icmp_type |
ICMP message type |
integer |
Minimum: 0 Maximum: 255 |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
protocol |
|
string |
Required Enum: ICMPv4, ICMPv6 |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value ICMPTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
IGMPTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value IGMPTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
IPProtocolServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
protocol_number |
|
integer |
Required Minimum: 0 Maximum: 255 |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value IPProtocolServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
L4PortSetServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
|
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
l4_protocol |
|
string |
Required Enum: TCP, UDP |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value L4PortSetServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
L7ServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
|
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
entity |
Application entity details
Example - If REST/HTTP then the entity coulb be a resource URI.
|
string |
|
id |
Unique identifier of this resource |
string |
Sortable |
l7_protocol |
|
string |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
operations |
L7 appliction operations
If the L7 protocol is REST/HTTP then possible operations are PUT, GET, DELETE, etc.
|
array of string |
|
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value L7ServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https
{
"resource_type": "L4PortSetServiceEntry",
"display_name": "MyHttps",
"destination_ports": [
"7443"
],
"l4_protocol": "TCP",
"_revision": 0
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
ALGTypeServiceEntry+
ALGTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
alg |
|
string |
Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
The destination_port cannot be empty and must be a single value. |
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value ALGTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
EtherTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
ether_type |
Type of the encapsulated protocol |
integer |
Required |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value EtherTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
ICMPTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
icmp_code |
ICMP message code |
integer |
Minimum: 0 Maximum: 255 |
icmp_type |
ICMP message type |
integer |
Minimum: 0 Maximum: 255 |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
protocol |
|
string |
Required Enum: ICMPv4, ICMPv6 |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value ICMPTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
IGMPTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value IGMPTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
IPProtocolServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
protocol_number |
|
integer |
Required Minimum: 0 Maximum: 255 |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value IPProtocolServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
L4PortSetServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
|
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
l4_protocol |
|
string |
Required Enum: TCP, UDP |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value L4PortSetServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
L7ServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
|
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
entity |
Application entity details
Example - If REST/HTTP then the entity coulb be a resource URI.
|
string |
|
id |
Unique identifier of this resource |
string |
Sortable |
l7_protocol |
|
string |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
operations |
L7 appliction operations
If the L7 protocol is REST/HTTP then possible operations are PUT, GET, DELETE, etc.
|
array of string |
|
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value L7ServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "L4PortSetServiceEntry",
"id": "https",
"display_name": "MyHttps",
"path": "/infra/services/my-http/service-entries/https",
"parent_path": "/infra/services/my-http",
"relative_path": "https",
"destination_ports": [
"7443"
],
"l4_protocol": "TCP",
"_create_user": "admin",
"_create_time": 1517316057383,
"_last_modified_user": "admin",
"_last_modified_time": 1517316057383,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
Service entry
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
ALGTypeServiceEntry+
ALGTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
alg |
|
string |
Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
The destination_port cannot be empty and must be a single value. |
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value ALGTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
EtherTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
ether_type |
Type of the encapsulated protocol |
integer |
Required |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value EtherTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
ICMPTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
icmp_code |
ICMP message code |
integer |
Minimum: 0 Maximum: 255 |
icmp_type |
ICMP message type |
integer |
Minimum: 0 Maximum: 255 |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
protocol |
|
string |
Required Enum: ICMPv4, ICMPv6 |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value ICMPTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
IGMPTypeServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value IGMPTypeServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
IPProtocolServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
protocol_number |
|
integer |
Required Minimum: 0 Maximum: 255 |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value IPProtocolServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
L4PortSetServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
|
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
l4_protocol |
|
string |
Required Enum: TCP, UDP |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value L4PortSetServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
L7ServiceEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_ports |
|
array of PortElement |
Maximum items: 15 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
entity |
Application entity details
Example - If REST/HTTP then the entity coulb be a resource URI.
|
string |
|
id |
Unique identifier of this resource |
string |
Sortable |
l7_protocol |
|
string |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
operations |
L7 appliction operations
If the L7 protocol is REST/HTTP then possible operations are PUT, GET, DELETE, etc.
|
array of string |
|
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value L7ServiceEntry |
string |
Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry |
source_ports |
|
array of PortElement |
Maximum items: 15 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "L4PortSetServiceEntry",
"id": "https",
"display_name": "MyHttps",
"path": "/infra/services/my-http/service-entries/https",
"parent_path": "/infra/services/my-http",
"relative_path": "https",
"destination_ports": [
"7443"
],
"l4_protocol": "TCP",
"_create_user": "admin",
"_create_time": 1517316057383,
"_last_modified_user": "admin",
"_last_modified_time": 1517316057383,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
infra_admin
Additional Errors:
Delete Service entry
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/services/<service-id>/service-entries/<service-entry-id>
Example Request:
DELETE https://<policy-mgr>/policy/api/v1/infra/services/my-http/service-entries/https
Successful Response:
Required Permissions:
crud
Feature:
infra_admin
Additional Errors:
If an BGP routing config not present, create BGP routing config.
If it already exists, update the routing config.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp
Request Body:
BgpRoutingConfig+
BgpRoutingConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
local_as_num |
BGP AS number in ASPLAIN/ASDOT Format
Specify BGP AS number for Tier-0 to advertize to BGP peers.
AS number can be specified in ASPLAIN (e.g., "65546") or
ASDOT (e.g., "1.10") format. Empty string disables BGP feature.
|
string |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value BgpRoutingConfig |
string |
|
route_aggregations |
List of routes to be aggregated
List of routes to be aggregated.
|
array of RouteAggregationEntry |
Maximum items: 1000 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp
{
"local_as_num": "123"
}
Successful Response:
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Read BGP routing config
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
BgpRoutingConfig+
BgpRoutingConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
local_as_num |
BGP AS number in ASPLAIN/ASDOT Format
Specify BGP AS number for Tier-0 to advertize to BGP peers.
AS number can be specified in ASPLAIN (e.g., "65546") or
ASDOT (e.g., "1.10") format. Empty string disables BGP feature.
|
string |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value BgpRoutingConfig |
string |
|
route_aggregations |
List of routes to be aggregated
List of routes to be aggregated.
|
array of RouteAggregationEntry |
Maximum items: 1000 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "BgpRoutingConfig",
"id": "bgp",
"display_name": "bgp",
"path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp",
"parent_path": "/infra/tier-0s/vmc_prv/locale-services/default",
"relative_path": "bgp",
"local_as_num": "123",
"_create_user": "admin",
"_create_time": 1516751200877,
"_last_modified_user": "admin",
"_last_modified_time": 1516751200877,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
If BGP routing config is not already present, create BGP routing config.
If it already exists, replace the BGP routing config with this object.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp
Request Body:
BgpRoutingConfig+
BgpRoutingConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
local_as_num |
BGP AS number in ASPLAIN/ASDOT Format
Specify BGP AS number for Tier-0 to advertize to BGP peers.
AS number can be specified in ASPLAIN (e.g., "65546") or
ASDOT (e.g., "1.10") format. Empty string disables BGP feature.
|
string |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value BgpRoutingConfig |
string |
|
route_aggregations |
List of routes to be aggregated
List of routes to be aggregated.
|
array of RouteAggregationEntry |
Maximum items: 1000 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp
{
"local_as_num": "123",
"_revision": 0
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
BgpRoutingConfig+
BgpRoutingConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
local_as_num |
BGP AS number in ASPLAIN/ASDOT Format
Specify BGP AS number for Tier-0 to advertize to BGP peers.
AS number can be specified in ASPLAIN (e.g., "65546") or
ASDOT (e.g., "1.10") format. Empty string disables BGP feature.
|
string |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value BgpRoutingConfig |
string |
|
route_aggregations |
List of routes to be aggregated
List of routes to be aggregated.
|
array of RouteAggregationEntry |
Maximum items: 1000 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "BgpRoutingConfig",
"id": "bgp",
"display_name": "bgp",
"path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp",
"parent_path": "/infra/tier-0s/vmc_prv/locale-services/default",
"relative_path": "bgp",
"local_as_num": "123",
"_create_user": "admin",
"_create_time": 1516751200877,
"_last_modified_user": "admin",
"_last_modified_time": 1516751200877,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Paginated list of all BGP neighbor configurations
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors
Query Parameters:
BgpNeighborConfigListRequestParameters+
BgpNeighborConfigListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
BgpNeighborConfigListResult+
BgpNeighborConfigListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
BGP neighbor configs list results |
array of BgpNeighborConfig |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 1,
"results": [
{
"resource_type": "BgpNeighborConfig",
"id": "site1",
"display_name": "site1",
"path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1",
"parent_path": "/infra/tier-0s/vmc_prv/locale-services/default",
"relative_path": "site1",
"password": "test",
"remote_as_num": "12",
"neighbor_address": "1.2.3.4",
"_create_user": "admin",
"_create_time": 1516751318020,
"_last_modified_user": "admin",
"_last_modified_time": 1516751318020,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
If BGP neighbor config with the neighbor-id is not already present, create a new
neighbor config. If it already exists, replace the BGP neighbor config with this object.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors/<neighbor-id>
Request Body:
BgpNeighborConfig+
BgpNeighborConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
in_route_filters |
Prefix-lists for IN direction
Specify paths of prefix-lists to filter routes for IN direction.
|
array of string |
|
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
neighbor_address |
Neighbor IP Address |
IPAddress |
Required |
out_route_filters |
Prefix-lists for OUT direction
Specify paths of prefix-lists to filter routes for OUT direction.
A built-in prefix-list named 'prefixlist-out-default' is automatically
applied as first entry.
|
array of string |
|
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
password |
Password
Specify password for BGP neighbor authentication.
Empty string ("") clears existing password.
|
string |
Minimum length: 0 Maximum length: 20 |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
remote_as_num |
4 Byte ASN of the neighbor in ASPLAIN Format |
string |
Required |
resource_type |
Must be set to the value BgpNeighborConfig |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1
{
"neighbor_address": "1.2.3.4",
"remote_as_num": "12",
"password":"test"
}
Successful Response:
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Read BGP neighbor config
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors/<neighbor-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
BgpNeighborConfig+
BgpNeighborConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
in_route_filters |
Prefix-lists for IN direction
Specify paths of prefix-lists to filter routes for IN direction.
|
array of string |
|
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
neighbor_address |
Neighbor IP Address |
IPAddress |
Required |
out_route_filters |
Prefix-lists for OUT direction
Specify paths of prefix-lists to filter routes for OUT direction.
A built-in prefix-list named 'prefixlist-out-default' is automatically
applied as first entry.
|
array of string |
|
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
password |
Password
Specify password for BGP neighbor authentication.
Empty string ("") clears existing password.
|
string |
Minimum length: 0 Maximum length: 20 |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
remote_as_num |
4 Byte ASN of the neighbor in ASPLAIN Format |
string |
Required |
resource_type |
Must be set to the value BgpNeighborConfig |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "BgpNeighborConfig",
"id": "site1",
"display_name": "site1",
"path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1",
"parent_path": "/infra/tier-0s/vmc_prv/locale-services/default",
"relative_path": "site1",
"password": "test",
"remote_as_num": "12",
"neighbor_address": "1.2.3.4",
"_create_user": "admin",
"_create_time": 1516751318020,
"_last_modified_user": "admin",
"_last_modified_time": 1516751318020,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
If BGP neighbor config with the neighbor-id is not already present, create a new
neighbor config. If it already exists, replace the BGP neighbor config with this object.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors/<neighbor-id>
Request Body:
BgpNeighborConfig+
BgpNeighborConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
in_route_filters |
Prefix-lists for IN direction
Specify paths of prefix-lists to filter routes for IN direction.
|
array of string |
|
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
neighbor_address |
Neighbor IP Address |
IPAddress |
Required |
out_route_filters |
Prefix-lists for OUT direction
Specify paths of prefix-lists to filter routes for OUT direction.
A built-in prefix-list named 'prefixlist-out-default' is automatically
applied as first entry.
|
array of string |
|
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
password |
Password
Specify password for BGP neighbor authentication.
Empty string ("") clears existing password.
|
string |
Minimum length: 0 Maximum length: 20 |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
remote_as_num |
4 Byte ASN of the neighbor in ASPLAIN Format |
string |
Required |
resource_type |
Must be set to the value BgpNeighborConfig |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1
{
"neighbor_address": "1.2.3.4",
"remote_as_num": "12",
"password":"test",
"in_route_filters": [ "/infra/tier-0s/vmc/prefix-lists/plist-1" ],
"_revision": 0
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
BgpNeighborConfig+
BgpNeighborConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
in_route_filters |
Prefix-lists for IN direction
Specify paths of prefix-lists to filter routes for IN direction.
|
array of string |
|
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
neighbor_address |
Neighbor IP Address |
IPAddress |
Required |
out_route_filters |
Prefix-lists for OUT direction
Specify paths of prefix-lists to filter routes for OUT direction.
A built-in prefix-list named 'prefixlist-out-default' is automatically
applied as first entry.
|
array of string |
|
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
password |
Password
Specify password for BGP neighbor authentication.
Empty string ("") clears existing password.
|
string |
Minimum length: 0 Maximum length: 20 |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
remote_as_num |
4 Byte ASN of the neighbor in ASPLAIN Format |
string |
Required |
resource_type |
Must be set to the value BgpNeighborConfig |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "BgpNeighborConfig",
"id": "site1",
"display_name": "site1",
"path": "/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1",
"parent_path": "/infra/tier-0s/vmc_prv/locale-services/default",
"relative_path": "site1",
"password": "test",
"remote_as_num": "12",
"neighbor_address": "1.2.3.4",
"in_route_filters": [ "/infra/tier-0s/vmc/prefix-lists/plist-1" ],
"_create_user": "admin",
"_create_time": 1516751318020,
"_last_modified_user": "admin",
"_last_modified_time": 1516751318020,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Delete BGP neighbor config
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/bgp/neighbors/<neighbor-id>
Example Request:
DELETE https://<policy-mgr>/policy/api/v1/infra/tier-0s/vmc_prv/locale-services/default/bgp/neighbors/site1
Successful Response:
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Paginated list of all DHCP relay config instances
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/dhcp-relay-configs
Query Parameters:
ListRequestParameters+
ListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
DhcpRelayConfigListResult+
DhcpRelayConfigListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
DhcpRelayConfig results |
array of DhcpRelayConfig |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 1,
"results": [
{
"resource_type": "DhcpRelayConfig",
"id": "dhcp-relay1",
"display_name": "dhcp-relay1",
"path": "/infra/dhcp-relay-configs/dhcp-relay1",
"parent_path": "/infra",
"relative_path": "dhcp-relay1",
"server_addresses": [ "10.1.1.1", "10.1.1.2" ]
"_create_user": "admin",
"_create_time": 1516668826912,
"_last_modified_user": "admin",
"_last_modified_time": 1516668826912,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
If DHCP relay config with the dhcp-relay-config-id is not already present, create a new DHCP relay config instance.
If it already exists, update the DHCP relay config instance with specified attributes.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/dhcp-relay-configs/<dhcp-relay-config-id>
Request Body:
DhcpRelayConfig+
DhcpRelayConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value DhcpRelayConfig |
string |
|
server_addresses |
DHCP relay addresses
DHCP server IP addresses for DHCP relay configuration.
|
array of IPAddress |
Required |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs/dhcp-relay1
{
"server_addresses": [ "10.1.1.1", "10.1.1.2" ]
}
Successful Response:
Example Response:
200 OK
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
If DHCP relay config with the dhcp-relay-config-id is not already present,
create a new DHCP relay config instance. If it already exists, replace
the DHCP relay config instance with this object.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/dhcp-relay-configs/<dhcp-relay-config-id>
Request Body:
DhcpRelayConfig+
DhcpRelayConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value DhcpRelayConfig |
string |
|
server_addresses |
DHCP relay addresses
DHCP server IP addresses for DHCP relay configuration.
|
array of IPAddress |
Required |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs/dhcp-relay1
{
"server_addresses": [ "10.1.1.1", "10.1.1.2" ],
"_revision": 0
}
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
DhcpRelayConfig+
DhcpRelayConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value DhcpRelayConfig |
string |
|
server_addresses |
DHCP relay addresses
DHCP server IP addresses for DHCP relay configuration.
|
array of IPAddress |
Required |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "DhcpRelayConfig",
"id": "dhcp-relay1",
"display_name": "dhcp-relay1",
"path": "/infra/dhcp-relay-configs/dhcp-relay1",
"parent_path": "/infra",
"relative_path": "dhcp-relay1",
"server_addresses": [ "10.1.1.1", "10.1.1.2" ]
"_create_user": "admin",
"_create_time": 1516668826912,
"_last_modified_user": "admin",
"_last_modified_time": 1516668826912,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Delete DHCP relay configuration
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/dhcp-relay-configs/<dhcp-relay-config-id>
Example Request:
DELETE https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs/dhcp-relay1
Successful Response:
Example Response:
200 OK
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Read DHCP relay configuration
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/dhcp-relay-configs/<dhcp-relay-config-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/dhcp-relay-configs/dhcp-relay1
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
DhcpRelayConfig+
DhcpRelayConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value DhcpRelayConfig |
string |
|
server_addresses |
DHCP relay addresses
DHCP server IP addresses for DHCP relay configuration.
|
array of IPAddress |
Required |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "DhcpRelayConfig",
"id": "dhcp-relay1",
"display_name": "dhcp-relay1",
"path": "/infra/dhcp-relay-configs/dhcp-relay1",
"parent_path": "/infra",
"relative_path": "dhcp-relay1",
"server_addresses": [ "10.1.1.1", "10.1.1.2" ]
"_create_user": "admin",
"_create_time": 1516668826912,
"_last_modified_user": "admin",
"_last_modified_time": 1516668826912,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
Paginated list of all segments under tier-1 instance
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments
Query Parameters:
SegmentListRequestParameters+
SegmentListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
SegmentListResult+
SegmentListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Segment list results |
array of Segment |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 1,
"results": [
{
"resource_type": "Segment",
"id": "web-tier",
"display_name": "web-tier",
"path": "/infra/tier-1s/cgw/segments/web-tier",
"parent_path": "/infra/tier-1s/cgw",
"relative_path": "web-tier",
"subnets": [
{
"gateway_address": "40.1.1.1/16",
"dhcp_ranges": [
"40.1.2.0/24"
]
}
],
"_create_user": "admin",
"_create_time": 1516668961954,
"_last_modified_user": "admin",
"_last_modified_time": 1516668961954,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
If segment with the segment-id is not already present, create a new segment.
If it already exists, update the segment with specified attributes.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>
Segment
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
advanced_config |
Advanced configuration for Segment
Advanced configuration for Segment.
|
SegmentAdvancedConfig |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
domain_name |
DNS domain name |
string |
|
id |
Unique identifier of this resource |
string |
Sortable |
l2_extension |
Configuration for extending Segment through L2 VPN |
L2Extension |
|
ls_id |
Pre-created logical switch id for Segment
Sepcify pre-creted logical switch id for Segment.
|
string |
|
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
overlay_id |
Overlay connectivity ID for this Segment
Used for overlay connectivity of segments. The overlay_id
should be allocated from the pool as definied by enforcement-point.
If not provided, it is auto-allocated from the default pool on the
enforcement-point.
|
int |
Minimum: 0 Maximum: 2147483647 |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Segment |
string |
|
subnets |
Subnet configuration. Max 1 subnet |
array of SegmentSubnet |
Maximum items: 1 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
type |
Segment type
Segment type based on configuration.
|
string |
Readonly Enum: ROUTED, EXTENDED, DISCONNECTED |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments/web-tier
{
"display_name":"web-tier",
"subnets": [
{
"gateway_address": "40.1.1.1/16",
"dhcp_ranges": [ "40.1.2.0/24" ]
}
]
}
Successful Response:
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
If segment with the segment-id is not already present, create a new segment.
If it already exists, replace the segment with this object.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>
Segment
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
advanced_config |
Advanced configuration for Segment
Advanced configuration for Segment.
|
SegmentAdvancedConfig |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
domain_name |
DNS domain name |
string |
|
id |
Unique identifier of this resource |
string |
Sortable |
l2_extension |
Configuration for extending Segment through L2 VPN |
L2Extension |
|
ls_id |
Pre-created logical switch id for Segment
Sepcify pre-creted logical switch id for Segment.
|
string |
|
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
overlay_id |
Overlay connectivity ID for this Segment
Used for overlay connectivity of segments. The overlay_id
should be allocated from the pool as definied by enforcement-point.
If not provided, it is auto-allocated from the default pool on the
enforcement-point.
|
int |
Minimum: 0 Maximum: 2147483647 |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Segment |
string |
|
subnets |
Subnet configuration. Max 1 subnet |
array of SegmentSubnet |
Maximum items: 1 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
type |
Segment type
Segment type based on configuration.
|
string |
Readonly Enum: ROUTED, EXTENDED, DISCONNECTED |
Example Request:
PUT https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments/web-tier
{
"display_name":"web-tier",
"subnets": [
{
"gateway_address": "40.1.1.1/16",
"dhcp_ranges": [ "40.1.2.0/24" ]
}
],
"_revision": 0
}
Successful Response:
Response Headers:
Content-type: application/json
Segment
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
advanced_config |
Advanced configuration for Segment
Advanced configuration for Segment.
|
SegmentAdvancedConfig |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
domain_name |
DNS domain name |
string |
|
id |
Unique identifier of this resource |
string |
Sortable |
l2_extension |
Configuration for extending Segment through L2 VPN |
L2Extension |
|
ls_id |
Pre-created logical switch id for Segment
Sepcify pre-creted logical switch id for Segment.
|
string |
|
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
overlay_id |
Overlay connectivity ID for this Segment
Used for overlay connectivity of segments. The overlay_id
should be allocated from the pool as definied by enforcement-point.
If not provided, it is auto-allocated from the default pool on the
enforcement-point.
|
int |
Minimum: 0 Maximum: 2147483647 |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Segment |
string |
|
subnets |
Subnet configuration. Max 1 subnet |
array of SegmentSubnet |
Maximum items: 1 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
type |
Segment type
Segment type based on configuration.
|
string |
Readonly Enum: ROUTED, EXTENDED, DISCONNECTED |
Example Response:
{
"resource_type": "Segment",
"id": "web-tier",
"display_name": "web-tier",
"path": "/infra/tier-1s/cgw/segments/web-tier",
"parent_path": "/infra/tier-1s/cgw",
"relative_path": "web-tier",
"subnets": [
{
"gateway_address": "40.1.1.1/16",
"dhcp_ranges": [
"40.1.2.0/24"
]
}
],
"_create_user": "admin",
"_create_time": 1516668961954,
"_last_modified_user": "admin",
"_last_modified_time": 1516668961954,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Delete segment
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>
Example Request:
DELETE https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments/web-tier
Successful Response:
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Read segment
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw/segments/web-tier
Successful Response:
Response Headers:
Content-type: application/json
Segment
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
advanced_config |
Advanced configuration for Segment
Advanced configuration for Segment.
|
SegmentAdvancedConfig |
|
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
domain_name |
DNS domain name |
string |
|
id |
Unique identifier of this resource |
string |
Sortable |
l2_extension |
Configuration for extending Segment through L2 VPN |
L2Extension |
|
ls_id |
Pre-created logical switch id for Segment
Sepcify pre-creted logical switch id for Segment.
|
string |
|
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
overlay_id |
Overlay connectivity ID for this Segment
Used for overlay connectivity of segments. The overlay_id
should be allocated from the pool as definied by enforcement-point.
If not provided, it is auto-allocated from the default pool on the
enforcement-point.
|
int |
Minimum: 0 Maximum: 2147483647 |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Segment |
string |
|
subnets |
Subnet configuration. Max 1 subnet |
array of SegmentSubnet |
Maximum items: 1 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
type |
Segment type
Segment type based on configuration.
|
string |
Readonly Enum: ROUTED, EXTENDED, DISCONNECTED |
Example Response:
{
"resource_type": "Segment",
"id": "web-tier",
"display_name": "web-tier",
"path": "/infra/tier-1s/cgw/segments/web-tier",
"parent_path": "/infra/tier-1s/cgw",
"relative_path": "web-tier",
"subnets": [
{
"gateway_address": "40.1.1.1/16",
"dhcp_ranges": [
"40.1.2.0/24"
]
}
],
"_create_user": "admin",
"_create_time": 1516668961954,
"_last_modified_user": "admin",
"_last_modified_time": 1516668961954,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
Create static ARP config with tier-1 and segment IDs provided if it doesn't exist,
update with provided config if it's already created.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>/static-arp
Request Body:
StaticARPConfig+
StaticARPConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
ip_address |
IP Address |
IPAddress |
Required |
mac_address |
MAC Address |
MACAddress |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value StaticARPConfig |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Successful Response:
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Create static ARP config with tier-1 and segment IDs provided if it doesn't exist,
update with provided config if it's already created.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>/static-arp
Request Body:
StaticARPConfig+
StaticARPConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
ip_address |
IP Address |
IPAddress |
Required |
mac_address |
MAC Address |
MACAddress |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value StaticARPConfig |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
StaticARPConfig+
StaticARPConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
ip_address |
IP Address |
IPAddress |
Required |
mac_address |
MAC Address |
MACAddress |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value StaticARPConfig |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Delete static ARP config
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>/static-arp
Successful Response:
Required Permissions:
crud
Feature:
policy_connectivity
Additional Errors:
Read static ARP config
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>/segments/<segment-id>/static-arp
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
StaticARPConfig+
StaticARPConfig
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
ip_address |
IP Address |
IPAddress |
Required |
mac_address |
MAC Address |
MACAddress |
Required |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value StaticARPConfig |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
Paginated list of all tier-1 instances
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s
Query Parameters:
Tier1ListRequestParameters+
Tier1ListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-1s
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
Tier1ListResult+
Tier1ListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
Tier-1 list results |
array of Tier1 |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 1,
"results": [
{
"resource_type": "Tier1",
"id": "cgw",
"display_name": "/infra/tier-1s/cgw",
"path": "/infra/tier-1s/cgw",
"parent_path": "/infra/tier-1s/cgw",
"relative_path": "cgw",
"tier0_path": "/infra/tier-0s/vmc_prv",
"force_whitelisting": false,
"_create_user": "admin",
"_create_time": 1516668826912,
"_last_modified_user": "admin",
"_last_modified_time": 1516668826912,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
]
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
Read tier-1 configuration
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw
Successful Response:
Response Headers:
Content-type: application/json
Tier1
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
default_rule_logging |
Enable logging for whitelisted rule
Indicates if logging should be enabled for the default whitelisting rule.
|
boolean |
Default: "False" |
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
dhcp_config_paths |
DHCP relay configuration for Segments connected to Tier-1
DHCP relay configuration for Segments connected to Tier-1.
DHCP service is enabled in relay mode. This property must be
configured before connecting Segments.
|
array of string |
Minimum items: 0 Maximum items: 1 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
force_whitelisting |
Flag to add whitelisting FW rule during realization |
boolean |
Default: "False" |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Tier1 |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
tier0_path |
Tier-1 connectivity to Tier-0
Specify tier-1 connectivity to Tier-0 instance.
|
string |
|
Example Response:
{
"resource_type": "Tier1",
"id": "cgw",
"display_name": "/infra/tier-1s/cgw",
"path": "/infra/tier-1s/cgw",
"parent_path": "/infra/tier-1s/cgw",
"relative_path": "cgw",
"tier0_path": "/infra/tier-0s/vmc_prv",
"force_whitelisting": false,
"_create_user": "admin",
"_create_time": 1516668826912,
"_last_modified_user": "admin",
"_last_modified_time": 1516668826912,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 0
}
Required Permissions:
read
Feature:
policy_connectivity
Additional Errors:
If tier-1 with the tier-1-id is not already present, create a new tier-1 instance.
If it already exists, update the tier-1 instance with specified attributes.
This API is only available when using VMware Cloud on AWS.
Request:
URI Path:
/policy/api/v1/infra/tier-1s/<tier-1-id>
Tier1
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
default_rule_logging |
Enable logging for whitelisted rule
Indicates if logging should be enabled for the default whitelisting rule.
|
boolean |
Default: "False" |
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
dhcp_config_paths |
DHCP relay configuration for Segments connected to Tier-1
DHCP relay configuration for Segments connected to Tier-1.
DHCP service is enabled in relay mode. This property must be
configured before connecting Segments.
|
array of string |
Minimum items: 0 Maximum items: 1 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
force_whitelisting |
Flag to add whitelisting FW rule during realization |
boolean |
Default: "False" |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Tier1 |
string |
|
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
tier0_path |
Tier-1 connectivity to Tier-0
Specify tier-1 connectivity to Tier-0 instance.
|
string |
|
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/tier-1s/cgw
{
"tier0_path": "/infra/tier-0s/vmc_prv",
}
Successful Response:
Required Permissions:
execute
Feature:
policy_connectivity
Additional Errors:
List CommunicationEntries
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries
Query Parameters:
CommunicationEntryListRequestParameters+
CommunicationEntryListRequestParameters
(
schema)
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
|
included_fields |
Comma separated list of fields that should be included in query result |
string |
|
page_size |
Maximum number of results to return in this page (server may return fewer) |
integer |
Minimum: 0 Maximum: 1000 Default: "1000" |
sort_ascending |
|
boolean |
|
sort_by |
Field by which records are sorted |
string |
|
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntryListResult+
CommunicationEntryListResult
(
schema)
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
cursor |
Opaque cursor to be used for getting next page of records (supplied by current result page) |
string |
Readonly |
result_count |
Count of results found (across all pages), set only on first page |
integer |
Readonly |
results |
CommunicationEntry list results |
array of CommunicationEntry |
Required |
sort_ascending |
If true, results are sorted in ascending order |
boolean |
Readonly |
sort_by |
Field by which records are sorted |
string |
Readonly |
Example Response:
{
"sort_ascending": true,
"sort_by": "display_name",
"result_count": 1,
"results": [
{
"resource_type": "CommunicationEntry",
"description": " comm entry",
"id": "ce-1",
"display_name": "ce-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1",
"parent_path": "/infra/domains/vmc/communication-maps/application-section-1",
"relative_path": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"logged": false,
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"scope": [
"ANY"
],
"action": "ALLOW",
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"_create_user": "admin",
"_create_time": 1517317382942,
"_last_modified_user": "admin",
"_last_modified_time": 1517317382962,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
}
]
}
Required Permissions:
read
Feature:
policy_dfw
Additional Errors:
Read CommunicationEntry
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>
Example Request:
GET https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1
Successful Response:
Response Headers:
Content-type: application/json
Response Body:
CommunicationEntry+
CommunicationEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
action |
Action
The action to be applied to all the services
|
string |
Enum: ALLOW, DROP, REJECT |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_groups |
Destination group paths
We need paths as duplicate names may exist for groups under different
domains.In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
|
array of string |
Maximum items: 128 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
logged |
Enable logging flag
Flag to enable packet logging. Default is disabled. |
boolean |
Default: "False" |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationEntry |
string |
|
scope |
The list of policy paths where the communication entry is applied
Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied
on multiple LRs/LRPs.
|
array of string |
Maximum items: 128 |
sequence_number |
Sequence number of the this CommunicationEntry
This field is used to resolve conflicts between multiple
CommunicationEntries under CommunicationMap for a Domain
|
int |
|
services |
Names of services
In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
|
array of string |
Maximum items: 128 |
source_groups |
Source group paths
We need paths as duplicate names may exist for groups under different
domains. In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
|
array of string |
Maximum items: 128 |
tag |
Tag applied on the communication entry
User level field which will be printed in CLI and packet logs.
|
string |
Maximum length: 32 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Response:
{
"resource_type": "CommunicationEntry",
"description": " comm entry",
"id": "ce-1",
"display_name": "ce-1",
"path": "/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1",
"parent_path": "/infra/domains/vmc/communication-maps/application-section-1",
"relative_path": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc/groups/dbgroup"
],
"logged": false,
"destination_groups": [
"/infra/domains/vmc/groups/appgroup"
],
"scope": [
"ANY"
],
"action": "ALLOW",
"services": [
"/infra/services/HTTP",
"/infra/services/CIM-HTTP"
],
"_create_user": "admin",
"_create_time": 1517317382942,
"_last_modified_user": "admin",
"_last_modified_time": 1517317382962,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_revision": 1
}
Required Permissions:
read
Feature:
policy_dfw
Additional Errors:
Patch the CommunicationEntry.
This API is available when using VMware Cloud on AWS or VMware NSX-T.
Request:
URI Path:
/policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>
Request Body:
CommunicationEntry+
CommunicationEntry
(
schema)
_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
action |
Action
The action to be applied to all the services
|
string |
Enum: ALLOW, DROP, REJECT |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destination_groups |
Destination group paths
We need paths as duplicate names may exist for groups under different
domains.In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
|
array of string |
Maximum items: 128 |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Unique identifier of this resource |
string |
Sortable |
logged |
Enable logging flag
Flag to enable packet logging. Default is disabled. |
boolean |
Default: "False" |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value CommunicationEntry |
string |
|
scope |
The list of policy paths where the communication entry is applied
Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied
on multiple LRs/LRPs.
|
array of string |
Maximum items: 128 |
sequence_number |
Sequence number of the this CommunicationEntry
This field is used to resolve conflicts between multiple
CommunicationEntries under CommunicationMap for a Domain
|
int |
|
services |
Names of services
In order to specify all services, use the constant "ANY".
This is case insensitive. If "ANY" is used, it should
be the ONLY element in the services array. Error will be thrown
if ANY is used in conjunction with other values.
|
array of string |
Maximum items: 128 |
source_groups |
Source group paths
We need paths as duplicate names may exist for groups under different
domains. In order to specify all groups, use the constant "ANY". This
is case insensitive. If "ANY" is used, it should be the ONLY element
in the group array. Error will be thrown if ANY is used in conjunction
with other values.
|
array of string |
Maximum items: 128 |
tag |
Tag applied on the communication entry
User level field which will be printed in CLI and packet logs.
|
string |
Maximum length: 32 |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |
Example Request:
PATCH https://<policy-mgr>/policy/api/v1/infra/domains/vmc/communication-maps/application-section-1/communication-entries/ce-1
{
"description": " comm entry",
"display_name": "ce-1",
"sequence_number": 1,
"source_groups": [
"/infra/domains/vmc_domain/groups/webgroup"
],
"logged": false,
"destination_groups": [
"/infra/domains/vmc_domain/groups/dbgroup"
],
"scope": [
"ANY"
],
"action": "DROP",
"services": [
"ANY"
]
}
Successful Response:
Required Permissions:
crud
Feature:
policy_dfw
Additional Errors:
Update the CommunicationEntry. If a CommunicationEntry with the communication-entry-id
is not already present, this API fails with a 404. Creation of CommunicationEntries
is not allowed using this API.
Th